This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/VTlRcNnwp5gbAntgQ6nLMgU1MSA.roa
File:                     VTlRcNnwp5gbAntgQ6nLMgU1MSA.roa (raw, json)
Hash identifier:          ngugrS9FOqnMnHH73cGn9uhwoCPbokxFByaxLpb4tLY=
Subject key identifier:   55:39:51:70:D9:F0:A7:98:1B:02:7B:60:43:A9:CB:32:05:35:31:20
Certificate issuer:       /CN=96351c473a16ba38fab4d517059225e0f133c8bf
Certificate serial:       019B7B35EBF3591DCBD61CB72E4257BCE8F4
Authority key identifier: 96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/VTlRcNnwp5gbAntgQ6nLMgU1MSA.roa
Signing time:             Thu 01 Jan 2026 20:18:09 +0000
ROA not before:           Thu 01 Jan 2026 20:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5396
IP address blocks:        91.225.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:eb:f3:59:1d:cb:d6:1c:b7:2e:42:57:bc:e8:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96351c473a16ba38fab4d517059225e0f133c8bf
        Validity
            Not Before: Jan  1 20:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55395170d9f0a7981b027b6043a9cb3205353120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:97:fa:25:ee:5a:45:6d:b0:3a:41:30:cc:c6:
                    fe:83:25:61:82:fd:e4:29:ac:5a:66:e6:0f:de:f3:
                    44:05:42:02:1c:01:87:ca:60:15:c6:b9:43:e4:f0:
                    5e:0b:4b:53:69:79:68:69:51:70:d1:ab:fa:29:24:
                    4d:43:7a:bb:7a:86:ad:63:4c:92:3e:88:f8:69:e1:
                    99:73:b9:70:5c:a4:5c:08:6c:a0:49:f2:50:a8:1a:
                    2e:02:db:8c:e5:d5:87:4c:48:d5:8e:e5:06:3f:9c:
                    f9:5c:03:34:32:be:d7:d9:2a:b6:d2:39:62:ea:84:
                    37:87:d4:5d:58:e2:01:e4:af:d3:8e:67:6a:dc:0c:
                    02:88:52:7f:fa:e3:2a:19:23:53:b3:48:65:e8:8c:
                    65:36:e4:cd:79:35:f9:ab:4b:43:b6:0a:f4:08:c1:
                    dc:94:b2:3a:4e:5b:fc:39:56:d1:b8:2c:04:8b:e5:
                    88:7e:d7:ee:2e:a0:8c:de:63:ae:4d:55:ae:4f:81:
                    8c:77:65:c3:ac:3f:a7:71:57:b1:aa:22:17:e0:bc:
                    c8:27:5d:7a:68:d6:28:c0:6b:a2:64:c6:5c:44:82:
                    3c:04:f8:76:fb:76:e7:fe:23:9e:38:66:e3:40:66:
                    9a:3c:dd:bf:2f:4f:c2:df:5a:47:fb:97:8b:8d:85:
                    ee:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:39:51:70:D9:F0:A7:98:1B:02:7B:60:43:A9:CB:32:05:35:31:20
            X509v3 Authority Key Identifier:
                keyid:96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/VTlRcNnwp5gbAntgQ6nLMgU1MSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:f9:cd:02:09:4a:d5:59:ab:d2:03:2c:74:4a:ca:0d:d8:29:
         5f:db:36:f1:96:e2:75:91:cc:1d:89:82:9f:3b:aa:f0:4f:d9:
         31:45:a2:96:0f:63:91:e5:16:ca:6b:92:da:3b:62:db:26:3c:
         4d:04:dd:20:64:da:3b:c7:7c:56:4a:f0:b9:61:8e:fb:6c:62:
         b3:42:d9:6b:a7:12:cf:8e:b9:b4:4e:d1:1a:2b:1c:12:4a:21:
         d8:b6:4e:c5:46:ea:d7:ed:95:3c:c7:ad:2c:d6:dc:eb:f3:82:
         6a:34:52:12:da:66:ab:00:39:dd:b4:ba:2b:59:5a:47:8a:bc:
         e4:f6:07:bf:f6:24:c0:3d:0f:05:7b:43:15:de:b1:3f:e5:0a:
         2c:b5:b5:66:19:ba:76:2f:8f:f1:21:5f:c1:e5:f0:d8:9e:44:
         61:25:b3:16:a9:21:f2:92:69:d4:6f:3a:fc:48:80:ed:d8:2c:
         ea:6f:9c:5e:02:e9:63:f8:18:7b:87:8e:89:ea:1e:5e:7c:b2:
         72:e4:14:32:e3:14:ca:5a:a2:94:f1:fb:0b:34:99:51:27:16:
         ac:d5:7f:6c:f8:1d:10:15:47:4b:0c:8b:63:b0:b5:49:21:82:
         24:1d:bd:e8:3e:f1:50:14:f2:3c:a8:c3:9f:57:04:9f:71:6a:
         c4:c4:27:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NevzWR3L1hy3LkJXvOj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MzUxYzQ3M2ExNmJhMzhmYWI0ZDUxNzA1OTIyNWUwZjEz
M2M4YmYwHhcNMjYwMTAxMjAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTM5NTE3MGQ5ZjBhNzk4MWIwMjdiNjA0M2E5Y2IzMjA1MzUzMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJf6Je5aRW2wOkEwzMb+gyVhgv3k
KaxaZuYP3vNEBUICHAGHymAVxrlD5PBeC0tTaXloaVFw0av6KSRNQ3q7eoatY0yS
Poj4aeGZc7lwXKRcCGygSfJQqBouAtuM5dWHTEjVjuUGP5z5XAM0Mr7X2Sq20jli
6oQ3h9RdWOIB5K/Tjmdq3AwCiFJ/+uMqGSNTs0hl6IxlNuTNeTX5q0tDtgr0CMHc
lLI6Tlv8OVbRuCwEi+WIftfuLqCM3mOuTVWuT4GMd2XDrD+ncVexqiIX4LzIJ116
aNYowGuiZMZcRII8BPh2+3bn/iOeOGbjQGaaPN2/L0/C31pH+5eLjYXuswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFU5UXDZ8KeYGwJ7YEOpyzIFNTEgMB8GA1UdIwQY
MBaAFJY1HEc6Fro4+rTVFwWSJeDxM8i/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEt
ZDU3MzczYmY1MTYyLzEvVlRsUmNObndwNWdiQW50Z1E2bkxNZ1UxTVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEtZDU3MzczYmY1MTYy
LzEvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+G0MA0G
CSqGSIb3DQEBCwUAA4IBAQCN+c0CCUrVWavSAyx0SsoN2Clf2zbxluJ1kcwdiYKf
O6rwT9kxRaKWD2OR5RbKa5LaO2LbJjxNBN0gZNo7x3xWSvC5YY77bGKzQtlrpxLP
jrm0TtEaKxwSSiHYtk7FRurX7ZU8x60s1tzr84JqNFIS2marADndtLorWVpHirzk
9ge/9iTAPQ8Fe0MV3rE/5QostbVmGbp2L4/xIV/B5fDYnkRhJbMWqSHykmnUbzr8
SIDt2Czqb5xeAulj+Bh7h46J6h5efLJy5BQy4xTKWqKU8fsLNJlRJxas1X9s+B0Q
FUdLDItjsLVJIYIkHb3oPvFQFPI8qMOfVwSfcWrExCdZ
-----END CERTIFICATE-----