This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/VmSEi88h8EdX70CoZBoX1PGWIw4.roa
File:                     VmSEi88h8EdX70CoZBoX1PGWIw4.roa (raw, json)
Hash identifier:          cwT1GcadLbcYd+EhAmWFsga6gtnL8WtN6n2eRtcoP6o=
Subject key identifier:   56:64:84:8B:CF:21:F0:47:57:EF:40:A8:64:1A:17:D4:F1:96:23:0E
Certificate issuer:       /CN=699710a1693710ac835f0b6745f90d2d680a1200
Certificate serial:       019B7B357242B70ACBED5BE2C7051D3407B5
Authority key identifier: 69:97:10:A1:69:37:10:AC:83:5F:0B:67:45:F9:0D:2D:68:0A:12:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/VmSEi88h8EdX70CoZBoX1PGWIw4.roa
Signing time:             Thu 01 Jan 2026 20:17:38 +0000
ROA not before:           Thu 01 Jan 2026 20:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52075
IP address blocks:        193.30.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:72:42:b7:0a:cb:ed:5b:e2:c7:05:1d:34:07:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699710a1693710ac835f0b6745f90d2d680a1200
        Validity
            Not Before: Jan  1 20:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5664848bcf21f04757ef40a8641a17d4f196230e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d0:6c:69:aa:9a:8a:71:5e:e0:d5:f4:16:cc:
                    63:41:d3:e7:88:97:71:b3:a2:29:05:91:2f:e6:9a:
                    ee:c0:98:42:d4:40:3f:67:73:0c:70:4e:2b:e5:67:
                    bd:65:61:24:b2:45:b9:4d:33:35:03:9f:5a:8b:78:
                    0c:5c:24:28:83:62:c5:23:26:2f:a3:0e:9b:b3:3f:
                    48:22:08:d4:af:7a:b7:b4:e5:3e:a2:49:16:86:bd:
                    d8:67:cb:ec:ef:52:eb:eb:27:a1:00:1e:a8:d6:90:
                    63:13:d0:c1:93:24:9f:d5:79:b6:aa:81:2c:f4:66:
                    27:2e:ce:87:53:b8:06:4e:e5:fd:b6:94:0a:4d:93:
                    94:0d:22:fe:42:cb:a3:35:bb:da:82:9a:3a:8a:35:
                    7e:ce:c3:78:48:1e:78:94:d0:ed:a7:fe:ee:3f:a4:
                    64:04:05:a3:8c:a7:76:8a:c0:3c:af:59:93:0d:0c:
                    74:9d:17:9b:f3:c2:82:a5:9d:20:64:d9:d8:9f:c5:
                    f0:98:6d:46:3d:ad:ca:cb:98:d7:bd:2e:ee:51:2d:
                    c4:6e:50:c8:49:fd:b0:7f:d4:ad:3c:e3:f9:35:b6:
                    e0:b0:54:a6:4f:2b:8b:da:3d:e4:11:53:a8:1f:f4:
                    6b:08:f3:51:0d:11:c6:2e:98:fa:95:cf:54:4c:f1:
                    09:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:64:84:8B:CF:21:F0:47:57:EF:40:A8:64:1A:17:D4:F1:96:23:0E
            X509v3 Authority Key Identifier:
                keyid:69:97:10:A1:69:37:10:AC:83:5F:0B:67:45:F9:0D:2D:68:0A:12:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/VmSEi88h8EdX70CoZBoX1PGWIw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:55:91:05:9f:c7:7f:2b:16:ba:8e:d9:a7:7a:b9:21:14:e0:
         ba:ab:4b:f8:41:4a:96:b6:48:00:d5:81:3b:74:d6:d3:25:15:
         80:43:a6:1c:60:67:cb:4d:8d:16:12:82:3e:99:44:83:42:11:
         bc:0e:8c:79:fb:ac:88:a1:32:93:3a:2d:8f:fa:16:f7:93:83:
         a8:3b:6f:30:a6:cc:4a:bb:44:1b:3a:fe:c3:2b:11:3e:34:91:
         03:d4:22:d8:57:dd:38:e5:5c:32:40:6e:fb:61:e4:0b:2f:65:
         a2:44:e9:1a:d9:59:1e:0c:1f:21:87:33:e2:de:29:5a:e3:df:
         ee:5c:e5:c9:c9:9b:3f:65:0b:cb:de:a0:4e:14:c0:21:b1:47:
         39:53:ac:85:53:01:21:96:39:1d:48:91:79:ff:60:af:ab:8f:
         7e:82:c0:7e:4d:18:9c:bf:f3:6b:e5:ab:70:09:2e:4a:27:70:
         d2:34:73:fd:cd:8b:35:a8:e3:de:0c:64:47:bb:9f:13:d8:b0:
         fa:ce:61:94:b9:bb:e2:61:68:79:ce:96:25:98:fa:a8:dc:f6:
         ce:e5:13:28:76:c1:14:e2:f1:7e:db:05:2a:9a:3d:3b:aa:d3:
         f1:b1:5d:62:96:81:40:53:78:a3:fb:40:0e:8b:c7:f0:51:0c:
         e7:d4:0d:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NXJCtwrL7VvixwUdNAe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTcxMGExNjkzNzEwYWM4MzVmMGI2NzQ1ZjkwZDJkNjgw
YTEyMDAwHhcNMjYwMTAxMjAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjY0ODQ4YmNmMjFmMDQ3NTdlZjQwYTg2NDFhMTdkNGYxOTYyMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9BsaaqainFe4NX0FsxjQdPniJdx
s6IpBZEv5pruwJhC1EA/Z3MMcE4r5We9ZWEkskW5TTM1A59ai3gMXCQog2LFIyYv
ow6bsz9IIgjUr3q3tOU+okkWhr3YZ8vs71Lr6yehAB6o1pBjE9DBkySf1Xm2qoEs
9GYnLs6HU7gGTuX9tpQKTZOUDSL+QsujNbvagpo6ijV+zsN4SB54lNDtp/7uP6Rk
BAWjjKd2isA8r1mTDQx0nReb88KCpZ0gZNnYn8XwmG1GPa3Ky5jXvS7uUS3EblDI
Sf2wf9StPOP5NbbgsFSmTyuL2j3kEVOoH/RrCPNRDRHGLpj6lc9UTPEJbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZkhIvPIfBHV+9AqGQaF9TxliMOMB8GA1UdIwQY
MBaAFGmXEKFpNxCsg18LZ0X5DS1oChIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpjUW9XazNFS3lEWHd0blJma05MV2dLRWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wNzc0NWMtNDdjMS00MDAyLTk1MGYt
MjliOThlY2RmZjEyLzEvVm1TRWk4OGg4RWRYNzBDb1pCb1gxUEdXSXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wNzc0NWMtNDdjMS00MDAyLTk1MGYtMjliOThlY2RmZjEy
LzEvYVpjUW9XazNFS3lEWHd0blJma05MV2dLRWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5vMA0G
CSqGSIb3DQEBCwUAA4IBAQALVZEFn8d/Kxa6jtmnerkhFOC6q0v4QUqWtkgA1YE7
dNbTJRWAQ6YcYGfLTY0WEoI+mUSDQhG8Dox5+6yIoTKTOi2P+hb3k4OoO28wpsxK
u0QbOv7DKxE+NJED1CLYV9045VwyQG77YeQLL2WiROka2VkeDB8hhzPi3ila49/u
XOXJyZs/ZQvL3qBOFMAhsUc5U6yFUwEhljkdSJF5/2Cvq49+gsB+TRicv/Nr5atw
CS5KJ3DSNHP9zYs1qOPeDGRHu58T2LD6zmGUubviYWh5zpYlmPqo3PbO5RModsEU
4vF+2wUqmj07qtPxsV1iloFAU3ij+0AOi8fwUQzn1A0d
-----END CERTIFICATE-----