This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/vZtaog6rpuNltteEkdUJlHMVrcw.roa
File:                     vZtaog6rpuNltteEkdUJlHMVrcw.roa (raw, json)
Hash identifier:          7RtaWZDq5AUONnDyPCbjKsuXwOlICNTJNhflkjZkwLY=
Subject key identifier:   BD:9B:5A:A2:0E:AB:A6:E3:65:B6:D7:84:91:D5:09:94:73:15:AD:CC
Certificate issuer:       /CN=a833b0801d40d05849072e2fc81213b025d2a2bc
Certificate serial:       019B7AC951E11B2C1F50E124F017A5A206E3
Authority key identifier: A8:33:B0:80:1D:40:D0:58:49:07:2E:2F:C8:12:13:B0:25:D2:A2:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qDOwgB1A0FhJBy4vyBITsCXSorw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/vZtaog6rpuNltteEkdUJlHMVrcw.roa
Signing time:             Thu 01 Jan 2026 18:19:32 +0000
ROA not before:           Thu 01 Jan 2026 18:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        194.76.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/qDOwgB1A0FhJBy4vyBITsCXSorw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/qDOwgB1A0FhJBy4vyBITsCXSorw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qDOwgB1A0FhJBy4vyBITsCXSorw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:51:e1:1b:2c:1f:50:e1:24:f0:17:a5:a2:06:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a833b0801d40d05849072e2fc81213b025d2a2bc
        Validity
            Not Before: Jan  1 18:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd9b5aa20eaba6e365b6d78491d509947315adcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:47:dc:5b:f2:4b:06:3d:03:af:03:39:b7:f8:
                    dc:d4:2b:00:d4:cb:95:ed:3d:2a:b0:d3:67:ee:b3:
                    de:5e:3d:9d:31:19:23:ec:64:26:38:f2:f7:7d:e5:
                    26:2d:ea:b1:10:24:27:2c:a6:1e:ab:63:04:2a:00:
                    dd:74:e4:b7:4e:8e:2d:1d:c5:82:5e:3c:02:99:ec:
                    c8:53:37:61:71:4c:75:c4:29:cb:b3:15:0e:1b:dc:
                    1f:4d:c9:b0:46:1f:21:4d:9b:25:6a:65:4e:37:21:
                    b5:7c:7d:1f:b0:9c:c9:f7:0b:98:70:5a:cb:aa:0b:
                    b8:ad:42:38:cc:84:54:e6:df:91:b7:ab:5a:4d:7b:
                    49:1b:92:cb:07:e6:51:f8:6c:bb:c0:90:f3:8f:f2:
                    38:da:aa:2f:09:56:9d:65:9c:15:6f:85:03:ac:c4:
                    16:3d:40:6c:b4:6c:dc:8d:94:c3:20:5c:54:93:17:
                    69:05:68:91:09:fa:ac:7e:de:21:02:3e:6a:64:61:
                    3e:cd:07:3a:f5:e5:02:74:ac:78:7d:fc:5a:48:29:
                    21:eb:38:a0:c8:9f:c1:66:30:28:0c:6b:9f:d5:10:
                    00:b1:f9:0e:75:4a:5d:1a:21:28:1f:41:aa:27:fa:
                    96:8c:3c:4c:05:d7:8a:73:0f:15:d6:b6:3b:ff:d8:
                    92:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9B:5A:A2:0E:AB:A6:E3:65:B6:D7:84:91:D5:09:94:73:15:AD:CC
            X509v3 Authority Key Identifier:
                keyid:A8:33:B0:80:1D:40:D0:58:49:07:2E:2F:C8:12:13:B0:25:D2:A2:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qDOwgB1A0FhJBy4vyBITsCXSorw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/vZtaog6rpuNltteEkdUJlHMVrcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/f42ab1-1089-4b14-b2f9-17bf066da4c5/1/qDOwgB1A0FhJBy4vyBITsCXSorw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:f5:0b:ee:ce:e3:25:c5:b7:f5:77:22:19:32:e7:3c:6a:1a:
         25:8d:4e:74:a9:81:44:13:c1:56:b8:cc:cc:89:8c:39:6d:b0:
         30:df:42:e2:41:dd:db:71:c3:b9:5b:1c:4c:70:a6:c3:b9:fb:
         a3:b7:9b:de:4a:2b:70:72:02:b7:8a:03:a5:59:4d:06:a4:94:
         67:17:79:b1:21:70:83:f5:0e:94:b6:6a:32:24:fb:ff:c6:9e:
         75:51:43:35:66:c1:88:3f:89:6a:df:9d:02:44:13:9e:57:b5:
         17:7e:c6:41:b7:ef:01:5f:c0:83:e9:18:c3:ed:e1:9d:da:bd:
         1d:85:85:33:05:21:f4:de:35:c6:67:56:1b:12:a5:ef:6d:30:
         cd:14:3d:6e:b8:c3:23:f1:da:ea:70:10:ff:e5:23:ab:5c:ff:
         f5:4f:a2:ab:4d:35:b7:67:1e:b7:cb:02:4d:fa:83:78:4a:02:
         f7:7d:a7:87:1a:07:a1:78:79:f7:65:79:3a:58:c9:aa:d1:b7:
         08:f3:3f:7a:51:70:f5:17:0e:28:c1:1c:06:02:8c:f6:0d:4f:
         16:7c:60:1b:19:75:99:22:84:3b:92:85:db:5f:7f:bd:12:ba:
         26:bb:f5:f5:f8:1c:09:2d:8b:02:08:a8:34:6e:67:1b:cf:79:
         1c:44:9f:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yVHhGywfUOEk8BelogbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MzNiMDgwMWQ0MGQwNTg0OTA3MmUyZmM4MTIxM2IwMjVk
MmEyYmMwHhcNMjYwMTAxMTgxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDliNWFhMjBlYWJhNmUzNjViNmQ3ODQ5MWQ1MDk5NDczMTVhZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkfcW/JLBj0DrwM5t/jc1CsA1MuV
7T0qsNNn7rPeXj2dMRkj7GQmOPL3feUmLeqxECQnLKYeq2MEKgDddOS3To4tHcWC
XjwCmezIUzdhcUx1xCnLsxUOG9wfTcmwRh8hTZslamVONyG1fH0fsJzJ9wuYcFrL
qgu4rUI4zIRU5t+Rt6taTXtJG5LLB+ZR+Gy7wJDzj/I42qovCVadZZwVb4UDrMQW
PUBstGzcjZTDIFxUkxdpBWiRCfqsft4hAj5qZGE+zQc69eUCdKx4ffxaSCkh6zig
yJ/BZjAoDGuf1RAAsfkOdUpdGiEoH0GqJ/qWjDxMBdeKcw8V1rY7/9iSkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2bWqIOq6bjZbbXhJHVCZRzFa3MMB8GA1UdIwQY
MBaAFKgzsIAdQNBYSQcuL8gSE7Al0qK8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcURPd2dCMUEwRmhKQnk0dnlCSVRzQ1hTb3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9mNDJhYjEtMTA4OS00YjE0LWIyZjkt
MTdiZjA2NmRhNGM1LzEvdlp0YW9nNnJwdU5sdHRlRWtkVUpsSE1WcmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9mNDJhYjEtMTA4OS00YjE0LWIyZjktMTdiZjA2NmRhNGM1
LzEvcURPd2dCMUEwRmhKQnk0dnlCSVRzQ1hTb3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkxmMA0G
CSqGSIb3DQEBCwUAA4IBAQA/9QvuzuMlxbf1dyIZMuc8aholjU50qYFEE8FWuMzM
iYw5bbAw30LiQd3bccO5WxxMcKbDufujt5veSitwcgK3igOlWU0GpJRnF3mxIXCD
9Q6UtmoyJPv/xp51UUM1ZsGIP4lq350CRBOeV7UXfsZBt+8BX8CD6RjD7eGd2r0d
hYUzBSH03jXGZ1YbEqXvbTDNFD1uuMMj8drqcBD/5SOrXP/1T6KrTTW3Zx63ywJN
+oN4SgL3faeHGgeheHn3ZXk6WMmq0bcI8z96UXD1Fw4owRwGAoz2DU8WfGAbGXWZ
IoQ7koXbX3+9Eromu/X1+BwJLYsCCKg0bmcbz3kcRJ/p
-----END CERTIFICATE-----