This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/VKi_eELpmYrDDbDrF0VVkkCBTvA.roa
File:                     VKi_eELpmYrDDbDrF0VVkkCBTvA.roa (raw, json)
Hash identifier:          x+LzLGitMTJHgFBC68KihyTc7sPTjjdr4ISMkWQ+OXA=
Subject key identifier:   54:A8:BF:78:42:E9:99:8A:C3:0D:B0:EB:17:45:55:92:40:81:4E:F0
Certificate issuer:       /CN=c1b050211219d18e996e086cb7f6309178804860
Certificate serial:       019B7E37408EDA0698D88EF5C4717361FA3E
Authority key identifier: C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/VKi_eELpmYrDDbDrF0VVkkCBTvA.roa
Signing time:             Fri 02 Jan 2026 10:18:28 +0000
ROA not before:           Fri 02 Jan 2026 10:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60398
IP address blocks:        212.40.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 13:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:40:8e:da:06:98:d8:8e:f5:c4:71:73:61:fa:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1b050211219d18e996e086cb7f6309178804860
        Validity
            Not Before: Jan  2 10:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54a8bf7842e9998ac30db0eb1745559240814ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f1:7e:a1:4e:a2:a8:86:0c:67:39:1e:f2:72:
                    05:97:97:96:47:9c:c4:16:6b:10:4d:c7:1f:b5:8e:
                    fd:c7:d6:00:29:d7:97:b1:00:1d:75:d6:48:2a:99:
                    1a:e8:ab:33:16:b1:14:1c:8c:5a:ce:bb:69:9d:6a:
                    74:96:d8:12:9d:47:da:4b:e8:b9:8f:cb:81:78:cb:
                    55:fb:85:1a:7d:90:54:85:a0:e5:7b:af:e3:f6:03:
                    b6:ce:f3:e0:10:30:ea:40:28:c6:41:68:3f:39:cd:
                    0c:54:77:43:84:52:b6:fc:a4:01:36:84:2e:6c:44:
                    bc:02:5e:30:99:94:ed:42:08:27:de:b4:da:36:40:
                    98:94:fe:41:42:d1:62:36:3f:67:f9:ed:5c:36:f1:
                    27:e1:6f:c1:89:ef:bc:98:e1:05:23:2c:80:53:b6:
                    a6:4d:9d:e0:d0:ef:6a:35:7d:17:c3:18:5a:f3:d0:
                    20:85:11:64:0a:90:96:1f:5d:f5:22:f3:43:9a:76:
                    d4:2f:45:e2:c2:4d:b6:b0:ee:a7:75:de:05:af:1d:
                    8d:c9:16:5e:ed:07:3c:3d:a2:5e:b4:04:1d:64:d3:
                    49:5f:2a:80:6c:0e:07:47:4c:d1:ff:d0:7d:7c:55:
                    8c:9d:28:86:a6:f9:cd:48:66:14:f7:00:76:2e:3f:
                    b1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A8:BF:78:42:E9:99:8A:C3:0D:B0:EB:17:45:55:92:40:81:4E:F0
            X509v3 Authority Key Identifier:
                keyid:C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/VKi_eELpmYrDDbDrF0VVkkCBTvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c4:2d:d8:0b:d4:21:10:1c:ca:20:55:e8:bd:cc:0d:b6:86:
         8e:bc:86:66:b0:85:28:4f:5e:09:d8:71:09:d5:4e:f0:3a:71:
         b7:b7:67:fc:0d:09:d6:0c:c1:87:3d:48:c3:6a:43:be:d7:d5:
         f9:c2:72:78:ff:42:9b:9d:9e:b0:64:c4:33:75:af:6b:61:76:
         12:57:25:ec:d8:e8:53:6b:18:51:3e:40:77:76:6d:ff:2b:15:
         eb:ea:f8:59:6a:c3:f2:3f:92:c8:a5:b6:98:c9:a5:96:5a:85:
         79:fc:56:58:70:52:78:39:f0:35:eb:0f:2d:81:d3:3c:52:d0:
         eb:12:0a:15:60:f4:50:00:b1:b2:d2:cd:2f:05:da:ca:80:c7:
         c5:c9:89:8f:1d:3e:cf:a1:3f:03:14:37:2b:a2:41:6c:88:81:
         56:41:0f:d5:58:33:43:e6:48:e8:be:69:7d:40:f6:1c:a0:39:
         11:7f:ce:6b:1d:59:06:39:13:e1:52:f1:5a:25:24:cc:99:e6:
         d8:f0:4b:0a:cb:24:4c:f7:09:44:32:10:a4:d3:53:c4:04:4c:
         32:c2:12:66:ac:50:5e:58:97:5c:3d:45:e3:01:1f:3e:52:b2:
         1b:7f:81:4a:42:7c:20:98:5e:07:69:78:dc:9e:90:cc:a8:8c:
         3a:83:69:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N0CO2gaY2I71xHFzYfo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYjA1MDIxMTIxOWQxOGU5OTZlMDg2Y2I3ZjYzMDkxNzg4
MDQ4NjAwHhcNMjYwMTAyMTAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGE4YmY3ODQyZTk5OThhYzMwZGIwZWIxNzQ1NTU5MjQwODE0ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofF+oU6iqIYMZzke8nIFl5eWR5zE
FmsQTccftY79x9YAKdeXsQAdddZIKpka6KszFrEUHIxazrtpnWp0ltgSnUfaS+i5
j8uBeMtV+4UafZBUhaDle6/j9gO2zvPgEDDqQCjGQWg/Oc0MVHdDhFK2/KQBNoQu
bES8Al4wmZTtQggn3rTaNkCYlP5BQtFiNj9n+e1cNvEn4W/Bie+8mOEFIyyAU7am
TZ3g0O9qNX0Xwxha89AghRFkCpCWH131IvNDmnbUL0Xiwk22sO6ndd4Frx2NyRZe
7Qc8PaJetAQdZNNJXyqAbA4HR0zR/9B9fFWMnSiGpvnNSGYU9wB2Lj+xjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSov3hC6ZmKww2w6xdFVZJAgU7wMB8GA1UdIwQY
MBaAFMGwUCESGdGOmW4IbLf2MJF4gEhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUt
Y2UyMjUxODdmYzM4LzEvVktpX2VFTHBtWXJERGJEckYwVlZra0NCVHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUtY2UyMjUxODdmYzM4
LzEvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CiMMA0G
CSqGSIb3DQEBCwUAA4IBAQANxC3YC9QhEBzKIFXovcwNtoaOvIZmsIUoT14J2HEJ
1U7wOnG3t2f8DQnWDMGHPUjDakO+19X5wnJ4/0KbnZ6wZMQzda9rYXYSVyXs2OhT
axhRPkB3dm3/KxXr6vhZasPyP5LIpbaYyaWWWoV5/FZYcFJ4OfA16w8tgdM8UtDr
EgoVYPRQALGy0s0vBdrKgMfFyYmPHT7PoT8DFDcrokFsiIFWQQ/VWDND5kjovml9
QPYcoDkRf85rHVkGORPhUvFaJSTMmebY8EsKyyRM9wlEMhCk01PEBEwywhJmrFBe
WJdcPUXjAR8+UrIbf4FKQnwgmF4HaXjcnpDMqIw6g2l6
-----END CERTIFICATE-----