This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/vIEeMsOgyhAbHtdasH9clWdBUoM.roa
File:                     vIEeMsOgyhAbHtdasH9clWdBUoM.roa (raw, json)
Hash identifier:          LNPknqC7GAKoJKuLl2I8NQhITu9vWI4/MB5dCdNLtbk=
Subject key identifier:   BC:81:1E:32:C3:A0:CA:10:1B:1E:D7:5A:B0:7F:5C:95:67:41:52:83
Certificate issuer:       /CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
Certificate serial:       019B76EB845AFC84226A6E60337B6FE915B2
Authority key identifier: 5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/vIEeMsOgyhAbHtdasH9clWdBUoM.roa
Signing time:             Thu 01 Jan 2026 00:18:24 +0000
ROA not before:           Thu 01 Jan 2026 00:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209465
IP address blocks:        171.22.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/XTgiOCiaiALPUrZ9m_Suh6UJM8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/XTgiOCiaiALPUrZ9m_Suh6UJM8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:84:5a:fc:84:22:6a:6e:60:33:7b:6f:e9:15:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
        Validity
            Not Before: Jan  1 00:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc811e32c3a0ca101b1ed75ab07f5c9567415283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:6a:16:98:cd:07:34:99:68:c5:78:58:30:63:
                    8e:4b:42:cc:1a:10:6f:26:51:61:36:32:23:c3:69:
                    aa:e3:f3:d7:a2:41:c9:0d:35:a1:5f:d1:96:70:6a:
                    54:b8:ed:6a:3f:66:dc:57:14:1a:31:77:5f:9f:ba:
                    55:6f:11:90:ab:17:e3:b1:93:cd:61:82:ae:f3:f5:
                    22:99:05:01:bd:2c:17:ba:c1:73:e5:e4:a1:95:bc:
                    cf:e6:c9:f3:29:a5:3f:8a:9b:af:dd:2a:a4:17:dc:
                    9d:20:8e:35:89:fc:a5:9a:bb:26:26:75:bb:40:c3:
                    a8:df:c4:d3:b0:9f:f9:e9:d4:d8:ed:de:71:29:0c:
                    63:ff:37:fa:9e:ac:ff:51:53:ba:f2:df:1e:87:7a:
                    66:6d:ef:21:06:4a:b8:20:f5:58:22:2b:dd:56:06:
                    87:2e:f3:bf:79:eb:0a:5c:71:9c:e3:3e:09:7e:e5:
                    66:64:50:ad:31:9b:71:c1:01:a5:b7:42:fa:05:31:
                    25:4d:bc:37:de:46:08:96:c9:b0:ea:16:27:c3:d3:
                    b3:b3:9b:8c:02:c3:f7:4a:75:a2:1c:65:c0:5b:f3:
                    a6:8c:3b:2d:d4:98:9a:78:05:65:ae:6a:28:e2:a8:
                    2d:b0:cb:ab:cb:1b:3d:a6:ab:09:8a:5c:4c:ad:7a:
                    e9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:81:1E:32:C3:A0:CA:10:1B:1E:D7:5A:B0:7F:5C:95:67:41:52:83
            X509v3 Authority Key Identifier:
                keyid:5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/vIEeMsOgyhAbHtdasH9clWdBUoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/XTgiOCiaiALPUrZ9m_Suh6UJM8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:6f:0f:95:f0:2b:b3:fb:98:19:59:e0:16:1d:0b:cd:0c:8b:
         65:ff:87:8b:4a:f3:28:9d:c5:cf:d1:cd:a1:fc:16:5a:4f:86:
         71:93:e7:3e:cd:5b:ec:5b:95:71:aa:cd:fb:42:9a:0d:28:f2:
         b2:50:3e:39:84:3e:6e:28:d1:a5:2b:39:8a:43:f7:ea:40:19:
         8e:30:d8:e6:c5:10:16:66:32:40:be:b9:bd:00:1f:c5:a6:50:
         e1:fa:07:b8:00:11:bf:19:9b:d4:f1:ed:a5:bd:e8:6b:22:30:
         d7:20:3d:39:fa:75:c9:f2:b2:52:ee:35:71:7f:c1:8f:50:01:
         7c:aa:f5:0f:07:b7:99:ea:71:45:02:61:28:8b:08:af:5a:3f:
         bb:e4:49:1a:63:57:18:b4:d3:dc:eb:0e:31:47:a6:9f:a2:5a:
         88:68:bf:d7:0e:44:0f:a5:63:d7:6d:5b:34:83:08:0f:eb:3a:
         78:8c:b8:88:4a:2c:09:70:5c:b9:70:70:9e:bc:bf:f0:bb:4d:
         45:3c:92:79:30:69:19:cd:33:d6:5a:61:e6:eb:c7:69:05:6d:
         15:d9:33:f9:2c:18:f7:56:4e:c8:04:ef:a0:2a:a0:5f:81:cd:
         d3:90:b5:77:0c:2c:cd:be:35:3b:6e:a6:fd:bf:51:f8:8c:f4:
         a9:a8:5b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264Ra/IQiam5gM3tv6RWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzgyMjM4Mjg5YTg4MDJjZjUyYjY3ZDliZjRhZTg3YTUw
OTMzYzMwHhcNMjYwMTAxMDAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzgxMWUzMmMzYTBjYTEwMWIxZWQ3NWFiMDdmNWM5NTY3NDE1MjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62oWmM0HNJloxXhYMGOOS0LMGhBv
JlFhNjIjw2mq4/PXokHJDTWhX9GWcGpUuO1qP2bcVxQaMXdfn7pVbxGQqxfjsZPN
YYKu8/UimQUBvSwXusFz5eShlbzP5snzKaU/ipuv3SqkF9ydII41ifylmrsmJnW7
QMOo38TTsJ/56dTY7d5xKQxj/zf6nqz/UVO68t8eh3pmbe8hBkq4IPVYIivdVgaH
LvO/eesKXHGc4z4JfuVmZFCtMZtxwQGlt0L6BTElTbw33kYIlsmw6hYnw9Ozs5uM
AsP3SnWiHGXAW/OmjDst1JiaeAVlrmoo4qgtsMuryxs9pqsJilxMrXrpiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyBHjLDoMoQGx7XWrB/XJVnQVKDMB8GA1UdIwQY
MBaAFF04IjgomogCz1K2fZv0roelCTPDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRnaU9DaWFpQUxQVXJaOW1fU3VoNlVKTThNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84NTAxOGEtYzIzOC00MzE5LWFkNDIt
ODg1NzU3YzEyNDhmLzEvdklFZU1zT2d5aEFiSHRkYXNIOWNsV2RCVW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi84NTAxOGEtYzIzOC00MzE5LWFkNDItODg1NzU3YzEyNDhm
LzEvWFRnaU9DaWFpQUxQVXJaOW1fU3VoNlVKTThNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxaXMA0G
CSqGSIb3DQEBCwUAA4IBAQCrbw+V8Cuz+5gZWeAWHQvNDItl/4eLSvMoncXP0c2h
/BZaT4Zxk+c+zVvsW5Vxqs37QpoNKPKyUD45hD5uKNGlKzmKQ/fqQBmOMNjmxRAW
ZjJAvrm9AB/FplDh+ge4ABG/GZvU8e2lvehrIjDXID05+nXJ8rJS7jVxf8GPUAF8
qvUPB7eZ6nFFAmEoiwivWj+75EkaY1cYtNPc6w4xR6afolqIaL/XDkQPpWPXbVs0
gwgP6zp4jLiISiwJcFy5cHCevL/wu01FPJJ5MGkZzTPWWmHm68dpBW0V2TP5LBj3
Vk7IBO+gKqBfgc3TkLV3DCzNvjU7bqb9v1H4jPSpqFu8
-----END CERTIFICATE-----