This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/vW2RW7QY1hflVRyn1_CDLNIOZtQ.roa
File:                     vW2RW7QY1hflVRyn1_CDLNIOZtQ.roa (raw, json)
Hash identifier:          M4ZBHT4dK/BF7Hs2UlU9Rb4uebu3FER628aOLG71DV8=
Subject key identifier:   BD:6D:91:5B:B4:18:D6:17:E5:55:1C:A7:D7:F0:83:2C:D2:0E:66:D4
Certificate issuer:       /CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
Certificate serial:       019B783531F57549CB92E2F6FB1508D62C1B
Authority key identifier: D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/vW2RW7QY1hflVRyn1_CDLNIOZtQ.roa
Signing time:             Thu 01 Jan 2026 06:18:30 +0000
ROA not before:           Thu 01 Jan 2026 06:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        185.156.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:31:f5:75:49:cb:92:e2:f6:fb:15:08:d6:2c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
        Validity
            Not Before: Jan  1 06:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd6d915bb418d617e5551ca7d7f0832cd20e66d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e7:57:99:a8:c2:80:88:dc:fa:0e:20:fd:49:
                    a1:3d:fd:9b:22:2a:98:88:6c:63:86:25:18:ba:a9:
                    3e:d0:12:bc:24:55:54:d4:b9:3f:3d:ab:c8:88:52:
                    28:8d:b0:c1:7a:67:e8:27:e9:c1:70:90:38:81:47:
                    6a:e1:bf:39:91:5e:ea:f1:65:69:13:b4:c3:ba:48:
                    2e:77:1d:63:53:85:a9:7e:68:65:99:06:3e:3c:25:
                    3e:e8:34:db:1e:68:74:43:dc:b5:4f:78:b4:4a:55:
                    3d:f6:c9:87:40:21:0d:13:6f:1f:f9:d9:1a:ce:e8:
                    56:a2:fb:06:e3:f2:20:d3:00:18:d7:55:ec:91:5c:
                    f2:15:6e:60:25:d9:ba:35:16:88:70:27:da:b5:a4:
                    c7:1f:e5:dd:9e:55:36:1b:1f:43:13:55:43:68:a8:
                    79:b8:bb:d5:b3:66:c8:52:87:d7:c8:3e:fb:00:2e:
                    bd:6c:fd:a2:a3:56:cd:a0:d6:7b:c9:d3:e1:0e:bf:
                    a0:27:d2:61:78:95:9b:7e:f4:07:5a:3d:3b:3e:dd:
                    e9:f0:3d:a3:73:3a:0a:61:c9:2d:76:dd:85:38:1b:
                    38:53:a0:96:91:ad:a9:c0:85:43:16:31:c1:c7:e5:
                    a5:7b:f2:8c:36:e0:81:bb:1f:7b:c8:7b:40:0a:a1:
                    87:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:6D:91:5B:B4:18:D6:17:E5:55:1C:A7:D7:F0:83:2C:D2:0E:66:D4
            X509v3 Authority Key Identifier:
                keyid:D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/vW2RW7QY1hflVRyn1_CDLNIOZtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:72:b4:84:fc:f9:e7:cf:ab:7d:7b:0f:d6:62:bb:86:92:1c:
         a6:fe:33:81:49:b9:63:fb:d6:96:4a:55:cd:83:d2:5a:11:67:
         8b:68:1f:8d:ee:67:1a:6f:80:3e:f8:cc:e6:34:61:47:11:ca:
         97:1e:c5:ef:d3:1e:aa:d2:df:5f:09:e3:4c:21:4f:44:94:0d:
         b1:51:db:e1:ac:ab:ed:09:aa:60:b6:20:13:0e:61:5a:bf:06:
         76:0e:d5:c3:c2:1a:0e:f4:af:2d:fd:b2:04:87:57:6d:44:7c:
         d1:94:10:59:0e:48:c0:e3:8a:c3:60:2a:95:81:2b:04:69:0c:
         c3:8b:9b:74:e6:5f:ae:e6:f3:61:dc:2a:a4:f6:85:b1:64:a1:
         8b:19:f5:7c:05:fd:df:40:b5:9d:73:a3:45:d7:6f:67:1b:f3:
         66:a3:6c:00:6f:41:7b:fc:18:cf:cb:e5:65:f1:45:9a:c9:c7:
         3e:d0:d1:9b:5f:19:42:77:c0:aa:5a:15:69:2f:83:42:aa:1b:
         82:55:f8:20:46:f4:cc:dc:20:0b:ee:bd:50:cc:6d:59:ab:45:
         bb:b6:86:d5:75:8e:b4:9e:60:3e:9b:4d:c6:84:20:e0:50:ac:
         f9:0d:78:e6:c7:21:cd:ff:23:d1:4c:15:26:5e:79:e9:e9:a1:
         1d:c0:2e:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NTH1dUnLkuL2+xUI1iwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZGU2MTg4MjJiOGFmNmY5ZWNhZmZjZDdkNTQ1OWI3Y2Mx
MTQ0OWEwHhcNMjYwMTAxMDYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDZkOTE1YmI0MThkNjE3ZTU1NTFjYTdkN2YwODMyY2QyMGU2NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoudXmajCgIjc+g4g/UmhPf2bIiqY
iGxjhiUYuqk+0BK8JFVU1Lk/PavIiFIojbDBemfoJ+nBcJA4gUdq4b85kV7q8WVp
E7TDukgudx1jU4WpfmhlmQY+PCU+6DTbHmh0Q9y1T3i0SlU99smHQCENE28f+dka
zuhWovsG4/Ig0wAY11XskVzyFW5gJdm6NRaIcCfataTHH+XdnlU2Gx9DE1VDaKh5
uLvVs2bIUofXyD77AC69bP2io1bNoNZ7ydPhDr+gJ9JheJWbfvQHWj07Pt3p8D2j
czoKYcktdt2FOBs4U6CWka2pwIVDFjHBx+Wle/KMNuCBux97yHtACqGHtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1tkVu0GNYX5VUcp9fwgyzSDmbUMB8GA1UdIwQY
MBaAFNDeYYgiuK9vnsr/zX1UWbfMEUSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQt
MDQwZTA2NDRmYmU4LzEvdlcyUlc3UVkxaGZsVlJ5bjFfQ0RMTklPWnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQtMDQwZTA2NDRmYmU4
LzEvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZwEMA0G
CSqGSIb3DQEBCwUAA4IBAQA2crSE/Pnnz6t9ew/WYruGkhym/jOBSblj+9aWSlXN
g9JaEWeLaB+N7mcab4A++MzmNGFHEcqXHsXv0x6q0t9fCeNMIU9ElA2xUdvhrKvt
CapgtiATDmFavwZ2DtXDwhoO9K8t/bIEh1dtRHzRlBBZDkjA44rDYCqVgSsEaQzD
i5t05l+u5vNh3Cqk9oWxZKGLGfV8Bf3fQLWdc6NF129nG/Nmo2wAb0F7/BjPy+Vl
8UWaycc+0NGbXxlCd8CqWhVpL4NCqhuCVfggRvTM3CAL7r1QzG1Zq0W7tobVdY60
nmA+m03GhCDgUKz5DXjmxyHN/yPRTBUmXnnp6aEdwC63
-----END CERTIFICATE-----