This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/vqGFDj0dJpEJ_K9mMZMY2Pb0u70.roa
File:                     vqGFDj0dJpEJ_K9mMZMY2Pb0u70.roa (raw, json)
Hash identifier:          6ZW28XbNWPt2onL+kOFHq5ID9QTnhKevRaeNbk8iaXQ=
Subject key identifier:   BE:A1:85:0E:3D:1D:26:91:09:FC:AF:66:31:93:18:D8:F6:F4:BB:BD
Certificate issuer:       /CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
Certificate serial:       019B76EB2D3D0F8C2579615969B993BAF637
Authority key identifier: 35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/vqGFDj0dJpEJ_K9mMZMY2Pb0u70.roa
Signing time:             Thu 01 Jan 2026 00:18:02 +0000
ROA not before:           Thu 01 Jan 2026 00:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.231.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:2d:3d:0f:8c:25:79:61:59:69:b9:93:ba:f6:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
        Validity
            Not Before: Jan  1 00:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bea1850e3d1d269109fcaf66319318d8f6f4bbbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1e:06:db:3c:c6:ae:42:45:f6:19:0e:1c:c8:
                    0f:01:06:a1:51:01:83:6d:94:8c:6a:fc:ce:eb:12:
                    83:f8:36:b0:b3:16:1d:c2:b8:d1:67:18:8d:fd:d3:
                    e8:2c:ce:36:bf:26:f5:83:ce:50:f6:e0:d7:11:c9:
                    15:2b:cd:b3:32:da:5e:8e:7a:4d:ea:41:b4:45:4d:
                    43:35:45:97:80:d1:82:44:fb:a2:95:2f:25:cc:4f:
                    34:96:16:fc:8f:42:0e:db:17:f3:61:21:45:0e:36:
                    d6:6a:c1:be:0f:fa:11:d5:04:4e:a2:de:a5:b9:90:
                    8e:e2:01:c6:1d:2c:b7:dc:85:69:0f:8b:22:18:38:
                    85:d4:c1:97:c9:cb:ea:b5:41:0c:17:0e:96:e7:01:
                    9a:68:e2:4b:c2:83:b0:00:53:b3:5f:20:75:89:5a:
                    e1:e5:be:d7:9e:5c:12:df:4c:ba:da:36:ee:98:a7:
                    f3:ca:37:6d:a5:a5:16:1b:a8:15:b6:81:5f:f3:8a:
                    bd:f3:72:cb:24:41:f3:9e:5d:05:72:8f:00:6e:5d:
                    19:91:b8:c6:70:a4:12:5a:04:bf:58:9e:30:a8:e7:
                    0c:61:9f:df:8a:c2:91:08:90:3a:d7:ee:6e:a9:bb:
                    f1:0d:0c:7a:b9:d6:13:f7:17:24:b4:bd:da:35:7a:
                    6b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:A1:85:0E:3D:1D:26:91:09:FC:AF:66:31:93:18:D8:F6:F4:BB:BD
            X509v3 Authority Key Identifier:
                keyid:35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/vqGFDj0dJpEJ_K9mMZMY2Pb0u70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:5a:08:85:2a:cf:94:b2:e8:f2:d1:8d:de:57:c2:86:68:d9:
         99:75:a1:16:96:6a:26:4d:81:bf:40:3d:ac:56:d4:c3:eb:45:
         9b:dc:e2:09:54:b1:00:c3:a9:dd:8f:99:08:19:73:06:c2:1e:
         ac:29:64:6c:16:70:73:93:4b:ca:ac:10:2f:bb:0e:c6:e8:2b:
         f0:85:f4:c2:38:60:84:2d:0a:17:3b:19:f9:30:9d:a0:d5:00:
         53:d2:e3:71:06:09:87:37:82:62:b3:a4:54:d9:af:8c:b6:ed:
         84:65:28:de:83:21:de:4f:b4:f0:b7:2e:5f:11:9f:d5:e2:d7:
         38:d3:24:79:b5:72:c4:6f:d4:6e:c2:6e:14:a4:15:63:20:c3:
         96:2f:c3:e4:8d:6f:7c:c0:ef:30:ea:03:ec:6e:13:1c:85:05:
         65:01:25:eb:86:7d:0d:92:a2:92:e0:b2:83:81:2b:de:63:4f:
         4c:c8:ff:ce:88:b8:5b:c3:6d:b3:36:c6:50:e7:a0:4d:41:ed:
         df:75:bd:47:a4:35:04:bd:b9:b0:02:2d:54:e8:19:52:e4:b3:
         5c:65:20:bb:eb:95:84:ba:6a:e2:2b:a6:e3:a3:b2:95:ef:4a:
         d4:b1:c3:d4:b6:f6:e8:61:20:2f:4d:1c:8b:ef:c6:d2:40:2a:
         94:c9:c9:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26y09D4wleWFZabmTuvY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZTNkNGJmMWJjMGY4MTcyODIwNWU1MWRlMDk3Y2YzODNh
MGNkYzkwHhcNMjYwMTAxMDAxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWExODUwZTNkMWQyNjkxMDlmY2FmNjYzMTkzMThkOGY2ZjRiYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx4G2zzGrkJF9hkOHMgPAQahUQGD
bZSMavzO6xKD+DawsxYdwrjRZxiN/dPoLM42vyb1g85Q9uDXEckVK82zMtpejnpN
6kG0RU1DNUWXgNGCRPuilS8lzE80lhb8j0IO2xfzYSFFDjbWasG+D/oR1QROot6l
uZCO4gHGHSy33IVpD4siGDiF1MGXycvqtUEMFw6W5wGaaOJLwoOwAFOzXyB1iVrh
5b7XnlwS30y62jbumKfzyjdtpaUWG6gVtoFf84q983LLJEHznl0Fco8Abl0ZkbjG
cKQSWgS/WJ4wqOcMYZ/fisKRCJA61+5uqbvxDQx6udYT9xcktL3aNXprswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6hhQ49HSaRCfyvZjGTGNj29Lu9MB8GA1UdIwQY
MBaAFDXj1L8bwPgXKCBeUd4JfPODoM3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2Qt
YTYzNDc5MTQ0MGNhLzEvdnFHRkRqMGRKcEVKX0s5bU1aTVkyUGIwdTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2QtYTYzNDc5MTQ0MGNh
LzEvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+cjMA0G
CSqGSIb3DQEBCwUAA4IBAQCAWgiFKs+Usujy0Y3eV8KGaNmZdaEWlmomTYG/QD2s
VtTD60Wb3OIJVLEAw6ndj5kIGXMGwh6sKWRsFnBzk0vKrBAvuw7G6CvwhfTCOGCE
LQoXOxn5MJ2g1QBT0uNxBgmHN4Jis6RU2a+Mtu2EZSjegyHeT7Twty5fEZ/V4tc4
0yR5tXLEb9Ruwm4UpBVjIMOWL8PkjW98wO8w6gPsbhMchQVlASXrhn0NkqKS4LKD
gSveY09MyP/OiLhbw22zNsZQ56BNQe3fdb1HpDUEvbmwAi1U6BlS5LNcZSC765WE
umriK6bjo7KV70rUscPUtvboYSAvTRyL78bSQCqUyck0
-----END CERTIFICATE-----