This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/mzAUafPNCTUpOi1xeAIAHgnqncg.roa
File:                     mzAUafPNCTUpOi1xeAIAHgnqncg.roa (raw, json)
Hash identifier:          75EGQ43BZx3fMNqmy/B+uHn1YHc0mh0ZnJonJs36Ezs=
Subject key identifier:   9B:30:14:69:F3:CD:09:35:29:3A:2D:71:78:02:00:1E:09:EA:9D:C8
Certificate issuer:       /CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
Certificate serial:       019B7F81879B84C09C7746C337F33ED2BDDC
Authority key identifier: 0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/mzAUafPNCTUpOi1xeAIAHgnqncg.roa
Signing time:             Fri 02 Jan 2026 16:19:13 +0000
ROA not before:           Fri 02 Jan 2026 16:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        185.233.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:87:9b:84:c0:9c:77:46:c3:37:f3:3e:d2:bd:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
        Validity
            Not Before: Jan  2 16:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b301469f3cd0935293a2d717802001e09ea9dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bd:b6:3c:1e:34:50:c5:9a:96:9d:a4:b8:66:
                    08:ed:cd:56:95:2d:67:17:32:c1:ec:e1:31:ce:2d:
                    0e:92:0d:8b:fe:5c:24:8f:02:fb:98:da:aa:d2:ef:
                    cc:1f:5b:ab:3b:88:fe:bf:cd:f5:4f:bf:a8:8b:ac:
                    aa:46:45:12:60:8a:a5:0f:b8:ea:ec:be:33:37:52:
                    90:bf:a5:b4:1f:44:08:7a:e3:19:8d:e7:a4:2e:7b:
                    c6:94:20:05:79:e5:53:aa:ad:a8:69:c5:61:d3:8e:
                    6b:cf:82:9b:20:d8:af:81:f4:4b:de:d3:82:34:bd:
                    19:e0:c7:3e:db:11:36:2b:99:86:78:b6:35:70:87:
                    95:6a:d2:59:d7:0a:f6:8f:17:e8:b0:5f:53:e2:02:
                    7d:e2:27:19:4f:d8:d1:b5:e7:6d:44:e6:9d:f6:f1:
                    e7:52:3f:aa:2a:52:f5:bf:9e:c9:02:d5:04:91:71:
                    df:64:6f:eb:c7:18:3d:8b:11:1f:73:f6:9f:33:06:
                    99:f2:6e:ee:e8:c0:77:6b:b7:88:c4:18:1e:3b:53:
                    41:7a:96:bb:4f:5c:11:13:07:c0:5c:a1:6a:e5:92:
                    6d:c0:3a:ea:42:80:80:a9:50:a2:c3:eb:96:e7:04:
                    3d:e0:5e:b0:54:82:24:88:d5:89:a4:99:3d:24:1d:
                    65:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:30:14:69:F3:CD:09:35:29:3A:2D:71:78:02:00:1E:09:EA:9D:C8
            X509v3 Authority Key Identifier:
                keyid:0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/mzAUafPNCTUpOi1xeAIAHgnqncg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:f0:ad:68:ef:97:c3:a9:f6:39:1d:58:01:9a:03:a8:14:bf:
         6c:39:ff:60:02:56:c6:38:b3:66:b7:a4:c1:b7:ab:ba:0f:cb:
         78:a0:e6:7d:92:33:89:12:c4:1d:70:eb:2c:cc:9a:6c:92:38:
         5a:fe:4f:4c:17:3c:49:d0:d1:0e:ca:e0:ca:2c:62:43:bb:18:
         4e:64:92:a0:86:09:24:5f:04:46:7d:9d:f5:7a:33:f7:a1:7c:
         87:7f:87:7f:08:61:4d:67:d9:6f:fd:e4:e7:76:1b:cf:78:9b:
         0e:59:5b:65:9a:58:63:e4:d9:dd:5c:af:5d:42:cb:34:7a:ff:
         7f:57:ee:3f:f5:27:ba:0e:64:98:f5:ad:63:0b:35:07:e0:74:
         d0:e3:63:3a:fd:d3:28:68:28:03:65:6f:a9:4a:ff:f2:a4:5e:
         c3:4a:31:20:c2:cc:d5:9d:44:ac:7f:93:a7:36:a3:27:f0:85:
         96:ea:73:2f:cf:bc:44:78:bd:49:d0:21:56:18:0b:02:f5:19:
         9e:93:b7:a6:e9:ad:e8:06:b3:e7:52:f6:5f:7f:f0:0a:bd:6d:
         07:a6:83:a1:7e:82:29:11:a9:cc:7e:81:22:e7:e1:07:54:4f:
         64:c1:c2:ba:3c:bb:83:20:7d:9d:dc:99:83:f4:c6:8f:6f:03:
         52:06:46:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gYebhMCcd0bDN/M+0r3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTFkZTE3NDM3YTAwMjVmZDFlZGUxMGY3MTBmMTdhMzA4
MGIzYWIwHhcNMjYwMTAyMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjMwMTQ2OWYzY2QwOTM1MjkzYTJkNzE3ODAyMDAxZTA5ZWE5ZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5b22PB40UMWalp2kuGYI7c1WlS1n
FzLB7OExzi0Okg2L/lwkjwL7mNqq0u/MH1urO4j+v831T7+oi6yqRkUSYIqlD7jq
7L4zN1KQv6W0H0QIeuMZjeekLnvGlCAFeeVTqq2oacVh045rz4KbINivgfRL3tOC
NL0Z4Mc+2xE2K5mGeLY1cIeVatJZ1wr2jxfosF9T4gJ94icZT9jRtedtROad9vHn
Uj+qKlL1v57JAtUEkXHfZG/rxxg9ixEfc/afMwaZ8m7u6MB3a7eIxBgeO1NBepa7
T1wREwfAXKFq5ZJtwDrqQoCAqVCiw+uW5wQ94F6wVIIkiNWJpJk9JB1llQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJswFGnzzQk1KTotcXgCAB4J6p3IMB8GA1UdIwQY
MBaAFA6R3hdDegAl/R7eEPcQ8XowgLOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUt
ODhlYmJmOTk3ODBiLzEvbXpBVWFmUE5DVFVwT2kxeGVBSUFIZ25xbmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUtODhlYmJmOTk3ODBi
LzEvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuemFMA0G
CSqGSIb3DQEBCwUAA4IBAQCb8K1o75fDqfY5HVgBmgOoFL9sOf9gAlbGOLNmt6TB
t6u6D8t4oOZ9kjOJEsQdcOsszJpskjha/k9MFzxJ0NEOyuDKLGJDuxhOZJKghgkk
XwRGfZ31ejP3oXyHf4d/CGFNZ9lv/eTndhvPeJsOWVtlmlhj5NndXK9dQss0ev9/
V+4/9Se6DmSY9a1jCzUH4HTQ42M6/dMoaCgDZW+pSv/ypF7DSjEgwszVnUSsf5On
NqMn8IWW6nMvz7xEeL1J0CFWGAsC9Rmek7em6a3oBrPnUvZff/AKvW0HpoOhfoIp
EanMfoEi5+EHVE9kwcK6PLuDIH2d3JmD9MaPbwNSBkZO
-----END CERTIFICATE-----