This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/ZXr4IBxINp27c2uA9OArj4h7ywI.roa
File:                     ZXr4IBxINp27c2uA9OArj4h7ywI.roa (raw, json)
Hash identifier:          JD+M7Jzo6o0FuV4VqJtxKp+DhghFCIqIjWgxW5/ca+s=
Subject key identifier:   65:7A:F8:20:1C:48:36:9D:BB:73:6B:80:F4:E0:2B:8F:88:7B:CB:02
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB800E146D3C4BC9F14DF7C03EDB0F
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/ZXr4IBxINp27c2uA9OArj4h7ywI.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203298
IP address blocks:        185.139.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:80:0e:14:6d:3c:4b:c9:f1:4d:f7:c0:3e:db:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=657af8201c48369dbb736b80f4e02b8f887bcb02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3a:5d:d7:84:61:a0:fc:bf:e7:2d:6a:93:1e:
                    95:16:be:2d:d3:5a:f8:be:45:cc:8e:59:a0:37:76:
                    5b:99:7d:27:65:d2:03:c4:7c:97:84:49:0f:8f:e6:
                    01:2e:3e:a3:b0:a4:1b:24:ed:3d:ca:04:97:e6:be:
                    d4:fc:87:02:79:66:90:ba:73:24:e5:10:47:31:ce:
                    29:f7:fc:84:a6:4e:dc:ad:b5:7b:88:32:e5:48:0b:
                    0a:5e:46:a5:1a:f8:66:43:94:dd:18:7c:15:88:ff:
                    37:a7:03:e7:67:47:f5:50:8e:79:85:f6:9e:09:f1:
                    13:28:9f:19:e0:91:b2:05:2b:75:54:4c:8f:69:f5:
                    b8:6a:98:d3:09:a5:65:68:85:f9:24:d4:15:bd:5b:
                    53:f2:10:73:1b:76:1e:20:57:23:7a:4e:90:97:9e:
                    c9:70:94:fb:dd:13:36:d5:43:e0:58:c6:1c:77:ee:
                    f5:c1:77:a9:43:ff:50:ae:7b:5d:4a:25:29:c1:d4:
                    37:6b:11:66:3a:b6:26:1e:03:ee:2d:92:48:62:14:
                    05:cd:dc:78:f1:39:9f:64:d0:f9:f6:28:6d:44:e9:
                    4b:ac:69:e7:dd:28:b5:7e:e0:0b:3d:4c:18:38:48:
                    77:2d:c0:de:2e:fe:2b:33:91:8f:79:ca:74:38:97:
                    50:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7A:F8:20:1C:48:36:9D:BB:73:6B:80:F4:E0:2B:8F:88:7B:CB:02
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/ZXr4IBxINp27c2uA9OArj4h7ywI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:0b:2e:4e:01:3b:75:a7:9f:ad:ed:4c:90:2a:6e:5a:04:a1:
         1a:c5:d3:9e:f9:3a:28:12:69:c9:c4:22:fb:67:83:f1:24:1b:
         fc:9d:30:28:a8:9e:53:94:81:f9:f2:3f:1c:c0:87:53:aa:90:
         ec:52:5e:5c:6f:8f:68:cd:ef:4f:6e:f1:ab:cb:7d:7d:61:40:
         98:3d:02:ab:98:3d:63:1f:d3:93:86:9d:13:b3:27:ef:c1:c4:
         f3:fe:f8:10:1b:cc:55:bf:b4:e8:63:da:d5:81:06:8a:fd:a8:
         67:e9:00:17:53:47:db:53:52:91:ab:eb:22:aa:95:92:cd:66:
         09:53:0b:63:91:9d:df:c1:3f:2f:3f:d5:da:a1:cf:df:19:76:
         3d:6a:da:d7:31:19:97:11:a8:3c:4a:d7:30:7e:62:14:a4:bd:
         5a:83:93:c2:8e:d0:87:29:41:bd:76:8a:ed:30:0f:87:9c:62:
         44:0d:a5:ae:43:4e:ff:4a:46:eb:55:85:41:1a:9c:56:e0:59:
         ee:b3:42:a1:51:b7:48:a1:0d:10:11:ad:d3:18:00:73:91:34:
         bf:28:2d:17:9f:13:95:2e:3d:2e:a7:ab:53:a8:30:2e:73:20:
         1a:77:d1:be:e7:8b:4e:96:9d:fc:1e:44:d3:33:2e:ae:f4:ce:
         3d:50:e0:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264AOFG08S8nxTffAPtsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdhZjgyMDFjNDgzNjlkYmI3MzZiODBmNGUwMmI4Zjg4N2JjYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzpd14RhoPy/5y1qkx6VFr4t01r4
vkXMjlmgN3ZbmX0nZdIDxHyXhEkPj+YBLj6jsKQbJO09ygSX5r7U/IcCeWaQunMk
5RBHMc4p9/yEpk7crbV7iDLlSAsKXkalGvhmQ5TdGHwViP83pwPnZ0f1UI55hfae
CfETKJ8Z4JGyBSt1VEyPafW4apjTCaVlaIX5JNQVvVtT8hBzG3YeIFcjek6Ql57J
cJT73RM21UPgWMYcd+71wXepQ/9QrntdSiUpwdQ3axFmOrYmHgPuLZJIYhQFzdx4
8TmfZND59ihtROlLrGnn3Si1fuALPUwYOEh3LcDeLv4rM5GPecp0OJdQaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV6+CAcSDadu3NrgPTgK4+Ie8sCMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvWlhyNElCeElOcDI3YzJ1QTlPQXJqNGg3eXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYugMA0G
CSqGSIb3DQEBCwUAA4IBAQC6Cy5OATt1p5+t7UyQKm5aBKEaxdOe+TooEmnJxCL7
Z4PxJBv8nTAoqJ5TlIH58j8cwIdTqpDsUl5cb49oze9PbvGry319YUCYPQKrmD1j
H9OThp0TsyfvwcTz/vgQG8xVv7ToY9rVgQaK/ahn6QAXU0fbU1KRq+siqpWSzWYJ
UwtjkZ3fwT8vP9Xaoc/fGXY9atrXMRmXEag8StcwfmIUpL1ag5PCjtCHKUG9dort
MA+HnGJEDaWuQ07/SkbrVYVBGpxW4Fnus0KhUbdIoQ0QEa3TGABzkTS/KC0XnxOV
Lj0up6tTqDAucyAad9G+54tOlp38HkTTMy6u9M49UOAf
-----END CERTIFICATE-----