This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/0ZdT-A1OOobTLe7pEXgq5ICZ3xU.roa
File:                     0ZdT-A1OOobTLe7pEXgq5ICZ3xU.roa (raw, json)
Hash identifier:          HOZ5WIyd7l9qMnDgexhTmQS4if90MR9OSxDtHYi40wo=
Subject key identifier:   D1:97:53:F8:0D:4E:3A:86:D3:2D:EE:E9:11:78:2A:E4:80:99:DF:15
Certificate issuer:       /CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
Certificate serial:       019AAD5E626FE9FB7AAE38C21889C94E80E3
Authority key identifier: E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/0ZdT-A1OOobTLe7pEXgq5ICZ3xU.roa
Signing time:             Sat 22 Nov 2025 21:00:35 +0000
ROA not before:           Sat 22 Nov 2025 21:00:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204269
IP address blocks:        167.150.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ad:5e:62:6f:e9:fb:7a:ae:38:c2:18:89:c9:4e:80:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
        Validity
            Not Before: Nov 22 21:00:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d19753f80d4e3a86d32deee911782ae48099df15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ab:ce:b4:09:5f:59:88:e2:1b:ce:9c:52:7f:
                    05:ab:4c:bb:98:b5:51:34:be:eb:2e:93:d2:09:1d:
                    e9:95:ae:13:29:90:9f:25:47:44:ab:16:38:1f:0c:
                    7e:db:42:2d:55:14:07:52:f4:f4:30:4a:29:bd:18:
                    04:13:ec:26:04:48:fc:37:da:f6:76:4b:87:f2:d6:
                    e4:00:e8:53:fd:46:98:8f:02:61:1b:dc:0f:18:84:
                    d3:df:16:11:48:71:fe:85:ca:57:35:62:b1:08:35:
                    aa:ff:07:70:d0:9c:65:1d:99:d6:34:ef:5a:c3:c1:
                    d8:e9:6e:93:04:63:50:b2:16:2e:75:e5:bd:fd:5a:
                    8a:2e:a5:b8:ba:03:d3:7b:3a:b8:f8:9b:93:c6:29:
                    ec:df:5f:e9:d0:fb:77:ea:9b:68:03:0a:39:a1:ae:
                    0b:9a:fb:88:08:f1:26:5f:75:0a:01:b0:29:43:55:
                    b1:0f:ad:2f:99:72:01:5a:84:0d:c6:8f:ac:8e:f2:
                    ef:81:89:6b:4b:95:50:13:9c:65:55:ff:a6:03:60:
                    95:52:81:35:46:2a:89:d1:d5:c1:b3:2d:06:78:9c:
                    a5:7b:de:9f:5c:70:74:27:85:74:f5:ea:a7:13:d5:
                    2d:ba:99:a4:e2:4c:f2:39:5e:d1:35:39:96:ac:2b:
                    ae:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:97:53:F8:0D:4E:3A:86:D3:2D:EE:E9:11:78:2A:E4:80:99:DF:15
            X509v3 Authority Key Identifier:
                keyid:E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/0ZdT-A1OOobTLe7pEXgq5ICZ3xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a4:e5:55:81:8e:4c:4d:bc:d6:59:fa:6c:e0:d8:23:13:12:
         3d:48:81:bd:42:b3:4f:fb:9d:6e:c5:99:fe:b1:b2:e3:8e:08:
         df:39:6c:6f:c2:f3:18:dc:d1:21:b7:4b:62:f0:46:ed:b8:b1:
         f0:7c:c0:4e:7a:9c:80:71:d5:b6:7f:74:1f:d9:4d:3d:18:3e:
         76:9d:52:79:22:e2:3b:12:2c:da:54:f0:e0:41:d4:86:7d:98:
         2d:7f:22:27:fa:3f:82:14:e5:0c:81:75:70:b1:16:3f:bb:e3:
         c5:d4:bb:83:1c:79:5b:5e:61:4a:31:0b:13:e6:02:9a:8f:c0:
         5a:c9:51:1c:85:a6:21:6c:2b:32:13:02:bc:a2:8b:6e:19:8a:
         e7:45:fa:11:e1:bf:de:15:8a:17:2f:6f:38:0e:60:a6:0e:41:
         1a:e4:06:ca:9e:74:2c:b3:58:9e:8e:b9:2a:e9:a2:1f:c4:1f:
         b6:07:f7:50:f9:1c:75:fc:f2:dd:f6:8f:2e:9f:85:d5:16:af:
         9f:bb:3f:c4:b5:dc:22:b2:46:6c:02:ae:5c:0f:52:4d:ac:5d:
         70:85:76:2e:d6:b1:f8:78:4b:59:f1:08:97:0b:5b:b2:2f:2b:
         c5:0b:2a:25:52:59:03:eb:db:c7:9f:7b:fc:73:c2:31:40:5d:
         39:56:27:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqtXmJv6ft6rjjCGInJToDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MDQxZTdlN2QxODRkNWRiYWQ3MTQyOWUzNjViOWYwYWM3
NmNhNTIwHhcNMjUxMTIyMjEwMDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTk3NTNmODBkNGUzYTg2ZDMyZGVlZTkxMTc4MmFlNDgwOTlkZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKvOtAlfWYjiG86cUn8Fq0y7mLVR
NL7rLpPSCR3pla4TKZCfJUdEqxY4Hwx+20ItVRQHUvT0MEopvRgEE+wmBEj8N9r2
dkuH8tbkAOhT/UaYjwJhG9wPGITT3xYRSHH+hcpXNWKxCDWq/wdw0JxlHZnWNO9a
w8HY6W6TBGNQshYudeW9/VqKLqW4ugPTezq4+JuTxins31/p0Pt36ptoAwo5oa4L
mvuICPEmX3UKAbApQ1WxD60vmXIBWoQNxo+sjvLvgYlrS5VQE5xlVf+mA2CVUoE1
RiqJ0dXBsy0GeJyle96fXHB0J4V09eqnE9Utupmk4kzyOV7RNTmWrCuuQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGXU/gNTjqG0y3u6RF4KuSAmd8VMB8GA1UdIwQY
MBaAFOcEHn59GE1dutcUKeNlufCsdspSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUt
MGUxYzRhZDAzOTU2LzEvMFpkVC1BMU9Pb2JUTGU3cEVYZ3E1SUNaM3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUtMGUxYzRhZDAzOTU2
LzEvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5bfMA0G
CSqGSIb3DQEBCwUAA4IBAQCapOVVgY5MTbzWWfps4NgjExI9SIG9QrNP+51uxZn+
sbLjjgjfOWxvwvMY3NEht0ti8EbtuLHwfMBOepyAcdW2f3Qf2U09GD52nVJ5IuI7
EizaVPDgQdSGfZgtfyIn+j+CFOUMgXVwsRY/u+PF1LuDHHlbXmFKMQsT5gKaj8Ba
yVEchaYhbCsyEwK8ootuGYrnRfoR4b/eFYoXL284DmCmDkEa5AbKnnQss1iejrkq
6aIfxB+2B/dQ+Rx1/PLd9o8un4XVFq+fuz/EtdwiskZsAq5cD1JNrF1whXYu1rH4
eEtZ8QiXC1uyLyvFCyolUlkD69vHn3v8c8IxQF05VifV
-----END CERTIFICATE-----