This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/vzN3nV9iPcz_PFptK8Xgm9B69kU.roa
File:                     vzN3nV9iPcz_PFptK8Xgm9B69kU.roa (raw, json)
Hash identifier:          ePugewva4SdPAswHM9Dz4qq6ORFFWmGGZvhBBAVOF6c=
Subject key identifier:   BF:33:77:9D:5F:62:3D:CC:FF:3C:5A:6D:2B:C5:E0:9B:D0:7A:F6:45
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       019B7D5C6F5925C048F05CDA0390331E91EA
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/vzN3nV9iPcz_PFptK8Xgm9B69kU.roa
Signing time:             Fri 02 Jan 2026 06:19:28 +0000
ROA not before:           Fri 02 Jan 2026 06:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214504
IP address blocks:        185.121.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:6f:59:25:c0:48:f0:5c:da:03:90:33:1e:91:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jan  2 06:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf33779d5f623dccff3c5a6d2bc5e09bd07af645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:12:df:db:7a:b8:dd:06:36:67:fe:f3:fb:2a:
                    fd:df:a4:46:00:94:17:24:a4:85:4c:5e:3b:2b:08:
                    82:8b:e6:eb:5a:3d:48:8b:cd:5a:bc:e8:72:81:dc:
                    c0:b7:c1:17:b6:3a:e1:44:ef:7c:39:64:f6:36:1c:
                    18:53:48:3a:39:10:56:5d:e0:62:f9:c7:9d:32:73:
                    ad:9c:4c:36:ab:a9:4b:d6:ea:e6:d0:5f:4b:d3:0c:
                    ca:cb:c7:7e:0c:59:20:e3:a2:a9:ce:1f:42:43:50:
                    28:56:20:26:1b:29:ed:bc:3e:7a:4e:35:fc:2f:83:
                    bd:c6:e3:01:e3:c9:c3:2a:1b:79:5f:cd:ea:f0:53:
                    49:a3:d2:b9:2f:93:90:1b:41:e8:c1:04:a0:9a:41:
                    b3:3d:cf:4f:bd:4c:a5:04:9a:68:0a:35:e9:c2:98:
                    c7:d8:72:c4:6d:85:cd:21:b8:7d:3f:65:72:b4:99:
                    a3:2b:06:be:8c:30:8e:38:c2:eb:e9:c3:19:fc:56:
                    30:c6:c9:e3:84:19:54:4c:b7:2c:1b:be:14:7e:b8:
                    d8:e6:eb:6a:eb:5b:b5:30:5d:97:64:28:64:fb:10:
                    8a:ba:11:7d:d1:1f:82:6a:0c:99:62:96:b7:37:bd:
                    fd:bf:1f:f8:f3:a5:b1:c5:6b:e9:20:99:a2:4f:96:
                    95:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:33:77:9D:5F:62:3D:CC:FF:3C:5A:6D:2B:C5:E0:9B:D0:7A:F6:45
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/vzN3nV9iPcz_PFptK8Xgm9B69kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:8f:16:34:0f:ab:66:4a:5a:23:00:b4:ed:51:c7:fc:18:c4:
         29:5f:3b:98:ba:86:11:42:36:7b:be:65:a0:d4:dd:0b:78:09:
         42:1f:9b:79:45:5b:fc:02:63:59:64:d0:0a:4e:60:3a:ff:d6:
         19:f9:2f:23:4d:cb:b8:e3:89:5c:8f:79:86:b8:6b:e3:98:78:
         0c:84:8c:99:86:ff:b1:2a:5f:75:f1:ba:3d:79:ca:e4:a6:af:
         33:7f:87:9e:2b:9b:b3:5a:79:4a:3f:18:35:f8:7b:96:69:a7:
         55:15:43:bf:d0:54:02:9e:94:3c:31:4b:98:00:00:dc:c8:ae:
         bd:99:0c:4e:24:c1:6f:af:a4:54:96:70:29:82:56:c6:01:74:
         54:c1:5b:d7:bd:b1:61:ee:70:6d:92:4e:53:7e:1e:92:93:1f:
         be:b8:2a:76:b7:d7:28:e6:83:82:aa:1a:98:aa:98:56:ac:81:
         3f:e5:3c:d4:d7:11:1d:cf:3a:6c:61:1e:a3:da:9a:c5:1d:13:
         bd:88:df:36:99:79:7d:e5:03:85:44:4f:1b:ad:a5:53:a8:e5:
         41:46:c5:66:dc:47:02:38:36:13:04:62:6e:f8:ee:57:6c:88:
         3c:3a:66:2d:b8:ec:2b:31:df:44:9b:28:fa:51:56:1d:99:53:
         21:1f:4a:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XG9ZJcBI8FzaA5AzHpHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjYwMTAyMDYxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMzNzc5ZDVmNjIzZGNjZmYzYzVhNmQyYmM1ZTA5YmQwN2FmNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xLf23q43QY2Z/7z+yr936RGAJQX
JKSFTF47KwiCi+brWj1Ii81avOhygdzAt8EXtjrhRO98OWT2NhwYU0g6ORBWXeBi
+cedMnOtnEw2q6lL1urm0F9L0wzKy8d+DFkg46Kpzh9CQ1AoViAmGyntvD56TjX8
L4O9xuMB48nDKht5X83q8FNJo9K5L5OQG0HowQSgmkGzPc9PvUylBJpoCjXpwpjH
2HLEbYXNIbh9P2VytJmjKwa+jDCOOMLr6cMZ/FYwxsnjhBlUTLcsG74UfrjY5utq
61u1MF2XZChk+xCKuhF90R+CagyZYpa3N739vx/486WxxWvpIJmiT5aVIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8zd51fYj3M/zxabSvF4JvQevZFMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvdnpOM25WOWlQY3pfUEZwdEs4WGdtOUI2OWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXnhMA0G
CSqGSIb3DQEBCwUAA4IBAQDMjxY0D6tmSlojALTtUcf8GMQpXzuYuoYRQjZ7vmWg
1N0LeAlCH5t5RVv8AmNZZNAKTmA6/9YZ+S8jTcu444lcj3mGuGvjmHgMhIyZhv+x
Kl918bo9ecrkpq8zf4eeK5uzWnlKPxg1+HuWaadVFUO/0FQCnpQ8MUuYAADcyK69
mQxOJMFvr6RUlnApglbGAXRUwVvXvbFh7nBtkk5Tfh6Skx++uCp2t9co5oOCqhqY
qphWrIE/5TzU1xEdzzpsYR6j2prFHRO9iN82mXl95QOFRE8braVTqOVBRsVm3EcC
ODYTBGJu+O5XbIg8OmYtuOwrMd9Emyj6UVYdmVMhH0rD
-----END CERTIFICATE-----