This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/kzpTxdEgTlHmbcdyJmMivdKLXpo.roa
File:                     kzpTxdEgTlHmbcdyJmMivdKLXpo.roa (raw, json)
Hash identifier:          E9K29jIawTV9zWoGNam+IgI6GZnKNdUSr8x32AMVm2E=
Subject key identifier:   93:3A:53:C5:D1:20:4E:51:E6:6D:C7:72:26:63:22:BD:D2:8B:5E:9A
Certificate issuer:       /CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
Certificate serial:       019B77C6DEC855F86FBCC24B1218D8DEABDE
Authority key identifier: 72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/kzpTxdEgTlHmbcdyJmMivdKLXpo.roa
Signing time:             Thu 01 Jan 2026 04:18:00 +0000
ROA not before:           Thu 01 Jan 2026 04:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216239
IP address blocks:        149.232.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:de:c8:55:f8:6f:bc:c2:4b:12:18:d8:de:ab:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
        Validity
            Not Before: Jan  1 04:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=933a53c5d1204e51e66dc772266322bdd28b5e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fa:14:31:c6:92:06:2a:33:4c:72:63:98:21:
                    fd:be:08:d3:cc:be:e4:89:bf:01:bb:13:27:e3:07:
                    cb:6c:6a:00:94:14:2b:60:ee:1a:97:79:97:f3:d6:
                    f5:93:c8:7f:99:49:cc:b9:a5:71:e0:fe:1b:1c:be:
                    05:53:c8:6c:73:4e:9e:e5:44:9f:8c:f4:6c:fe:67:
                    b1:03:8e:44:ab:41:3f:67:d3:8a:e3:59:cf:5a:6f:
                    f1:42:1b:fd:cf:ec:9a:21:a9:e6:ce:04:57:51:7c:
                    fb:af:5e:59:51:c9:7b:b6:b8:99:d2:e6:f0:5e:11:
                    2f:f7:9c:57:64:cb:2c:24:c8:e6:02:d5:12:2e:59:
                    eb:87:e6:5c:38:97:e9:f2:04:29:86:a0:d0:f3:fc:
                    a5:56:68:03:79:cb:fb:b4:66:ae:fa:be:b6:57:ad:
                    d0:0d:4a:c2:d5:41:0e:a1:d9:92:7c:2d:e1:57:6e:
                    eb:d7:9a:93:a7:d0:a6:c2:1d:59:79:2e:83:9f:72:
                    27:30:e0:2a:4a:43:e9:4f:e5:5c:7b:a6:d1:96:e8:
                    c9:54:08:0b:79:9f:75:0b:24:01:19:08:9b:b1:5e:
                    bd:09:f1:94:0a:6b:4a:e1:db:14:3e:9b:6e:8f:6f:
                    97:c3:04:d1:73:2b:b0:48:94:ce:db:f9:24:cb:8c:
                    16:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:3A:53:C5:D1:20:4E:51:E6:6D:C7:72:26:63:22:BD:D2:8B:5E:9A
            X509v3 Authority Key Identifier:
                keyid:72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/kzpTxdEgTlHmbcdyJmMivdKLXpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d2:46:22:28:3a:fc:94:b7:e4:3a:2e:b8:70:82:e3:94:17:
         13:0b:1f:93:bf:9b:ec:2f:79:9b:03:c7:b9:16:7c:0c:58:38:
         cd:a3:0f:f4:98:30:1e:f9:0d:7a:a9:11:2f:1e:c0:de:03:d5:
         17:52:92:5e:01:e9:8c:a1:19:e2:d0:67:00:d5:0f:2d:5b:a9:
         03:88:9e:95:3e:f8:68:df:e4:91:31:53:2c:07:d6:22:32:25:
         9b:1f:7f:42:e5:68:3d:b6:d9:fd:12:65:0c:e4:a3:19:b1:ae:
         02:61:ce:0a:ab:bb:5b:92:82:bc:cd:15:65:9e:6a:96:af:9f:
         4d:60:64:cd:ff:ec:3d:db:b0:e1:32:ac:4d:ff:94:41:d6:bb:
         12:4d:90:ec:18:9d:13:e3:da:19:b5:e4:cd:1e:f7:03:05:1c:
         01:cf:d4:00:fa:44:ba:d0:4a:66:64:53:3b:27:20:28:a0:4c:
         f3:46:1d:78:d3:14:b8:ec:a9:38:52:4b:5d:d9:e4:e3:aa:cd:
         8e:7b:5f:f0:cd:ca:3f:b4:c8:e1:5e:ae:45:f3:35:c7:71:c2:
         63:13:dc:ba:1d:1c:c3:75:66:25:f7:2e:a1:bf:4f:2f:00:77:
         be:95:ae:0d:99:35:69:1d:af:96:d2:e1:7b:0e:8c:87:6d:c2:
         c0:1f:dd:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xt7IVfhvvMJLEhjY3qveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNmIzNTBlOWY0ZjEyNTllMmY5YzYwOWIyMmU2NWZiZDE4
NjIwNmIwHhcNMjYwMTAxMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzNhNTNjNWQxMjA0ZTUxZTY2ZGM3NzIyNjYzMjJiZGQyOGI1ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/oUMcaSBiozTHJjmCH9vgjTzL7k
ib8BuxMn4wfLbGoAlBQrYO4al3mX89b1k8h/mUnMuaVx4P4bHL4FU8hsc06e5USf
jPRs/mexA45Eq0E/Z9OK41nPWm/xQhv9z+yaIanmzgRXUXz7r15ZUcl7triZ0ubw
XhEv95xXZMssJMjmAtUSLlnrh+ZcOJfp8gQphqDQ8/ylVmgDecv7tGau+r62V63Q
DUrC1UEOodmSfC3hV27r15qTp9Cmwh1ZeS6Dn3InMOAqSkPpT+Vce6bRlujJVAgL
eZ91CyQBGQibsV69CfGUCmtK4dsUPptuj2+XwwTRcyuwSJTO2/kky4wWZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJM6U8XRIE5R5m3HciZjIr3Si16aMB8GA1UdIwQY
MBaAFHJrNQ6fTxJZ4vnGCbIuZfvRhiBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYt
YTAwNzJiYWM5ZjQ4LzEva3pwVHhkRWdUbEhtYmNkeUptTWl2ZEtMWHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYtYTAwNzJiYWM5ZjQ4
LzEvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlei8MA0G
CSqGSIb3DQEBCwUAA4IBAQAv0kYiKDr8lLfkOi64cILjlBcTCx+Tv5vsL3mbA8e5
FnwMWDjNow/0mDAe+Q16qREvHsDeA9UXUpJeAemMoRni0GcA1Q8tW6kDiJ6VPvho
3+SRMVMsB9YiMiWbH39C5Wg9ttn9EmUM5KMZsa4CYc4Kq7tbkoK8zRVlnmqWr59N
YGTN/+w927DhMqxN/5RB1rsSTZDsGJ0T49oZteTNHvcDBRwBz9QA+kS60EpmZFM7
JyAooEzzRh140xS47Kk4Uktd2eTjqs2Oe1/wzco/tMjhXq5F8zXHccJjE9y6HRzD
dWYl9y6hv08vAHe+la4NmTVpHa+W0uF7DoyHbcLAH90e
-----END CERTIFICATE-----