This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/ZRTAVRMhZT6cxxsi8He5NfGJ2zQ.roa
File:                     ZRTAVRMhZT6cxxsi8He5NfGJ2zQ.roa (raw, json)
Hash identifier:          puVDaYvy8bu1rAUQ7RQ/VHw6qx5cv46U9IaFuh15FHs=
Subject key identifier:   65:14:C0:55:13:21:65:3E:9C:C7:1B:22:F0:77:B9:35:F1:89:DB:34
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       019B79ED372411E6D76773D9A479278C1E2C
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/ZRTAVRMhZT6cxxsi8He5NfGJ2zQ.roa
Signing time:             Thu 01 Jan 2026 14:19:07 +0000
ROA not before:           Thu 01 Jan 2026 14:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16086
IP address blocks:        192.102.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:37:24:11:e6:d7:67:73:d9:a4:79:27:8c:1e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  1 14:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6514c0551321653e9cc71b22f077b935f189db34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ca:0c:13:eb:45:d2:60:65:75:05:87:bf:65:
                    4d:56:bc:53:64:ff:90:3d:d9:84:4e:02:d3:cb:2e:
                    ef:1e:60:62:d6:32:e3:74:3f:57:27:8b:ee:63:b3:
                    2c:6d:9d:07:6a:86:0f:f7:f9:1b:d2:9b:ca:5e:d2:
                    35:c4:03:ca:3c:2c:99:65:24:3e:be:b7:f3:9d:73:
                    be:ee:3d:13:db:f0:a1:ec:d5:18:51:c6:19:1b:7b:
                    1c:36:8c:27:91:36:68:d0:23:7a:82:a8:2e:09:36:
                    a4:93:58:42:f3:ca:ac:71:bb:6d:d3:0f:40:ee:d6:
                    e8:e5:d2:f7:c3:ee:df:cf:ac:73:b5:db:f5:bd:d1:
                    1c:53:83:0d:14:86:e0:17:26:c9:99:18:45:d8:ea:
                    9b:07:5a:d7:e6:bf:07:04:d1:b6:c6:fb:8f:cc:f0:
                    e9:9e:1a:2e:d6:06:e0:20:60:7b:f9:7d:ad:e1:34:
                    d4:7b:22:22:fc:36:21:db:10:17:d8:42:21:8e:43:
                    14:e0:c0:f5:0d:a9:62:12:84:66:9e:b1:db:46:ef:
                    ed:ce:e9:1b:6f:2c:3d:df:ae:57:19:2e:4d:0f:b2:
                    cb:4e:57:41:9e:96:01:61:58:d2:af:f9:fc:e9:2c:
                    73:62:1b:5e:98:8b:69:8b:62:23:11:bd:58:88:b9:
                    cf:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:14:C0:55:13:21:65:3E:9C:C7:1B:22:F0:77:B9:35:F1:89:DB:34
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/ZRTAVRMhZT6cxxsi8He5NfGJ2zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.102.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:76:0c:13:1a:31:ce:37:09:e0:1e:02:7c:ef:79:b9:26:e2:
         4c:b2:3a:49:d1:ec:86:8b:b6:b4:a1:da:d3:64:b1:be:1a:9f:
         ff:d0:61:96:a3:49:59:23:a5:a6:31:67:f4:e7:e3:4e:c4:a9:
         cd:44:a6:46:ee:94:76:7f:cc:c1:06:a4:b5:6e:4f:7f:c8:04:
         06:77:ee:a2:88:4a:7c:45:e3:d9:0e:a5:ed:3f:06:57:1e:ef:
         c8:19:b6:41:90:dd:20:12:07:41:dc:97:2e:79:14:07:f7:df:
         d3:e4:51:e8:c0:de:47:0b:9c:79:dd:16:0f:07:6a:e4:d0:1c:
         a3:7c:22:81:4d:a7:7d:7c:84:b7:28:04:80:41:43:b9:0a:09:
         7f:08:a3:02:9c:9f:a3:bc:00:25:1d:b8:f6:69:c9:11:fc:c3:
         61:67:a2:9e:fa:da:12:6d:b5:29:1c:a2:1d:4f:ef:fc:c5:07:
         bc:66:11:25:ab:2d:b7:d3:b7:b7:fc:66:76:35:82:c0:96:0f:
         ec:dc:d8:71:92:18:20:8c:71:a4:4a:25:51:e3:45:7a:97:67:
         76:00:66:bc:af:05:14:6b:24:13:b7:5e:9d:c9:f7:99:40:65:
         87:74:3b:b3:07:c0:25:3e:21:9e:ab:52:42:62:fa:37:b7:00:
         bd:0c:55:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57TckEebXZ3PZpHknjB4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjYwMTAxMTQxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTE0YzA1NTEzMjE2NTNlOWNjNzFiMjJmMDc3YjkzNWYxODlkYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8oME+tF0mBldQWHv2VNVrxTZP+Q
PdmETgLTyy7vHmBi1jLjdD9XJ4vuY7MsbZ0HaoYP9/kb0pvKXtI1xAPKPCyZZSQ+
vrfznXO+7j0T2/Ch7NUYUcYZG3scNownkTZo0CN6gqguCTakk1hC88qscbtt0w9A
7tbo5dL3w+7fz6xztdv1vdEcU4MNFIbgFybJmRhF2OqbB1rX5r8HBNG2xvuPzPDp
nhou1gbgIGB7+X2t4TTUeyIi/DYh2xAX2EIhjkMU4MD1DaliEoRmnrHbRu/tzukb
byw9365XGS5ND7LLTldBnpYBYVjSr/n86SxzYhtemItpi2IjEb1YiLnPuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUUwFUTIWU+nMcbIvB3uTXxids0MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvWlJUQVZSTWhaVDZjeHhzaThIZTVOZkdKMnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGY0MA0G
CSqGSIb3DQEBCwUAA4IBAQBidgwTGjHONwngHgJ873m5JuJMsjpJ0eyGi7a0odrT
ZLG+Gp//0GGWo0lZI6WmMWf05+NOxKnNRKZG7pR2f8zBBqS1bk9/yAQGd+6iiEp8
RePZDqXtPwZXHu/IGbZBkN0gEgdB3JcueRQH99/T5FHowN5HC5x53RYPB2rk0Byj
fCKBTad9fIS3KASAQUO5Cgl/CKMCnJ+jvAAlHbj2ackR/MNhZ6Ke+toSbbUpHKId
T+/8xQe8ZhElqy2307e3/GZ2NYLAlg/s3NhxkhggjHGkSiVR40V6l2d2AGa8rwUU
ayQTt16dyfeZQGWHdDuzB8AlPiGeq1JCYvo3twC9DFXZ
-----END CERTIFICATE-----