This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/ZUFdt76XEIRqjB1ZsCU8KDPIIeE.roa
File:                     ZUFdt76XEIRqjB1ZsCU8KDPIIeE.roa (raw, json)
Hash identifier:          +22Qmq4Y9pNmDRsynGIXRX9EtOmlc0lMrcEc8jeBxvw=
Subject key identifier:   65:41:5D:B7:BE:97:10:84:6A:8C:1D:59:B0:25:3C:28:33:C8:21:E1
Certificate issuer:       /CN=759c7a4a7a0eae488137739bec71a2b32470f8ed
Certificate serial:       019BED1DC7ABC43107EBAB97001F4A3A1120
Authority key identifier: 75:9C:7A:4A:7A:0E:AE:48:81:37:73:9B:EC:71:A2:B3:24:70:F8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZx6SnoOrkiBN3Ob7HGisyRw-O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/ZUFdt76XEIRqjB1ZsCU8KDPIIeE.roa
Signing time:             Fri 23 Jan 2026 23:08:30 +0000
ROA not before:           Fri 23 Jan 2026 23:08:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136907
IP address blocks:        185.193.152.0/23 maxlen: 23
                          185.193.154.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/dZx6SnoOrkiBN3Ob7HGisyRw-O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/dZx6SnoOrkiBN3Ob7HGisyRw-O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dZx6SnoOrkiBN3Ob7HGisyRw-O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ed:1d:c7:ab:c4:31:07:eb:ab:97:00:1f:4a:3a:11:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=759c7a4a7a0eae488137739bec71a2b32470f8ed
        Validity
            Not Before: Jan 23 23:08:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65415db7be9710846a8c1d59b0253c2833c821e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fc:a0:28:b3:05:3c:75:2e:54:38:63:2c:60:
                    90:7f:bd:12:40:f1:25:f2:07:d4:45:d4:21:2f:3b:
                    3d:14:b0:61:4d:ac:ce:0b:36:93:6e:7b:aa:1f:0f:
                    3d:2c:cf:2e:00:34:c8:f0:81:1b:d8:11:41:d5:ea:
                    f7:69:43:09:3a:61:4a:11:06:1f:36:98:18:a6:c0:
                    0e:bd:8c:7e:8b:55:92:38:b8:df:0c:ef:fe:6b:64:
                    af:7c:61:26:97:af:7b:91:e6:11:bf:c8:0c:4c:c4:
                    99:2c:56:78:d7:de:39:fa:f0:1c:ed:1a:38:9f:f8:
                    b1:09:76:cb:1c:3f:6e:81:0e:38:cf:0f:25:68:6e:
                    4c:bd:e4:af:ad:b7:e9:c1:d1:b3:42:9a:b5:d9:2d:
                    9a:f8:b1:b8:e0:5b:f2:3b:bf:49:30:58:d5:b9:ef:
                    24:62:83:c8:8a:13:65:03:b3:e4:11:50:fb:a3:82:
                    ed:1c:08:3a:1d:a7:86:ee:29:c1:aa:43:ee:28:9f:
                    28:54:c7:fa:7d:56:17:40:62:a6:5e:cc:0c:93:c3:
                    e8:23:e7:e6:25:ae:7d:92:a7:13:6f:e5:9e:af:3d:
                    47:8d:da:ea:d3:db:d2:01:3c:29:f7:73:a3:9c:1f:
                    e4:41:38:23:fa:5d:ef:55:83:fa:8b:d9:dc:e1:40:
                    a1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:5D:B7:BE:97:10:84:6A:8C:1D:59:B0:25:3C:28:33:C8:21:E1
            X509v3 Authority Key Identifier:
                keyid:75:9C:7A:4A:7A:0E:AE:48:81:37:73:9B:EC:71:A2:B3:24:70:F8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZx6SnoOrkiBN3Ob7HGisyRw-O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/ZUFdt76XEIRqjB1ZsCU8KDPIIeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a5e8d5-3264-46b2-8026-a39a9c775a50/1/dZx6SnoOrkiBN3Ob7HGisyRw-O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:a8:73:2b:d7:93:01:94:40:3f:99:73:8f:63:d7:b4:60:b6:
         a4:36:07:3e:7a:de:20:9a:16:f6:27:9a:7b:cd:59:1a:66:24:
         dd:be:b2:5b:4b:ea:e3:80:b2:87:94:15:c9:58:53:b7:7d:d6:
         17:b4:b1:8e:ff:75:ae:8e:74:67:05:e7:06:77:f2:17:db:3c:
         0f:69:88:e5:5f:8e:cb:49:ac:bf:81:5a:49:76:de:17:c0:3f:
         30:95:f9:34:06:b0:a7:d0:fd:56:61:e2:2b:4b:be:2e:1e:3c:
         c0:76:3a:a1:ea:2f:5c:66:34:81:6a:47:22:6d:49:d9:81:2f:
         27:e5:1b:20:e8:7d:c2:6b:d7:fe:d3:0f:81:4b:66:75:f9:87:
         7a:5d:19:38:46:0e:d8:90:03:24:55:86:87:1d:ba:91:52:33:
         62:cd:af:52:28:63:48:46:07:cd:0a:06:f7:ff:6c:fc:0b:de:
         4e:6e:ec:42:c2:51:30:e2:28:cb:2a:41:fd:ef:20:af:d6:4c:
         c7:ce:e0:15:16:3f:be:b2:a5:9c:98:e3:6f:3b:dc:9f:e7:4b:
         fc:cb:2a:90:8e:7d:0c:00:ad:35:1e:56:71:56:e2:7b:81:39:
         94:50:f4:53:75:3f:a6:e1:b7:67:96:44:f3:2c:24:cf:ca:93:
         76:7c:d7:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvtHcerxDEH66uXAB9KOhEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OWM3YTRhN2EwZWFlNDg4MTM3NzM5YmVjNzFhMmIzMjQ3
MGY4ZWQwHhcNMjYwMTIzMjMwODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxNWRiN2JlOTcxMDg0NmE4YzFkNTliMDI1M2MyODMzYzgyMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/ygKLMFPHUuVDhjLGCQf70SQPEl
8gfURdQhLzs9FLBhTazOCzaTbnuqHw89LM8uADTI8IEb2BFB1er3aUMJOmFKEQYf
NpgYpsAOvYx+i1WSOLjfDO/+a2SvfGEml697keYRv8gMTMSZLFZ41945+vAc7Ro4
n/ixCXbLHD9ugQ44zw8laG5MveSvrbfpwdGzQpq12S2a+LG44FvyO79JMFjVue8k
YoPIihNlA7PkEVD7o4LtHAg6HaeG7inBqkPuKJ8oVMf6fVYXQGKmXswMk8PoI+fm
Ja59kqcTb+Werz1Hjdrq09vSATwp93OjnB/kQTgj+l3vVYP6i9nc4UChNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVBXbe+lxCEaowdWbAlPCgzyCHhMB8GA1UdIwQY
MBaAFHWcekp6Dq5IgTdzm+xxorMkcPjtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFp4NlNub09ya2lCTjNPYjdIR2lzeVJ3LU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9hNWU4ZDUtMzI2NC00NmIyLTgwMjYt
YTM5YTljNzc1YTUwLzEvWlVGZHQ3NlhFSVJxakIxWnNDVThLRFBJSWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9hNWU4ZDUtMzI2NC00NmIyLTgwMjYtYTM5YTljNzc1YTUw
LzEvZFp4NlNub09ya2lCTjNPYjdIR2lzeVJ3LU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucGYMA0G
CSqGSIb3DQEBCwUAA4IBAQB4qHMr15MBlEA/mXOPY9e0YLakNgc+et4gmhb2J5p7
zVkaZiTdvrJbS+rjgLKHlBXJWFO3fdYXtLGO/3WujnRnBecGd/IX2zwPaYjlX47L
Say/gVpJdt4XwD8wlfk0BrCn0P1WYeIrS74uHjzAdjqh6i9cZjSBakcibUnZgS8n
5Rsg6H3Ca9f+0w+BS2Z1+Yd6XRk4Rg7YkAMkVYaHHbqRUjNiza9SKGNIRgfNCgb3
/2z8C95ObuxCwlEw4ijLKkH97yCv1kzHzuAVFj++sqWcmONvO9yf50v8yyqQjn0M
AK01HlZxVuJ7gTmUUPRTdT+m4bdnlkTzLCTPypN2fNez
-----END CERTIFICATE-----