This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/ZzhGs3xeuqjtegogr3JbD8EGy8A.roa
File:                     ZzhGs3xeuqjtegogr3JbD8EGy8A.roa (raw, json)
Hash identifier:          QzKiuA6J4PH51Dtd4/mrQUF28CyQcdY+pEYCB8jZjMg=
Subject key identifier:   67:38:46:B3:7C:5E:BA:A8:ED:7A:0A:20:AF:72:5B:0F:C1:06:CB:C0
Certificate issuer:       /CN=09253886a0250a04ec69be00bbf8433c2f014b7c
Certificate serial:       019B7A5B278EFB20BBF5047867AFFE45A3C7
Authority key identifier: 09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/ZzhGs3xeuqjtegogr3JbD8EGy8A.roa
Signing time:             Thu 01 Jan 2026 16:19:12 +0000
ROA not before:           Thu 01 Jan 2026 16:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203576
IP address blocks:        194.110.169.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:27:8e:fb:20:bb:f5:04:78:67:af:fe:45:a3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09253886a0250a04ec69be00bbf8433c2f014b7c
        Validity
            Not Before: Jan  1 16:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=673846b37c5ebaa8ed7a0a20af725b0fc106cbc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:06:c0:ad:19:da:08:97:d0:cc:d0:2c:9d:
                    c8:94:ba:e5:69:f6:b7:29:07:55:9e:d9:f8:42:f4:
                    09:29:44:52:2d:5c:6b:5b:07:77:c8:e8:56:e1:2c:
                    a5:72:8c:8c:12:d5:e8:25:e3:eb:b1:49:24:e0:5d:
                    44:c0:2c:b5:14:59:9e:e5:f6:6a:8c:21:88:e2:12:
                    a0:43:b3:80:cb:48:8a:ca:83:4a:d9:42:27:af:5d:
                    df:73:94:a1:36:1c:cd:f7:52:c8:58:c2:ae:1d:41:
                    bb:d8:50:a5:e2:9d:08:a4:8e:bc:71:a8:5a:d4:97:
                    b3:61:8f:85:79:bb:02:3c:9c:7a:e6:38:52:38:b9:
                    e2:22:14:70:4d:cc:a5:bb:96:e0:69:d2:72:8e:6b:
                    7e:a7:09:a4:f8:1d:f7:74:cc:f2:54:33:43:0d:5c:
                    52:0a:ed:cd:c7:18:79:c9:ed:b4:68:cc:5a:54:f5:
                    f3:16:6a:32:d9:17:8a:a9:0b:59:a6:8a:19:5e:83:
                    c5:9e:83:de:48:9c:cf:b5:16:23:0c:a9:9b:1f:d4:
                    43:c3:0f:76:3d:d8:8b:3b:17:a4:ea:a9:7e:64:f7:
                    86:dd:e6:6d:09:12:07:d3:31:90:51:96:77:6e:23:
                    dc:78:24:b0:19:5d:39:04:f4:b3:d8:48:f4:9e:da:
                    4e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:38:46:B3:7C:5E:BA:A8:ED:7A:0A:20:AF:72:5B:0F:C1:06:CB:C0
            X509v3 Authority Key Identifier:
                keyid:09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/ZzhGs3xeuqjtegogr3JbD8EGy8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:cf:7d:c3:29:cb:f2:c0:c7:90:09:75:61:fe:1b:42:74:cd:
         73:89:ba:11:1d:5a:3a:ba:c9:88:de:4c:f4:34:30:d5:ba:83:
         f0:4e:03:3c:f9:e1:3d:cf:71:30:e7:62:df:89:ef:56:c6:c7:
         e1:16:dd:c9:9e:f7:e5:38:f3:21:4a:c5:3f:a6:2b:ed:df:04:
         6d:3d:96:35:87:12:2a:c2:b1:53:2b:e1:96:cd:ca:07:a9:c7:
         53:46:e2:ec:2d:db:24:3e:43:78:ca:4f:63:64:73:56:1e:28:
         58:0f:89:ac:f6:fb:ab:28:cc:37:bf:ad:6b:f6:90:a8:c2:11:
         4c:21:e0:af:ec:2c:d2:37:81:07:5d:e9:9e:f4:77:34:77:f3:
         93:f8:c2:ee:ac:bc:2f:cb:91:ab:10:c4:e6:88:ba:d4:66:32:
         db:43:e6:db:81:97:6e:be:f5:d7:5d:fd:1d:61:ba:c7:1d:45:
         46:74:e0:81:5b:19:31:5c:79:10:05:27:c7:e5:f7:26:bd:2f:
         ce:fc:b7:4a:75:f0:51:b4:92:98:66:2b:db:76:b1:1e:81:71:
         5d:ef:ce:cb:ab:8c:cf:95:53:85:21:9f:d4:f8:a3:ad:89:4d:
         85:ec:3a:58:ba:24:4b:4d:07:bf:ee:7e:e8:34:6f:9f:5a:1f:
         dd:d3:fc:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WyeO+yC79QR4Z6/+RaPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MjUzODg2YTAyNTBhMDRlYzY5YmUwMGJiZjg0MzNjMmYw
MTRiN2MwHhcNMjYwMTAxMTYxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM4NDZiMzdjNWViYWE4ZWQ3YTBhMjBhZjcyNWIwZmMxMDZjYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxAGwK0Z2giX0MzQLJ3IlLrlafa3
KQdVntn4QvQJKURSLVxrWwd3yOhW4SylcoyMEtXoJePrsUkk4F1EwCy1FFme5fZq
jCGI4hKgQ7OAy0iKyoNK2UInr13fc5ShNhzN91LIWMKuHUG72FCl4p0IpI68caha
1JezYY+FebsCPJx65jhSOLniIhRwTcylu5bgadJyjmt+pwmk+B33dMzyVDNDDVxS
Cu3Nxxh5ye20aMxaVPXzFmoy2ReKqQtZpooZXoPFnoPeSJzPtRYjDKmbH9RDww92
PdiLOxek6ql+ZPeG3eZtCRIH0zGQUZZ3biPceCSwGV05BPSz2Ej0ntpOIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc4RrN8Xrqo7XoKIK9yWw/BBsvAMB8GA1UdIwQY
MBaAFAklOIagJQoE7Gm+ALv4QzwvAUt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAt
MTE0YWQ0MWNmMzMxLzEvWnpoR3MzeGV1cWp0ZWdvZ3IzSmJEOEVHeThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAtMTE0YWQ0MWNmMzMx
LzEvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6pMA0G
CSqGSIb3DQEBCwUAA4IBAQBLz33DKcvywMeQCXVh/htCdM1ziboRHVo6usmI3kz0
NDDVuoPwTgM8+eE9z3Ew52Lfie9WxsfhFt3JnvflOPMhSsU/pivt3wRtPZY1hxIq
wrFTK+GWzcoHqcdTRuLsLdskPkN4yk9jZHNWHihYD4ms9vurKMw3v61r9pCowhFM
IeCv7CzSN4EHXeme9Hc0d/OT+MLurLwvy5GrEMTmiLrUZjLbQ+bbgZduvvXXXf0d
YbrHHUVGdOCBWxkxXHkQBSfH5fcmvS/O/LdKdfBRtJKYZivbdrEegXFd787Lq4zP
lVOFIZ/U+KOtiU2F7DpYuiRLTQe/7n7oNG+fWh/d0/w3
-----END CERTIFICATE-----