This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/pZS2FuCyE0ac7bgviGBWTjEjxK8.roa
File:                     pZS2FuCyE0ac7bgviGBWTjEjxK8.roa (raw, json)
Hash identifier:          BY2QLyJHYDD23aKTMOr6Dhb2Ou5jiMnicXO1uDe86kk=
Subject key identifier:   A5:94:B6:16:E0:B2:13:46:9C:ED:B8:2F:88:60:56:4E:31:23:C4:AF
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       019B7B36ABEC35FD70C9F9256325EC427418
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/pZS2FuCyE0ac7bgviGBWTjEjxK8.roa
Signing time:             Thu 01 Jan 2026 20:18:59 +0000
ROA not before:           Thu 01 Jan 2026 20:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58349
IP address blocks:        195.128.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ab:ec:35:fd:70:c9:f9:25:63:25:ec:42:74:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Jan  1 20:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a594b616e0b213469cedb82f8860564e3123c4af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:70:72:08:fa:bf:44:ca:07:87:bc:4c:6a:e4:
                    2b:5f:74:ac:66:5b:a9:93:33:be:f1:e4:a2:cf:c7:
                    bc:45:16:86:ab:c5:f1:61:97:97:d6:50:a5:c6:3e:
                    4b:7e:e5:1e:bb:ed:23:9c:84:7c:49:99:5d:db:3c:
                    d4:22:d8:d8:77:98:f4:5a:72:c5:67:55:ea:be:7f:
                    5c:cc:25:e9:35:8a:1f:35:6d:f9:c5:d6:a5:8d:2e:
                    bf:65:c9:67:b5:e1:e0:4b:64:db:bb:55:f7:24:f7:
                    4b:4f:b1:d6:43:9d:a0:d2:3b:b5:f5:ce:2a:1d:82:
                    02:b8:3e:e5:70:59:41:8e:2b:61:56:08:d2:6c:b2:
                    01:cc:4d:be:2c:50:ae:81:15:fb:37:69:12:9f:82:
                    10:3c:f6:45:e4:ef:8c:fd:1e:91:47:87:ce:d1:e4:
                    c5:b1:87:24:2c:74:b8:d8:13:cd:8a:eb:91:03:88:
                    ef:73:16:42:1b:d2:43:f2:a8:91:ad:94:eb:6a:42:
                    02:76:7a:d4:f9:7c:7e:0e:63:78:23:3e:4a:9f:89:
                    82:21:77:3f:7a:bd:18:80:46:fe:62:0d:21:db:51:
                    cc:69:5d:02:31:db:5b:a7:0c:84:2e:e5:af:a7:69:
                    c9:0c:6d:73:69:6c:f7:59:6b:4c:d2:38:8f:56:ff:
                    51:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:94:B6:16:E0:B2:13:46:9C:ED:B8:2F:88:60:56:4E:31:23:C4:AF
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/pZS2FuCyE0ac7bgviGBWTjEjxK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:c9:84:07:92:1b:40:65:1a:14:26:b6:21:4c:37:04:46:f7:
         9e:05:44:7a:9e:7e:97:1c:d5:20:85:02:57:9e:6a:01:64:6f:
         ed:a6:65:73:60:a1:0a:53:80:c5:da:7f:86:ba:3d:2e:ac:fb:
         10:79:3e:1e:06:16:37:11:19:c0:1b:28:51:c0:f1:0d:ec:32:
         50:eb:22:76:08:45:99:5d:3b:f1:60:c8:34:03:ca:66:2f:2f:
         54:20:6a:bc:f8:94:6e:02:3a:b8:81:03:1a:91:4f:97:57:e0:
         c4:51:91:51:3b:99:d4:dc:e5:6f:3a:91:99:7c:ab:7d:7f:1f:
         92:32:95:d0:64:02:d8:d9:73:68:e7:02:e0:c3:1d:98:c1:d3:
         08:0c:32:9d:3a:9b:49:36:0d:48:db:22:6c:bb:06:09:7e:f2:
         2d:95:46:f4:4b:38:65:9e:76:32:61:0f:cc:0f:67:6e:d9:19:
         6b:41:fa:00:1d:e7:a1:89:87:15:0a:76:b1:44:4f:0b:e7:ff:
         e6:d8:67:60:98:c8:75:8e:ff:72:3e:4c:ad:20:fa:97:66:03:
         31:77:52:3d:17:ca:de:0c:03:91:b6:1e:e7:f0:df:18:64:e8:
         81:03:fe:1f:6c:0c:87:42:54:ed:11:58:9f:c4:f5:6c:d8:19:
         4a:fa:28:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqvsNf1wyfklYyXsQnQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjYwMTAxMjAxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk0YjYxNmUwYjIxMzQ2OWNlZGI4MmY4ODYwNTY0ZTMxMjNjNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHByCPq/RMoHh7xMauQrX3SsZlup
kzO+8eSiz8e8RRaGq8XxYZeX1lClxj5LfuUeu+0jnIR8SZld2zzUItjYd5j0WnLF
Z1Xqvn9czCXpNYofNW35xdaljS6/ZclnteHgS2Tbu1X3JPdLT7HWQ52g0ju19c4q
HYICuD7lcFlBjithVgjSbLIBzE2+LFCugRX7N2kSn4IQPPZF5O+M/R6RR4fO0eTF
sYckLHS42BPNiuuRA4jvcxZCG9JD8qiRrZTrakICdnrU+Xx+DmN4Iz5Kn4mCIXc/
er0YgEb+Yg0h21HMaV0CMdtbpwyELuWvp2nJDG1zaWz3WWtM0jiPVv9RIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWUthbgshNGnO24L4hgVk4xI8SvMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvcFpTMkZ1Q3lFMGFjN2JndmlHQldUakVqeEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4AYMA0G
CSqGSIb3DQEBCwUAA4IBAQAHyYQHkhtAZRoUJrYhTDcERveeBUR6nn6XHNUghQJX
nmoBZG/tpmVzYKEKU4DF2n+Guj0urPsQeT4eBhY3ERnAGyhRwPEN7DJQ6yJ2CEWZ
XTvxYMg0A8pmLy9UIGq8+JRuAjq4gQMakU+XV+DEUZFRO5nU3OVvOpGZfKt9fx+S
MpXQZALY2XNo5wLgwx2YwdMIDDKdOptJNg1I2yJsuwYJfvItlUb0SzhlnnYyYQ/M
D2du2RlrQfoAHeehiYcVCnaxRE8L5//m2GdgmMh1jv9yPkytIPqXZgMxd1I9F8re
DAORth7n8N8YZOiBA/4fbAyHQlTtEVifxPVs2BlK+ih8
-----END CERTIFICATE-----