This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/Zl9UixuUH0GLR4R_JPyHH_dGJ1Y.roa
File:                     Zl9UixuUH0GLR4R_JPyHH_dGJ1Y.roa (raw, json)
Hash identifier:          bKOmByPp72MyiwK2dxQMPNiiDG6ujdM2vWNSfqTcD8I=
Subject key identifier:   66:5F:54:8B:1B:94:1F:41:8B:47:84:7F:24:FC:87:1F:F7:46:27:56
Certificate issuer:       /CN=27fc21856cd8e037a7bb8c6392a6198213a8b4f6
Certificate serial:       019B7FF2888703FC25DF44A47683DCD9149F
Authority key identifier: 27:FC:21:85:6C:D8:E0:37:A7:BB:8C:63:92:A6:19:82:13:A8:B4:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/Zl9UixuUH0GLR4R_JPyHH_dGJ1Y.roa
Signing time:             Fri 02 Jan 2026 18:22:39 +0000
ROA not before:           Fri 02 Jan 2026 18:22:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        194.40.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:88:87:03:fc:25:df:44:a4:76:83:dc:d9:14:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27fc21856cd8e037a7bb8c6392a6198213a8b4f6
        Validity
            Not Before: Jan  2 18:22:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=665f548b1b941f418b47847f24fc871ff7462756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:86:a9:3d:1c:a0:b7:1f:64:b6:79:b5:59:ca:
                    76:5c:1f:c0:c6:cc:b8:ba:71:6f:ba:d0:35:00:94:
                    e4:88:87:85:94:ea:74:70:14:8c:05:0f:2a:3c:d9:
                    3d:63:2b:3d:ad:a7:4a:1f:4c:2c:bf:04:fc:46:37:
                    43:e9:d3:37:b4:6e:1c:4e:28:a4:db:a1:dd:72:2d:
                    a3:b4:61:76:03:52:9a:01:df:1d:ff:35:21:e3:5f:
                    cb:26:bc:33:27:3e:8a:02:8f:72:95:df:69:d7:61:
                    31:54:b2:5a:f8:a6:4b:cb:03:89:71:b6:89:b5:d7:
                    82:39:2f:69:a1:6a:a8:7e:7e:48:60:42:ee:a9:45:
                    0d:1f:78:99:c7:e6:35:8f:60:41:fb:fa:45:4c:49:
                    3b:73:5c:94:e4:af:6a:55:06:2c:14:d0:0a:b2:26:
                    a0:3d:4f:3b:1f:56:26:82:b3:df:13:9b:3b:dd:4a:
                    b9:10:33:15:53:b0:de:f9:d8:e2:05:2b:cf:93:0d:
                    e5:fd:b0:78:ec:c5:46:36:61:f5:33:78:91:40:89:
                    23:a8:d3:ea:1d:42:48:bf:7d:9f:10:ca:2c:29:a7:
                    c6:91:aa:67:3a:87:f0:9e:c1:10:5b:bb:13:1f:ca:
                    5b:2d:e5:d2:24:68:90:ec:c6:52:31:7c:ba:b0:7f:
                    f2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5F:54:8B:1B:94:1F:41:8B:47:84:7F:24:FC:87:1F:F7:46:27:56
            X509v3 Authority Key Identifier:
                keyid:27:FC:21:85:6C:D8:E0:37:A7:BB:8C:63:92:A6:19:82:13:A8:B4:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/Zl9UixuUH0GLR4R_JPyHH_dGJ1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:50:e0:be:3e:6b:a3:4f:4c:62:b0:ed:2f:36:81:5e:8a:d7:
         b1:fb:91:84:bf:46:02:d0:ee:30:e3:e5:89:af:fe:28:2a:25:
         ad:c7:93:d3:07:b6:f7:93:0a:2e:bb:5f:92:3d:b3:19:a2:bd:
         99:e8:33:f7:f1:b4:ed:6b:f7:37:f7:b0:39:aa:ac:85:92:88:
         d9:e0:b7:03:c4:91:54:ea:60:bc:b9:0a:d5:59:34:47:62:6e:
         8f:8f:7d:62:2d:2e:1f:b8:11:a5:7c:e5:da:24:d8:3f:2f:44:
         8e:2c:3d:20:42:d3:a0:b2:0a:69:22:5a:e1:e3:42:17:c4:ee:
         50:24:5e:c0:cf:12:0f:bb:aa:47:de:69:73:17:e1:4c:20:5a:
         af:3b:09:5c:7e:f5:68:af:e2:89:ee:fd:db:88:b7:93:f6:35:
         42:ca:85:e6:87:3a:a5:a2:42:e2:77:cc:ee:9c:38:0a:0d:17:
         c2:dd:91:3f:4b:cc:ee:2d:dd:af:30:e3:15:14:78:69:93:7e:
         79:b1:3e:ed:3c:53:e3:51:96:b7:b9:bd:e7:49:2f:b0:df:fa:
         3b:25:d9:ff:c6:77:f6:38:79:9a:87:29:6f:3e:4f:36:d2:27:
         22:e9:ac:a9:8c:01:6e:6c:5b:2f:0f:27:87:3a:a3:8e:f0:0c:
         77:14:13:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8oiHA/wl30SkdoPc2RSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZmMyMTg1NmNkOGUwMzdhN2JiOGM2MzkyYTYxOTgyMTNh
OGI0ZjYwHhcNMjYwMTAyMTgyMjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjVmNTQ4YjFiOTQxZjQxOGI0Nzg0N2YyNGZjODcxZmY3NDYyNzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YapPRygtx9ktnm1Wcp2XB/Axsy4
unFvutA1AJTkiIeFlOp0cBSMBQ8qPNk9Yys9radKH0wsvwT8RjdD6dM3tG4cTiik
26Hdci2jtGF2A1KaAd8d/zUh41/LJrwzJz6KAo9yld9p12ExVLJa+KZLywOJcbaJ
tdeCOS9poWqofn5IYELuqUUNH3iZx+Y1j2BB+/pFTEk7c1yU5K9qVQYsFNAKsiag
PU87H1YmgrPfE5s73Uq5EDMVU7De+djiBSvPkw3l/bB47MVGNmH1M3iRQIkjqNPq
HUJIv32fEMosKafGkapnOofwnsEQW7sTH8pbLeXSJGiQ7MZSMXy6sH/yIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZfVIsblB9Bi0eEfyT8hx/3RidWMB8GA1UdIwQY
MBaAFCf8IYVs2OA3p7uMY5KmGYITqLT2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl93aGhXelk0RGVudTR4amtxWVpnaE9vdFBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9jN2ZhNDgtMjg3Ni00MjJiLTg4MjUt
ZTFmMzY3ZTc5NjIwLzEvWmw5VWl4dVVIMEdMUjRSX0pQeUhIX2RHSjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9jN2ZhNDgtMjg3Ni00MjJiLTg4MjUtZTFmMzY3ZTc5NjIw
LzEvSl93aGhXelk0RGVudTR4amtxWVpnaE9vdFBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwijpMA0G
CSqGSIb3DQEBCwUAA4IBAQC4UOC+PmujT0xisO0vNoFeitex+5GEv0YC0O4w4+WJ
r/4oKiWtx5PTB7b3kwouu1+SPbMZor2Z6DP38bTta/c397A5qqyFkojZ4LcDxJFU
6mC8uQrVWTRHYm6Pj31iLS4fuBGlfOXaJNg/L0SOLD0gQtOgsgppIlrh40IXxO5Q
JF7AzxIPu6pH3mlzF+FMIFqvOwlcfvVor+KJ7v3biLeT9jVCyoXmhzqlokLid8zu
nDgKDRfC3ZE/S8zuLd2vMOMVFHhpk355sT7tPFPjUZa3ub3nSS+w3/o7Jdn/xnf2
OHmahylvPk820ici6aypjAFubFsvDyeHOqOO8Ax3FBOW
-----END CERTIFICATE-----