This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/zFiOa87Nh3kNqXmJMswDrIMe8rw.roa
File:                     zFiOa87Nh3kNqXmJMswDrIMe8rw.roa (raw, json)
Hash identifier:          39MulS5vsRd7/CEUNbQIqn0iLxytY7QRk/Jrw4EqbsY=
Subject key identifier:   CC:58:8E:6B:CE:CD:87:79:0D:A9:79:89:32:CC:03:AC:83:1E:F2:BC
Certificate issuer:       /CN=0324d16977eee2f58beb1bb7aa2f4b2fa1abfc48
Certificate serial:       019B791101803F633F1A2EF11F2E7C29A1AC
Authority key identifier: 03:24:D1:69:77:EE:E2:F5:8B:EB:1B:B7:AA:2F:4B:2F:A1:AB:FC:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/zFiOa87Nh3kNqXmJMswDrIMe8rw.roa
Signing time:             Thu 01 Jan 2026 10:18:36 +0000
ROA not before:           Thu 01 Jan 2026 10:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5610
IP address blocks:        78.24.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:01:80:3f:63:3f:1a:2e:f1:1f:2e:7c:29:a1:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0324d16977eee2f58beb1bb7aa2f4b2fa1abfc48
        Validity
            Not Before: Jan  1 10:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc588e6bcecd87790da9798932cc03ac831ef2bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:02:76:31:a8:7d:86:81:4c:34:96:46:7c:cf:
                    15:e8:17:e3:b1:b9:94:29:49:94:ab:9f:31:5a:f1:
                    e2:a2:77:c4:00:e2:11:f9:7f:ae:61:ea:c0:51:67:
                    de:94:c1:ae:fd:0d:76:3f:6d:96:75:cc:79:30:db:
                    7f:29:a5:2d:93:62:33:59:05:b9:91:9c:76:c3:81:
                    83:56:f4:f5:62:eb:ba:57:4a:da:ec:ee:0e:9e:f9:
                    e8:56:ef:ae:a7:57:d1:8d:8a:14:ee:d6:aa:60:91:
                    e0:67:68:f8:fe:53:df:5a:7c:38:32:66:fd:80:97:
                    69:ab:f7:46:82:02:00:4c:34:42:f1:c8:84:b5:40:
                    97:a5:18:79:1c:90:d0:b0:fe:34:c1:75:05:1a:c9:
                    3b:92:2a:4c:12:93:e9:0e:25:97:30:04:3b:7f:b5:
                    d3:ce:fe:6d:c9:c1:fa:fd:d7:b3:dc:8a:05:e6:34:
                    30:86:b1:59:19:ce:4c:ac:9b:65:cb:5c:b3:43:33:
                    7c:06:27:07:d3:57:5b:82:ae:c4:57:02:65:23:cd:
                    a8:4f:e8:73:47:f8:1a:e1:da:35:85:23:be:31:fb:
                    ff:68:39:85:25:59:5f:7d:79:78:df:c5:3a:f7:c5:
                    68:81:26:c4:3a:63:40:0c:50:6b:a5:96:f5:0b:c5:
                    58:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:58:8E:6B:CE:CD:87:79:0D:A9:79:89:32:CC:03:AC:83:1E:F2:BC
            X509v3 Authority Key Identifier:
                keyid:03:24:D1:69:77:EE:E2:F5:8B:EB:1B:B7:AA:2F:4B:2F:A1:AB:FC:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/zFiOa87Nh3kNqXmJMswDrIMe8rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:7d:dd:77:ea:91:49:d9:de:5f:9e:35:de:44:71:9a:f1:1f:
         8f:81:a0:19:c3:9e:36:11:4c:6e:62:f0:e3:a8:01:17:1d:b5:
         8e:be:83:08:e5:d0:1a:15:77:4d:5d:31:8d:6b:8b:49:20:9a:
         d1:fd:24:ea:d0:38:2a:f3:cb:51:cf:b3:6b:d8:52:1e:7c:be:
         d1:fc:2a:35:00:b1:fa:22:70:58:2c:a3:6d:7b:fc:74:a6:7c:
         0c:d2:f1:88:b9:b0:bc:f2:52:67:c0:35:29:8d:f2:18:d8:d7:
         4c:19:a8:20:0d:e5:26:93:ee:01:df:22:a8:94:fe:ae:37:0f:
         b6:ea:ca:6a:e4:59:da:53:fd:71:75:cd:24:39:d3:f5:b5:5e:
         fb:5f:de:0b:b5:35:a8:f2:69:76:92:a3:1c:b1:04:f0:80:24:
         9e:61:c5:b8:2e:d5:e5:ca:94:2b:f8:e2:b5:d0:b7:9c:bd:12:
         f9:ed:e1:ac:80:d9:db:76:ad:81:6f:26:f5:c3:59:d3:f8:35:
         b0:54:91:b4:a2:6d:b5:36:8a:96:54:05:56:55:76:dc:b3:aa:
         0a:17:87:bc:32:7a:53:b4:ea:f1:0d:a0:64:08:07:27:54:d4:
         0d:00:1a:e4:6f:23:b1:46:c0:84:5e:89:3f:b5:ab:4e:42:19:
         d6:9b:d3:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EQGAP2M/Gi7xHy58KaGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjRkMTY5NzdlZWUyZjU4YmViMWJiN2FhMmY0YjJmYTFh
YmZjNDgwHhcNMjYwMTAxMTAxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzU4OGU2YmNlY2Q4Nzc5MGRhOTc5ODkzMmNjMDNhYzgzMWVmMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQJ2Mah9hoFMNJZGfM8V6BfjsbmU
KUmUq58xWvHionfEAOIR+X+uYerAUWfelMGu/Q12P22Wdcx5MNt/KaUtk2IzWQW5
kZx2w4GDVvT1Yuu6V0ra7O4OnvnoVu+up1fRjYoU7taqYJHgZ2j4/lPfWnw4Mmb9
gJdpq/dGggIATDRC8ciEtUCXpRh5HJDQsP40wXUFGsk7kipMEpPpDiWXMAQ7f7XT
zv5tycH6/dez3IoF5jQwhrFZGc5MrJtly1yzQzN8BicH01dbgq7EVwJlI82oT+hz
R/ga4do1hSO+Mfv/aDmFJVlffXl438U698VogSbEOmNADFBrpZb1C8VYFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxYjmvOzYd5Dal5iTLMA6yDHvK8MB8GA1UdIwQY
MBaAFAMk0Wl37uL1i+sbt6ovSy+hq/xIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlUUmFYZnU0dldMNnh1M3FpOUxMNkdyX0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS80NTc4YTYtMWExYy00OTQ0LWE3NzMt
YzI1ZDdmY2EwMDM3LzEvekZpT2E4N05oM2tOcVhtSk1zd0RySU1lOHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS80NTc4YTYtMWExYy00OTQ0LWE3NzMtYzI1ZDdmY2EwMDM3
LzEvQXlUUmFYZnU0dldMNnh1M3FpOUxMNkdyX0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDThjoMA0G
CSqGSIb3DQEBCwUAA4IBAQADfd136pFJ2d5fnjXeRHGa8R+PgaAZw542EUxuYvDj
qAEXHbWOvoMI5dAaFXdNXTGNa4tJIJrR/STq0Dgq88tRz7Nr2FIefL7R/Co1ALH6
InBYLKNte/x0pnwM0vGIubC88lJnwDUpjfIY2NdMGaggDeUmk+4B3yKolP6uNw+2
6spq5FnaU/1xdc0kOdP1tV77X94LtTWo8ml2kqMcsQTwgCSeYcW4LtXlypQr+OK1
0LecvRL57eGsgNnbdq2Bbyb1w1nT+DWwVJG0om21NoqWVAVWVXbcs6oKF4e8MnpT
tOrxDaBkCAcnVNQNABrkbyOxRsCEXok/tatOQhnWm9MJ
-----END CERTIFICATE-----