This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZryCLfhsn2tbfNcOOBqTDrmtBr4.roa
File:                     ZryCLfhsn2tbfNcOOBqTDrmtBr4.roa (raw, json)
Hash identifier:          s6nWvNWtX9EXW2C5iu+kYBDobKWsqyYEDZBG1jZg8kw=
Subject key identifier:   66:BC:82:2D:F8:6C:9F:6B:5B:7C:D7:0E:38:1A:93:0E:B9:AD:06:BE
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019B7F80C69D5C0BB7042F06A3FFF815025A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZryCLfhsn2tbfNcOOBqTDrmtBr4.roa
Signing time:             Fri 02 Jan 2026 16:18:24 +0000
ROA not before:           Fri 02 Jan 2026 16:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        109.111.36.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:c6:9d:5c:0b:b7:04:2f:06:a3:ff:f8:15:02:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 16:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66bc822df86c9f6b5b7cd70e381a930eb9ad06be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:be:2f:98:66:71:85:51:04:6c:55:71:f3:
                    12:6a:51:37:2e:3a:fd:e1:e8:df:b1:31:2a:99:a8:
                    80:c1:84:c3:0b:8b:db:60:d0:5c:a5:5c:5a:81:c3:
                    31:22:07:ae:51:7d:da:85:c4:30:56:eb:76:e0:70:
                    5b:b1:d2:e5:7d:fe:c3:77:be:f7:0a:b4:66:6a:5c:
                    e0:92:cb:85:19:5e:31:1e:e2:32:8c:01:ba:d6:2a:
                    54:86:41:08:4a:1f:71:24:60:c0:bb:c6:a4:44:a9:
                    86:62:87:40:34:fa:35:fc:a5:7d:06:1b:b9:18:95:
                    81:bc:36:56:82:37:4e:56:73:24:41:58:3a:ba:cb:
                    14:b5:ff:41:d9:74:44:98:9d:dc:a4:1a:66:f8:fe:
                    f1:09:70:3b:72:f7:24:ef:6a:a9:34:f9:c5:38:81:
                    62:1e:e8:ec:41:75:c0:7d:c7:3b:c1:c9:fd:44:63:
                    55:f3:fe:33:73:e0:76:c9:06:28:82:f4:c1:ad:61:
                    55:db:90:29:44:c8:9c:c8:26:87:4f:47:90:8f:e7:
                    13:13:4f:05:91:a4:e6:5c:5d:34:ce:10:ba:31:96:
                    91:55:af:e3:d1:68:c9:25:14:19:33:f5:8a:ab:ca:
                    d5:1b:14:18:a7:c8:8c:13:c3:af:5f:ab:1c:bc:6a:
                    92:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BC:82:2D:F8:6C:9F:6B:5B:7C:D7:0E:38:1A:93:0E:B9:AD:06:BE
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZryCLfhsn2tbfNcOOBqTDrmtBr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:05:bf:bb:de:ee:5c:36:3a:89:2e:9d:b7:2b:75:34:7e:88:
         99:5a:7c:9a:d8:eb:fb:d9:37:32:54:15:2c:e3:30:d8:17:c2:
         8e:8c:08:0a:94:bb:b7:06:37:62:bc:85:8a:ad:49:53:80:61:
         55:71:3c:05:0d:33:2f:8d:ce:a4:7d:26:66:f0:39:1c:1e:93:
         63:76:25:64:f1:33:46:d1:59:35:c1:13:ef:db:cb:aa:c0:da:
         01:f3:73:6e:4e:ba:e4:18:de:37:d0:77:fb:9d:78:48:12:b0:
         81:8d:29:f8:b4:ca:c4:cf:d2:27:68:82:9a:f9:8c:bb:52:33:
         ba:06:8b:cd:03:d2:df:d9:4c:98:79:2c:cb:c7:5c:1b:7b:35:
         71:99:6a:29:76:ee:1b:2c:0f:82:22:2a:e2:bf:ef:6e:76:9b:
         8b:d5:bb:0a:10:4e:1e:a5:b3:fe:48:29:22:98:5d:8e:75:e0:
         8f:aa:dd:14:99:81:29:72:6a:1f:5f:2e:39:ba:a9:64:7d:20:
         8e:c6:57:58:91:65:8a:3f:49:12:eb:6e:61:78:b4:f0:7a:1b:
         e1:a2:04:f4:97:e5:5e:97:89:87:27:26:df:26:bb:0d:e2:63:
         86:1a:8c:db:ef:bf:29:ce:b9:7b:24:3a:85:4e:0c:67:c0:21:
         45:f4:ad:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gMadXAu3BC8Go//4FQJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwMTAyMTYxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJjODIyZGY4NmM5ZjZiNWI3Y2Q3MGUzODFhOTMwZWI5YWQwNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwq+L5hmcYVRBGxVcfMSalE3Ljr9
4ejfsTEqmaiAwYTDC4vbYNBcpVxagcMxIgeuUX3ahcQwVut24HBbsdLlff7Dd773
CrRmalzgksuFGV4xHuIyjAG61ipUhkEISh9xJGDAu8akRKmGYodANPo1/KV9Bhu5
GJWBvDZWgjdOVnMkQVg6ussUtf9B2XREmJ3cpBpm+P7xCXA7cvck72qpNPnFOIFi
HujsQXXAfcc7wcn9RGNV8/4zc+B2yQYogvTBrWFV25ApRMicyCaHT0eQj+cTE08F
kaTmXF00zhC6MZaRVa/j0WjJJRQZM/WKq8rVGxQYp8iME8OvX6scvGqSAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa8gi34bJ9rW3zXDjgakw65rQa+MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvWnJ5Q0xmaHNuMnRiZk5jT09CcVREcm10QnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW8kMA0G
CSqGSIb3DQEBCwUAA4IBAQAFBb+73u5cNjqJLp23K3U0foiZWnya2Ov72TcyVBUs
4zDYF8KOjAgKlLu3BjdivIWKrUlTgGFVcTwFDTMvjc6kfSZm8DkcHpNjdiVk8TNG
0Vk1wRPv28uqwNoB83NuTrrkGN430Hf7nXhIErCBjSn4tMrEz9InaIKa+Yy7UjO6
BovNA9Lf2UyYeSzLx1wbezVxmWopdu4bLA+CIiriv+9udpuL1bsKEE4epbP+SCki
mF2OdeCPqt0UmYEpcmofXy45uqlkfSCOxldYkWWKP0kS625heLTwehvhogT0l+Ve
l4mHJybfJrsN4mOGGozb778pzrl7JDqFTgxnwCFF9K0O
-----END CERTIFICATE-----