This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/iznH3vVYi9D8I6W0a_m2eZRKsNE.roa
File:                     iznH3vVYi9D8I6W0a_m2eZRKsNE.roa (raw, json)
Hash identifier:          wZkljNiGiuoftSlkxO1vcP+VKneTmBt0zwFDnL+VZJg=
Subject key identifier:   8B:39:C7:DE:F5:58:8B:D0:FC:23:A5:B4:6B:F9:B6:79:94:4A:B0:D1
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       019B78A330251E65F30A107204ABC61DA44D
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/iznH3vVYi9D8I6W0a_m2eZRKsNE.roa
Signing time:             Thu 01 Jan 2026 08:18:39 +0000
ROA not before:           Thu 01 Jan 2026 08:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199145
IP address blocks:        84.47.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:30:25:1e:65:f3:0a:10:72:04:ab:c6:1d:a4:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  1 08:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b39c7def5588bd0fc23a5b46bf9b679944ab0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d1:27:eb:41:72:c9:3d:47:be:3b:2b:1c:be:
                    0a:d2:f6:7b:17:5a:78:54:c3:12:95:45:63:f2:cd:
                    22:5d:b3:33:52:a9:fa:4d:60:28:f2:46:be:ca:2a:
                    a7:b1:2f:26:9e:13:5a:7d:4d:6d:67:ef:48:e4:bb:
                    44:93:0f:48:84:2d:ed:24:80:67:45:65:8a:23:f8:
                    a7:87:f1:4e:b5:5b:65:08:d6:6f:72:be:ad:d3:60:
                    db:39:4f:c3:dd:80:ab:df:c1:2e:9c:e1:bb:e0:e3:
                    72:7b:16:8a:6d:28:b6:c6:7e:1e:95:7b:55:de:55:
                    63:81:76:c6:c6:f2:3d:0d:eb:6f:f3:75:3e:a8:64:
                    5c:11:58:d6:d3:b0:3e:83:9f:5a:50:6d:72:21:43:
                    83:3d:66:c6:3e:24:be:07:06:5a:ee:a5:10:91:01:
                    83:04:b2:dc:65:03:30:ce:a4:73:be:19:1e:ef:33:
                    58:d4:71:32:c5:97:18:11:21:42:b1:ee:e5:06:99:
                    1d:3b:8f:4c:51:e7:ed:d7:4c:97:55:24:e8:25:52:
                    10:d6:ec:e5:64:6f:3e:26:00:42:a8:ea:9f:1e:9f:
                    a2:d5:97:80:ab:a6:29:79:8f:69:f0:c8:24:a7:cc:
                    34:e5:b8:14:92:2f:9e:b6:2a:7c:e4:0c:58:80:61:
                    9a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:39:C7:DE:F5:58:8B:D0:FC:23:A5:B4:6B:F9:B6:79:94:4A:B0:D1
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/iznH3vVYi9D8I6W0a_m2eZRKsNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:cd:4f:78:de:f1:be:91:a1:19:fb:1f:f9:c1:f1:0f:7e:13:
         2e:56:1b:c0:41:b9:69:56:2a:55:3d:36:c3:87:5e:9c:2b:da:
         64:7d:59:43:7b:f3:80:87:e8:83:2b:8e:ed:d3:6c:d1:76:ac:
         f6:85:c4:74:0e:65:df:ad:48:e7:3b:a0:f6:90:4e:f4:6e:13:
         d4:19:9e:a4:e4:c8:3b:e6:45:b6:c5:28:53:02:cc:35:e1:9b:
         a4:e1:63:73:5f:18:32:52:24:c9:60:aa:45:28:49:3f:6a:e1:
         4c:9f:41:45:37:33:a0:f9:d4:6b:6b:25:f7:db:4c:52:f9:8d:
         f8:04:35:67:81:0a:0f:b3:0a:8c:52:34:03:66:cb:1a:b4:c0:
         04:cd:0e:16:a9:ac:9a:50:39:73:98:d1:a9:0e:66:03:75:c3:
         ac:78:ea:49:ed:0a:05:b4:8e:1a:0c:62:59:31:16:7d:d0:60:
         d6:2f:97:cb:69:dd:1a:81:08:70:c3:f4:73:93:72:f7:54:d6:
         88:a8:a4:dd:b6:10:a6:f7:d9:6d:45:ec:70:a4:2c:44:4b:1b:
         6d:92:79:10:f1:5e:42:21:70:b7:3c:39:ac:e9:07:25:54:cb:
         78:15:c8:ed:d2:df:92:b0:2f:e9:44:ff:c4:c4:2e:eb:01:eb:
         86:1e:5d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ozAlHmXzChByBKvGHaRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjYwMTAxMDgxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjM5YzdkZWY1NTg4YmQwZmMyM2E1YjQ2YmY5YjY3OTk0NGFiMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdEn60FyyT1HvjsrHL4K0vZ7F1p4
VMMSlUVj8s0iXbMzUqn6TWAo8ka+yiqnsS8mnhNafU1tZ+9I5LtEkw9IhC3tJIBn
RWWKI/inh/FOtVtlCNZvcr6t02DbOU/D3YCr38EunOG74ONyexaKbSi2xn4elXtV
3lVjgXbGxvI9Detv83U+qGRcEVjW07A+g59aUG1yIUODPWbGPiS+BwZa7qUQkQGD
BLLcZQMwzqRzvhke7zNY1HEyxZcYESFCse7lBpkdO49MUeft10yXVSToJVIQ1uzl
ZG8+JgBCqOqfHp+i1ZeAq6YpeY9p8Mgkp8w05bgUki+etip85AxYgGGaMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIs5x971WIvQ/COltGv5tnmUSrDRMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvaXpuSDN2VllpOUQ4STZXMGFfbTJlWlJLc05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC+tMA0G
CSqGSIb3DQEBCwUAA4IBAQAtzU943vG+kaEZ+x/5wfEPfhMuVhvAQblpVipVPTbD
h16cK9pkfVlDe/OAh+iDK47t02zRdqz2hcR0DmXfrUjnO6D2kE70bhPUGZ6k5Mg7
5kW2xShTAsw14Zuk4WNzXxgyUiTJYKpFKEk/auFMn0FFNzOg+dRrayX320xS+Y34
BDVngQoPswqMUjQDZssatMAEzQ4WqayaUDlzmNGpDmYDdcOseOpJ7QoFtI4aDGJZ
MRZ90GDWL5fLad0agQhww/Rzk3L3VNaIqKTdthCm99ltRexwpCxESxttknkQ8V5C
IXC3PDms6QclVMt4Fcjt0t+SsC/pRP/ExC7rAeuGHl2r
-----END CERTIFICATE-----