This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/ZckkoNHt2DvjlU2WvYDlIclH-DI.roa
File:                     ZckkoNHt2DvjlU2WvYDlIclH-DI.roa (raw, json)
Hash identifier:          xy5JGKAo4mAfLH66AX9gOwR/ragqzfbDNJ5R5SMZh1s=
Subject key identifier:   65:C9:24:A0:D1:ED:D8:3B:E3:95:4D:96:BD:80:E5:21:C9:47:F8:32
Certificate issuer:       /CN=69b7f3bf8e0a7b590a0ffaa1c9c0ac580a0b119e
Certificate serial:       019B7A5B38644C5809115776B4110250019F
Authority key identifier: 69:B7:F3:BF:8E:0A:7B:59:0A:0F:FA:A1:C9:C0:AC:58:0A:0B:11:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/ZckkoNHt2DvjlU2WvYDlIclH-DI.roa
Signing time:             Thu 01 Jan 2026 16:19:17 +0000
ROA not before:           Thu 01 Jan 2026 16:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21013
IP address blocks:        91.210.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:38:64:4c:58:09:11:57:76:b4:11:02:50:01:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69b7f3bf8e0a7b590a0ffaa1c9c0ac580a0b119e
        Validity
            Not Before: Jan  1 16:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65c924a0d1edd83be3954d96bd80e521c947f832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b0:98:fb:26:90:50:4a:83:93:4d:a1:99:61:
                    8a:17:af:03:ab:6f:c7:c9:bc:b1:e8:64:ac:f9:ba:
                    03:3b:0e:7e:25:85:bd:93:5c:e2:bf:1f:68:54:2a:
                    4a:77:58:72:52:98:5e:e5:c0:9d:9a:05:81:a0:20:
                    8a:0e:23:f8:ef:21:0b:00:76:52:04:dd:67:ce:fc:
                    99:f6:49:6c:cb:29:f4:54:f0:cf:4d:01:8c:c5:6f:
                    5c:aa:c9:2c:3a:54:01:17:3e:db:ee:a0:c6:db:c1:
                    fe:5a:2c:05:f2:e2:91:04:14:ba:9e:b7:77:ad:9c:
                    e9:e2:12:fe:ea:cb:29:ba:82:7c:23:16:cd:fc:53:
                    a0:a5:5b:33:c3:dd:0b:6e:32:32:62:61:09:1b:65:
                    68:f3:fe:d8:2c:fe:c9:a2:6f:d1:d7:64:8a:7f:60:
                    5f:a2:b2:54:d8:d7:9d:b4:92:26:9f:d4:f6:f7:8a:
                    a3:91:6e:65:b3:88:6f:9a:fd:28:51:1d:9e:ed:f7:
                    28:13:13:dd:fb:23:30:bb:d9:c7:32:34:81:d0:db:
                    6a:17:4a:9b:ca:00:e6:ab:cb:04:c2:ec:09:1d:fe:
                    b2:1c:df:5b:c7:fe:aa:ac:d7:9c:55:62:2d:76:44:
                    d2:7a:f4:5b:6f:4e:20:0a:4b:90:e3:be:49:7c:f0:
                    a2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C9:24:A0:D1:ED:D8:3B:E3:95:4D:96:BD:80:E5:21:C9:47:F8:32
            X509v3 Authority Key Identifier:
                keyid:69:B7:F3:BF:8E:0A:7B:59:0A:0F:FA:A1:C9:C0:AC:58:0A:0B:11:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/ZckkoNHt2DvjlU2WvYDlIclH-DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:1a:f8:a1:4b:70:21:2d:2f:af:2e:4d:1f:45:1c:51:dd:1c:
         e7:ea:29:d0:76:e9:d5:4b:87:cc:75:70:3b:0c:5f:19:2b:fe:
         18:5e:cd:4f:68:d0:7e:fc:ef:2c:da:1c:f0:85:51:c5:16:20:
         45:c3:b1:f3:d3:79:29:e5:21:61:7c:ab:fc:48:4c:48:f3:76:
         80:b7:7b:46:30:dd:d3:3d:6b:14:8c:5a:2b:65:5f:09:b6:95:
         ee:43:cb:38:81:72:c8:fe:c9:58:94:a4:e9:77:70:21:46:a0:
         21:96:12:c6:79:c3:ab:ca:3d:71:cb:7c:62:46:a9:cb:73:9a:
         03:19:48:13:0e:03:3a:87:1f:8d:be:05:34:25:8b:6d:a8:f1:
         53:79:1b:f3:72:b8:27:32:97:2a:ac:c3:d3:d5:f7:f3:23:f6:
         4c:fb:e3:93:92:ad:30:16:1e:35:49:d5:02:a5:ff:dd:af:d6:
         0b:3b:ad:96:64:d0:99:b3:de:b3:8c:ae:57:df:43:75:c8:27:
         18:d5:2e:08:5c:b4:df:60:5b:6b:36:58:18:59:9b:dc:e4:cd:
         6b:ad:90:b7:d7:1d:38:bc:d3:db:68:62:3e:44:80:0c:b0:7e:
         c7:c5:42:dc:fc:3d:d7:97:f0:cf:cb:80:6e:0d:40:60:49:fc:
         e6:eb:d8:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WzhkTFgJEVd2tBECUAGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YjdmM2JmOGUwYTdiNTkwYTBmZmFhMWM5YzBhYzU4MGEw
YjExOWUwHhcNMjYwMTAxMTYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWM5MjRhMGQxZWRkODNiZTM5NTRkOTZiZDgwZTUyMWM5NDdmODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7CY+yaQUEqDk02hmWGKF68Dq2/H
ybyx6GSs+boDOw5+JYW9k1zivx9oVCpKd1hyUphe5cCdmgWBoCCKDiP47yELAHZS
BN1nzvyZ9klsyyn0VPDPTQGMxW9cqsksOlQBFz7b7qDG28H+WiwF8uKRBBS6nrd3
rZzp4hL+6sspuoJ8IxbN/FOgpVszw90LbjIyYmEJG2Vo8/7YLP7Jom/R12SKf2Bf
orJU2NedtJImn9T294qjkW5ls4hvmv0oUR2e7fcoExPd+yMwu9nHMjSB0NtqF0qb
ygDmq8sEwuwJHf6yHN9bx/6qrNecVWItdkTSevRbb04gCkuQ475JfPCiCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXJJKDR7dg745VNlr2A5SHJR/gyMB8GA1UdIwQY
MBaAFGm387+OCntZCg/6ocnArFgKCxGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWJmenY0NEtlMWtLRF9xaHljQ3NXQW9MRVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xNmQ4NWYtODViNS00MmUzLWFkOWYt
ZWVjMDVmNDlhYzg2LzEvWmNra29OSHQyRHZqbFUyV3ZZRGxJY2xILURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xNmQ4NWYtODViNS00MmUzLWFkOWYtZWVjMDVmNDlhYzg2
LzEvYWJmenY0NEtlMWtLRF9xaHljQ3NXQW9MRVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9KMMA0G
CSqGSIb3DQEBCwUAA4IBAQAiGvihS3AhLS+vLk0fRRxR3Rzn6inQdunVS4fMdXA7
DF8ZK/4YXs1PaNB+/O8s2hzwhVHFFiBFw7Hz03kp5SFhfKv8SExI83aAt3tGMN3T
PWsUjForZV8JtpXuQ8s4gXLI/slYlKTpd3AhRqAhlhLGecOryj1xy3xiRqnLc5oD
GUgTDgM6hx+NvgU0JYttqPFTeRvzcrgnMpcqrMPT1ffzI/ZM++OTkq0wFh41SdUC
pf/dr9YLO62WZNCZs96zjK5X30N1yCcY1S4IXLTfYFtrNlgYWZvc5M1rrZC31x04
vNPbaGI+RIAMsH7HxULc/D3Xl/DPy4BuDUBgSfzm69g+
-----END CERTIFICATE-----