This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ZrXDV17uXjinizgfrrPqhQ0dhJM.roa
File:                     ZrXDV17uXjinizgfrrPqhQ0dhJM.roa (raw, json)
Hash identifier:          GN0pZ4GDE0j/JncpGXJQ21uu5AQ3wwUlO2eU3eTfsns=
Subject key identifier:   66:B5:C3:57:5E:EE:5E:38:A7:8B:38:1F:AE:B3:EA:85:0D:1D:84:93
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       019B7E388AFFE378C60468B08381BA8727FF
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ZrXDV17uXjinizgfrrPqhQ0dhJM.roa
Signing time:             Fri 02 Jan 2026 10:19:53 +0000
ROA not before:           Fri 02 Jan 2026 10:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198229
IP address blocks:        194.31.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:8a:ff:e3:78:c6:04:68:b0:83:81:ba:87:27:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Jan  2 10:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66b5c3575eee5e38a78b381faeb3ea850d1d8493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bb:26:33:c6:45:71:cf:f6:00:51:2a:e3:0a:
                    6c:6d:90:8c:44:a8:21:b8:9a:42:58:02:54:d5:c7:
                    63:52:32:62:4b:2b:3e:67:bf:4e:40:fe:7a:d9:aa:
                    ab:f4:c0:99:78:13:eb:53:d1:e7:d7:9a:f2:91:17:
                    f7:4a:53:14:74:1f:20:6a:5b:4c:5e:41:79:98:e6:
                    3c:c8:3d:69:f5:dd:6b:72:fc:b0:de:e3:21:a3:ed:
                    92:b7:2a:0f:88:34:56:a8:52:a2:7d:da:8e:f7:7e:
                    87:bb:de:65:2d:33:95:ef:e1:a7:82:87:92:d8:67:
                    cb:b1:7e:90:1c:bb:9b:d9:f1:02:7d:1f:0f:5f:34:
                    a8:78:96:22:82:95:b6:df:a5:e4:97:b4:1e:cf:23:
                    d3:c1:16:be:c0:15:af:75:9c:2d:0b:75:09:ad:24:
                    92:6e:85:89:66:3e:fb:ec:87:f5:48:80:81:06:70:
                    2c:ce:c6:02:86:d3:40:ec:49:b5:11:93:5f:fc:b9:
                    3c:a1:66:bb:59:6e:52:9e:0f:f3:2b:ee:1a:1f:31:
                    9e:b5:6e:6d:0b:6b:fe:2d:e7:17:47:22:f9:c6:48:
                    09:b3:c5:48:8d:77:ef:48:e7:fc:83:66:fc:25:66:
                    3d:a6:ad:24:99:93:65:ba:1c:3c:15:16:be:a4:b4:
                    6e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B5:C3:57:5E:EE:5E:38:A7:8B:38:1F:AE:B3:EA:85:0D:1D:84:93
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ZrXDV17uXjinizgfrrPqhQ0dhJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e2:e0:72:19:83:74:3c:33:2e:c8:93:6d:82:e3:9e:53:28:
         cf:b7:a5:9b:0b:b5:2b:e5:a9:c2:3e:55:b0:a1:b1:2d:f6:56:
         89:cf:cb:93:a5:20:8b:b2:2f:fc:5c:04:5a:68:c2:6e:ab:6f:
         55:eb:1f:34:0e:64:e1:6d:8a:e4:96:9f:cc:4a:8a:4c:9c:8c:
         b3:f6:d1:04:6a:e4:9c:49:26:67:45:ce:7a:69:fa:05:c9:f0:
         f2:f2:4a:0c:39:87:f4:56:89:7b:dd:ff:cc:cf:af:37:10:a6:
         d1:09:ea:9a:24:36:4e:7d:8e:b2:81:b9:11:10:d6:f3:29:f2:
         f6:dc:d7:11:82:a3:24:a9:02:fd:76:9d:4a:a5:70:66:d6:cb:
         d5:de:7e:ed:fa:0f:5b:1d:9a:67:02:d0:c0:28:d6:60:01:03:
         70:ab:86:6b:91:4d:a2:cd:6e:4d:0e:87:f7:96:87:61:a7:93:
         b7:6a:28:ad:d1:a3:20:1a:7e:2c:20:96:66:dc:19:34:92:52:
         98:43:0a:f5:07:53:ec:0e:24:fe:ba:2e:50:a6:1d:84:a9:08:
         21:b3:75:fa:fe:d2:9c:e3:3e:02:12:2d:ca:32:07:a9:5b:1b:
         57:84:66:93:6f:aa:7a:8b:cf:1e:d0:63:11:26:66:a7:40:2f:
         20:4c:39:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OIr/43jGBGiwg4G6hyf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjYwMTAyMTAxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmI1YzM1NzVlZWU1ZTM4YTc4YjM4MWZhZWIzZWE4NTBkMWQ4NDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rsmM8ZFcc/2AFEq4wpsbZCMRKgh
uJpCWAJU1cdjUjJiSys+Z79OQP562aqr9MCZeBPrU9Hn15rykRf3SlMUdB8galtM
XkF5mOY8yD1p9d1rcvyw3uMho+2StyoPiDRWqFKifdqO936Hu95lLTOV7+GngoeS
2GfLsX6QHLub2fECfR8PXzSoeJYigpW236Xkl7QezyPTwRa+wBWvdZwtC3UJrSSS
boWJZj777If1SICBBnAszsYChtNA7Em1EZNf/Lk8oWa7WW5Sng/zK+4aHzGetW5t
C2v+LecXRyL5xkgJs8VIjXfvSOf8g2b8JWY9pq0kmZNluhw8FRa+pLRuxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa1w1de7l44p4s4H66z6oUNHYSTMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvWnJYRFYxN3VYamluaXpnZnJyUHFoUTBkaEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+EMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ4uByGYN0PDMuyJNtguOeUyjPt6WbC7Ur5anCPlWw
obEt9laJz8uTpSCLsi/8XARaaMJuq29V6x80DmThbYrklp/MSopMnIyz9tEEauSc
SSZnRc56afoFyfDy8koMOYf0Vol73f/Mz683EKbRCeqaJDZOfY6ygbkRENbzKfL2
3NcRgqMkqQL9dp1KpXBm1svV3n7t+g9bHZpnAtDAKNZgAQNwq4ZrkU2izW5NDof3
lodhp5O3aiit0aMgGn4sIJZm3Bk0klKYQwr1B1PsDiT+ui5Qph2EqQghs3X6/tKc
4z4CEi3KMgepWxtXhGaTb6p6i88e0GMRJmanQC8gTDn6
-----END CERTIFICATE-----