This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/zhpGkkiHWYW4818HnEbqExeUBls.roa
File:                     zhpGkkiHWYW4818HnEbqExeUBls.roa (raw, json)
Hash identifier:          qWe+oDx2YTDIQSZZ2y2+AEfhQT4OZcU2Yuk2CoLSDWQ=
Subject key identifier:   CE:1A:46:92:48:87:59:85:B8:F3:5F:07:9C:46:EA:13:17:94:06:5B
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019B7758F05FE19A35B02A2D8CF8ECFFE8CF
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/zhpGkkiHWYW4818HnEbqExeUBls.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199698
IP address blocks:        217.113.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f0:5f:e1:9a:35:b0:2a:2d:8c:f8:ec:ff:e8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce1a469248875985b8f35f079c46ea131794065b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d1:de:7d:0a:9d:e1:08:4e:f8:34:d9:21:41:
                    6e:1a:f6:91:b2:69:af:a5:cc:f0:ae:98:1e:34:7f:
                    9b:7d:99:cd:23:8d:bf:de:3d:e7:cd:cc:7b:28:40:
                    17:46:6b:25:08:71:9e:64:b8:cd:0c:51:e2:47:4c:
                    07:08:da:cd:66:78:ca:98:3b:78:c4:85:db:91:8a:
                    8f:d4:07:dd:67:86:6e:de:de:fc:64:15:f9:b6:7c:
                    ae:1c:4c:cd:8f:e1:c3:5f:3b:25:ae:31:7e:40:20:
                    81:c1:ad:39:65:40:e4:81:70:b8:ab:c1:ce:12:de:
                    f8:a5:6d:15:4d:75:53:6d:78:74:e7:a9:10:63:1c:
                    f1:15:d9:1d:03:ae:e3:a9:b6:49:21:13:f2:0b:99:
                    7b:d0:a5:29:cf:d9:3f:2c:87:eb:71:9f:59:23:2d:
                    8b:c7:c8:e2:ed:c0:23:c0:33:1a:e3:84:42:05:06:
                    68:5b:56:0b:0e:2a:5c:c4:89:cc:ef:02:50:de:62:
                    80:c3:48:3e:2a:6a:e7:14:4d:1a:f7:e2:a5:ef:38:
                    a8:a1:73:42:e8:d2:55:8b:f9:84:78:b9:63:b9:16:
                    de:39:d1:be:11:85:8b:dd:da:95:90:8b:37:c3:1e:
                    70:4d:d7:b9:c8:76:50:f2:79:7f:97:8c:ba:db:71:
                    e2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:1A:46:92:48:87:59:85:B8:F3:5F:07:9C:46:EA:13:17:94:06:5B
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/zhpGkkiHWYW4818HnEbqExeUBls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:06:88:83:c1:13:0d:99:92:43:06:68:7a:96:9a:0c:9c:e3:
         1a:07:d5:c7:5d:a8:b9:89:b2:4d:61:32:aa:52:8a:ce:95:76:
         96:07:43:8c:5c:44:64:03:3f:e0:cf:71:df:77:13:9d:84:59:
         ec:4d:e1:fb:c3:4b:71:ff:a5:73:d6:7f:cd:2f:14:a7:df:bd:
         58:51:48:1b:de:5a:b8:5d:59:e3:6c:32:2a:69:96:77:41:c3:
         bd:74:ed:63:5a:37:57:11:b5:df:62:8d:d7:ad:a1:42:ca:32:
         dd:79:4b:bf:cd:18:44:43:ae:bd:80:cc:7b:c1:ec:9d:18:55:
         cf:21:2e:56:3a:ef:33:e9:7a:58:21:c8:48:93:3c:79:18:e1:
         b7:2c:0f:e5:02:de:14:bc:44:3e:49:7f:87:6b:f8:f9:f9:61:
         70:53:54:da:51:da:b2:a6:e5:47:c8:4c:35:fa:00:37:a3:de:
         f1:9e:a7:bf:a9:ca:40:c4:2c:e7:74:83:05:22:fe:96:d7:86:
         21:70:fb:7b:b4:9b:c8:ac:8c:30:fa:4c:05:37:12:26:e4:90:
         52:64:8e:ec:5e:48:f9:62:27:30:de:cd:40:8d:cc:ff:48:1c:
         e6:c6:60:5e:90:95:0a:a0:8a:b3:10:19:2f:8e:11:8d:71:b9:
         f1:7e:9e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WPBf4Zo1sCotjPjs/+jPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTFhNDY5MjQ4ODc1OTg1YjhmMzVmMDc5YzQ2ZWExMzE3OTQwNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29HefQqd4QhO+DTZIUFuGvaRsmmv
pczwrpgeNH+bfZnNI42/3j3nzcx7KEAXRmslCHGeZLjNDFHiR0wHCNrNZnjKmDt4
xIXbkYqP1AfdZ4Zu3t78ZBX5tnyuHEzNj+HDXzslrjF+QCCBwa05ZUDkgXC4q8HO
Et74pW0VTXVTbXh056kQYxzxFdkdA67jqbZJIRPyC5l70KUpz9k/LIfrcZ9ZIy2L
x8ji7cAjwDMa44RCBQZoW1YLDipcxInM7wJQ3mKAw0g+KmrnFE0a9+Kl7ziooXNC
6NJVi/mEeLljuRbeOdG+EYWL3dqVkIs3wx5wTde5yHZQ8nl/l4y623Hi8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4aRpJIh1mFuPNfB5xG6hMXlAZbMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvemhwR2traUhXWVc0ODE4SG5FYnFFeGVVQmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEdMA0G
CSqGSIb3DQEBCwUAA4IBAQCcBoiDwRMNmZJDBmh6lpoMnOMaB9XHXai5ibJNYTKq
UorOlXaWB0OMXERkAz/gz3HfdxOdhFnsTeH7w0tx/6Vz1n/NLxSn371YUUgb3lq4
XVnjbDIqaZZ3QcO9dO1jWjdXEbXfYo3XraFCyjLdeUu/zRhEQ669gMx7weydGFXP
IS5WOu8z6XpYIchIkzx5GOG3LA/lAt4UvEQ+SX+Ha/j5+WFwU1TaUdqypuVHyEw1
+gA3o97xnqe/qcpAxCzndIMFIv6W14YhcPt7tJvIrIww+kwFNxIm5JBSZI7sXkj5
Yicw3s1Ajcz/SBzmxmBekJUKoIqzEBkvjhGNcbnxfp6G
-----END CERTIFICATE-----