This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/zyHq_Q3GWloeeV-VjTbtIHpVm4w.roa
File:                     zyHq_Q3GWloeeV-VjTbtIHpVm4w.roa (raw, json)
Hash identifier:          qMW9P3897BYoaIoMgMW6gBm5tbL+KWXsoPCeCqIZHdU=
Subject key identifier:   CF:21:EA:FD:0D:C6:5A:5A:1E:79:5F:95:8D:36:ED:20:7A:55:9B:8C
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       019ACBE586603B9D2CC0811EAB364FDABFE9
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/zyHq_Q3GWloeeV-VjTbtIHpVm4w.roa
Signing time:             Fri 28 Nov 2025 19:16:48 +0000
ROA not before:           Fri 28 Nov 2025 19:16:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.33.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 10:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:cb:e5:86:60:3b:9d:2c:c0:81:1e:ab:36:4f:da:bf:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: Nov 28 19:16:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf21eafd0dc65a5a1e795f958d36ed207a559b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:10:86:e5:67:d0:1f:a6:e9:76:27:58:ae:35:
                    0a:06:6d:1d:3b:e9:f2:a0:d8:46:cd:1c:61:4b:71:
                    79:9e:e2:fb:fa:ff:c8:74:18:2a:7f:e7:5e:1d:db:
                    67:bf:9d:34:9b:ca:69:98:32:ac:fd:41:8c:46:b4:
                    fb:65:d2:78:f7:36:3a:0a:54:3d:16:f7:d8:2b:57:
                    cb:cb:97:46:84:3d:b5:2e:0a:3e:dc:c3:51:fc:0c:
                    a8:42:5a:48:e9:0f:2d:21:4d:ef:ce:e7:02:09:e2:
                    80:5b:a3:20:05:84:04:d0:de:ba:f0:1d:e0:a6:04:
                    08:8c:bd:0e:8b:d4:51:c9:a7:56:6b:62:f0:a4:ee:
                    60:ad:a9:8c:f3:ba:ea:2b:fa:68:43:96:be:5a:be:
                    3c:e4:2d:df:4b:5a:f1:a9:fa:23:eb:03:c5:b2:85:
                    ea:45:74:9c:20:6d:9a:5d:e7:af:65:cc:e5:ed:55:
                    7e:fc:e7:eb:e6:1b:86:66:f5:a7:58:9c:f8:31:e6:
                    bd:16:ce:6c:02:3e:9b:58:d4:66:76:ec:ae:d2:84:
                    ad:f9:08:a1:95:e1:fc:fa:67:bb:25:19:54:6f:69:
                    4e:ad:a6:fb:e2:d0:f8:42:47:8f:06:b5:fe:5b:4a:
                    00:8f:76:86:73:c5:cf:c7:6c:73:a6:11:86:27:16:
                    ca:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:21:EA:FD:0D:C6:5A:5A:1E:79:5F:95:8D:36:ED:20:7A:55:9B:8C
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/zyHq_Q3GWloeeV-VjTbtIHpVm4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:de:be:e4:01:b2:3c:84:2e:82:ab:64:ec:52:9f:7d:dc:7d:
         47:87:ae:d8:97:cd:e3:c8:1d:9a:d0:7c:37:f8:6c:ef:b0:e8:
         fa:23:f6:76:29:5f:8b:13:bc:17:82:cc:44:96:b8:52:0e:08:
         6f:f3:4b:35:db:2f:61:3c:02:08:b8:30:6b:ed:e6:80:f7:c3:
         c6:d6:7d:a3:b6:6b:09:01:a6:8f:ca:1d:e0:55:8e:be:5d:ae:
         72:de:6d:92:a2:af:ca:5e:74:e9:b6:fe:dc:ee:8f:8b:12:73:
         73:2b:1c:0b:fc:cd:a4:38:09:b7:b9:7d:92:22:28:4b:52:7d:
         69:58:1b:07:21:ce:0a:8e:47:6d:bb:3d:3b:e9:85:9a:73:e8:
         03:a0:88:41:c1:e8:40:72:1c:3d:f1:0f:6c:f6:7d:a6:75:76:
         d9:bb:eb:d0:06:0f:ca:34:bc:34:36:87:1a:7f:74:41:33:26:
         b4:fb:94:a7:ff:94:05:ec:70:cb:03:88:ed:f3:67:3d:cd:a2:
         17:3e:77:ff:f7:bf:ce:4b:1b:90:15:ea:d1:ce:c4:11:a8:c6:
         af:10:68:f7:73:0e:01:22:d0:f4:b4:02:3f:8d:3f:39:a0:f5:
         65:12:a9:f5:77:cc:95:ff:a7:cb:d2:ce:5b:b5:f4:0c:2b:ad:
         7c:3e:ae:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrL5YZgO50swIEeqzZP2r/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjUxMTI4MTkxNjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjIxZWFmZDBkYzY1YTVhMWU3OTVmOTU4ZDM2ZWQyMDdhNTU5YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhCG5WfQH6bpdidYrjUKBm0dO+ny
oNhGzRxhS3F5nuL7+v/IdBgqf+deHdtnv500m8ppmDKs/UGMRrT7ZdJ49zY6ClQ9
FvfYK1fLy5dGhD21Lgo+3MNR/AyoQlpI6Q8tIU3vzucCCeKAW6MgBYQE0N668B3g
pgQIjL0Oi9RRyadWa2LwpO5gramM87rqK/poQ5a+Wr485C3fS1rxqfoj6wPFsoXq
RXScIG2aXeevZczl7VV+/Ofr5huGZvWnWJz4Mea9Fs5sAj6bWNRmduyu0oSt+Qih
leH8+me7JRlUb2lOrab74tD4QkePBrX+W0oAj3aGc8XPx2xzphGGJxbKCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8h6v0NxlpaHnlflY027SB6VZuMMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvenlIcV9RM0dXbG9lZVYtVmpUYnRJSHBWbTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiE7MA0G
CSqGSIb3DQEBCwUAA4IBAQBw3r7kAbI8hC6Cq2TsUp993H1Hh67Yl83jyB2a0Hw3
+GzvsOj6I/Z2KV+LE7wXgsxElrhSDghv80s12y9hPAIIuDBr7eaA98PG1n2jtmsJ
AaaPyh3gVY6+Xa5y3m2Soq/KXnTptv7c7o+LEnNzKxwL/M2kOAm3uX2SIihLUn1p
WBsHIc4Kjkdtuz076YWac+gDoIhBwehAchw98Q9s9n2mdXbZu+vQBg/KNLw0Noca
f3RBMya0+5Sn/5QF7HDLA4jt82c9zaIXPnf/97/OSxuQFerRzsQRqMavEGj3cw4B
ItD0tAI/jT85oPVlEqn1d8yV/6fL0s5btfQMK618Pq5G
-----END CERTIFICATE-----