This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WZTMH8e4bG72Y46tPEhwRpCrXnw.roa
File:                     WZTMH8e4bG72Y46tPEhwRpCrXnw.roa (raw, json)
Hash identifier:          e65P/HcegRVaV7emV1l9z0kz+mhI3cKtV9BGmToFrIA=
Subject key identifier:   59:94:CC:1F:C7:B8:6C:6E:F6:63:8E:AD:3C:48:70:46:90:AB:5E:7C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84B1C0602B3917A1131CDEA92852C6
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WZTMH8e4bG72Y46tPEhwRpCrXnw.roa
Signing time:             Fri 02 Jan 2026 16:22:41 +0000
ROA not before:           Fri 02 Jan 2026 16:22:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48172
IP address blocks:        146.120.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:b1:c0:60:2b:39:17:a1:13:1c:de:a9:28:52:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5994cc1fc7b86c6ef6638ead3c48704690ab5e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:af:7b:3d:a8:cd:df:1a:a1:25:9f:c0:42:d0:
                    01:de:31:a9:2a:cf:ec:b3:90:73:05:df:f2:57:6f:
                    bb:3e:3b:1e:88:d0:7f:cc:6e:b4:89:7c:52:be:97:
                    53:3c:b0:ef:fe:f4:1c:c9:7f:d5:30:87:3b:ec:c5:
                    bc:84:97:a3:30:3a:ad:09:dc:9b:e1:7a:3e:2e:18:
                    10:2d:9c:3d:91:3d:9d:6d:51:84:94:9e:bb:51:e7:
                    60:63:9e:dc:7f:e2:d1:59:a0:f0:62:ff:92:ab:ba:
                    18:5d:47:d4:ff:ad:4a:bd:4e:08:ed:fc:31:c0:05:
                    54:56:2c:01:6a:0f:2d:e0:6f:b0:d5:31:51:86:79:
                    99:91:16:51:f3:3f:b5:eb:66:09:b4:61:44:58:c6:
                    ee:f0:65:83:cd:d8:53:1e:1b:86:75:71:f7:73:fc:
                    f3:ea:8e:b4:8c:55:b2:a8:a2:cd:9b:ad:5b:29:9c:
                    ac:e0:18:0a:c5:fe:7b:2c:67:c4:bd:5e:52:42:28:
                    b0:bc:56:3f:c8:e5:5f:c7:26:a1:20:31:01:f8:b4:
                    81:e4:17:82:77:ca:bd:d9:c2:a2:9a:55:61:04:87:
                    64:d7:9c:4b:9d:5d:4d:80:19:9e:f7:d2:27:f9:ee:
                    68:28:bc:7e:5d:e6:19:b9:fa:ae:b4:22:43:49:c8:
                    66:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:94:CC:1F:C7:B8:6C:6E:F6:63:8E:AD:3C:48:70:46:90:AB:5E:7C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WZTMH8e4bG72Y46tPEhwRpCrXnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:18:d0:d7:a3:89:4e:40:1d:e7:59:a1:2d:6e:4f:cb:d2:2a:
         51:d6:e0:93:d2:53:2e:5a:72:7c:9d:c9:90:a5:30:bb:0c:4f:
         9c:26:60:7c:b1:14:cc:32:39:47:df:71:2a:3d:fe:34:43:a3:
         78:66:84:00:72:62:00:18:8c:1d:88:67:f7:7b:2d:b0:c1:c7:
         f3:ee:3f:e2:13:29:2a:11:68:66:30:e7:9d:83:8b:e7:e8:eb:
         df:b0:2a:1d:51:a1:7a:9a:c7:7e:c7:bc:ed:53:3e:cc:ca:5a:
         71:dc:9d:c8:28:3a:c1:0e:3b:54:94:2b:cb:52:44:1b:df:5d:
         7b:c1:8a:a3:d7:86:0c:67:19:28:cb:31:07:a4:8d:05:ce:de:
         6e:20:09:4f:18:b6:a3:79:ca:3a:35:c0:54:fc:b1:38:9a:9a:
         9b:ff:de:06:eb:38:ad:e7:21:77:33:9f:80:cb:24:5a:9a:af:
         bf:f6:4b:41:13:87:02:f0:64:1f:bc:56:b2:a5:5c:25:ae:3e:
         0f:22:c6:5f:aa:86:be:83:c7:a4:dd:82:70:1f:00:e6:ef:a1:
         86:c5:8a:64:d3:33:7b:e8:09:e9:e2:6d:70:20:c8:48:dc:70:
         33:cf:91:00:fe:3c:93:97:25:65:28:ad:c7:d8:55:81:fa:7c:
         36:e3:d4:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hLHAYCs5F6ETHN6pKFLGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTk0Y2MxZmM3Yjg2YzZlZjY2MzhlYWQzYzQ4NzA0NjkwYWI1ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq97PajN3xqhJZ/AQtAB3jGpKs/s
s5BzBd/yV2+7PjseiNB/zG60iXxSvpdTPLDv/vQcyX/VMIc77MW8hJejMDqtCdyb
4Xo+LhgQLZw9kT2dbVGElJ67UedgY57cf+LRWaDwYv+Sq7oYXUfU/61KvU4I7fwx
wAVUViwBag8t4G+w1TFRhnmZkRZR8z+162YJtGFEWMbu8GWDzdhTHhuGdXH3c/zz
6o60jFWyqKLNm61bKZys4BgKxf57LGfEvV5SQiiwvFY/yOVfxyahIDEB+LSB5BeC
d8q92cKimlVhBIdk15xLnV1NgBme99In+e5oKLx+XeYZufqutCJDSchm7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmUzB/HuGxu9mOOrTxIcEaQq158MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvV1pUTUg4ZTRiRzcyWTQ2dFBFaHdScENyWG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknjiMA0G
CSqGSIb3DQEBCwUAA4IBAQACGNDXo4lOQB3nWaEtbk/L0ipR1uCT0lMuWnJ8ncmQ
pTC7DE+cJmB8sRTMMjlH33EqPf40Q6N4ZoQAcmIAGIwdiGf3ey2wwcfz7j/iEykq
EWhmMOedg4vn6OvfsCodUaF6msd+x7ztUz7Mylpx3J3IKDrBDjtUlCvLUkQb3117
wYqj14YMZxkoyzEHpI0Fzt5uIAlPGLajeco6NcBU/LE4mpqb/94G6zit5yF3M5+A
yyRamq+/9ktBE4cC8GQfvFaypVwlrj4PIsZfqoa+g8ek3YJwHwDm76GGxYpk0zN7
6Anp4m1wIMhI3HAzz5EA/jyTlyVlKK3H2FWB+nw249QW
-----END CERTIFICATE-----