This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Zj4B0VXq0DTyhJphh19K0uAXWEo.roa
File:                     Zj4B0VXq0DTyhJphh19K0uAXWEo.roa (raw, json)
Hash identifier:          WW/v3D976HURTpDPy2kjak4Euo3ANlrUl5vJahmV4no=
Subject key identifier:   66:3E:01:D1:55:EA:D0:34:F2:84:9A:61:87:5F:4A:D2:E0:17:58:4A
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F3AB4444929EF88916769B5157A62
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Zj4B0VXq0DTyhJphh19K0uAXWEo.roa
Signing time:             Thu 01 Jan 2026 12:18:59 +0000
ROA not before:           Thu 01 Jan 2026 12:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207862
IP address blocks:        170.168.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:3a:b4:44:49:29:ef:88:91:67:69:b5:15:7a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=663e01d155ead034f2849a61875f4ad2e017584a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:75:1d:84:aa:72:c2:e0:fa:03:9a:e1:32:0d:
                    9c:76:53:96:56:0c:2b:16:96:83:b5:03:9e:94:33:
                    d5:49:63:91:2a:33:2b:0c:f1:6e:52:52:3d:64:3f:
                    da:b5:24:cb:63:12:91:4c:cf:e3:8a:86:22:4b:06:
                    6d:11:3c:8d:32:bf:88:6f:54:53:50:d7:5a:84:fb:
                    1c:4f:fe:76:d7:a8:68:36:c8:71:d4:4e:9a:04:ee:
                    6f:19:11:fe:fa:96:1e:b3:9a:67:70:33:7b:de:d0:
                    67:4e:59:0b:5f:2d:8c:5d:75:44:90:de:04:f6:ae:
                    cc:a0:5d:7c:9f:dd:83:fd:b3:b9:30:dd:fc:c2:5b:
                    04:fd:82:6b:bc:6d:d2:c5:c6:95:bc:63:a7:a6:be:
                    97:f1:44:8e:fa:78:6b:68:e4:ae:d0:1b:82:4e:6a:
                    00:b7:a5:51:bc:af:56:f3:3c:79:d7:91:42:69:de:
                    35:51:be:5b:22:4c:94:c8:7e:8b:9a:e4:6f:d3:21:
                    36:5d:ce:1a:39:cf:96:5a:46:d3:ea:c6:a4:a4:70:
                    6b:9e:46:03:5a:22:c5:97:db:56:39:0f:98:fc:1c:
                    2f:72:90:43:72:72:a7:78:16:2e:60:54:49:f6:f3:
                    4e:a4:0d:e6:9f:f8:01:d2:e3:69:d2:7c:c7:cd:70:
                    e3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3E:01:D1:55:EA:D0:34:F2:84:9A:61:87:5F:4A:D2:E0:17:58:4A
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Zj4B0VXq0DTyhJphh19K0uAXWEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:aa:84:c9:bc:42:10:82:4e:5e:af:f0:db:54:48:ed:71:93:
         8e:18:a2:61:12:9d:9c:66:50:ac:eb:c1:46:4d:49:a0:96:94:
         fb:15:a4:69:54:63:ea:70:b4:1a:13:d1:d9:89:2d:c2:10:ab:
         eb:d6:14:9b:61:79:0d:3a:50:4c:70:99:93:6e:b6:49:d8:6c:
         01:83:f4:26:89:bc:7f:98:2a:69:73:e8:cb:90:18:8f:72:23:
         e2:ba:b2:b1:7d:7f:26:43:e4:c2:9f:5d:df:22:17:20:47:65:
         35:80:88:f6:88:de:65:d0:11:48:33:b6:05:03:9e:a9:eb:84:
         2f:26:4f:49:7e:82:41:ba:1a:2f:46:c4:e5:e9:2e:80:a2:0e:
         fd:1b:9e:97:78:31:8d:81:2c:91:08:56:bd:90:4e:e1:f1:9c:
         34:5c:4a:3a:e3:9a:22:0b:5c:99:4a:11:9d:f5:b9:b7:2e:4c:
         50:9b:70:a1:5d:e8:51:e4:97:27:01:82:4b:b7:12:81:d4:db:
         08:1b:5b:57:24:d1:1e:4f:7a:ef:0f:58:57:1d:bb:88:96:0e:
         57:7b:d1:4b:88:72:27:0e:d3:35:d7:aa:66:4c:fb:1b:01:c7:
         bc:91:cb:14:5e:17:62:63:21:54:3f:c5:0b:22:81:30:de:0e:
         1b:d6:44:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fzq0REkp74iRZ2m1FXpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNlMDFkMTU1ZWFkMDM0ZjI4NDlhNjE4NzVmNGFkMmUwMTc1ODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnUdhKpywuD6A5rhMg2cdlOWVgwr
FpaDtQOelDPVSWORKjMrDPFuUlI9ZD/atSTLYxKRTM/jioYiSwZtETyNMr+Ib1RT
UNdahPscT/5216hoNshx1E6aBO5vGRH++pYes5pncDN73tBnTlkLXy2MXXVEkN4E
9q7MoF18n92D/bO5MN38wlsE/YJrvG3SxcaVvGOnpr6X8USO+nhraOSu0BuCTmoA
t6VRvK9W8zx515FCad41Ub5bIkyUyH6LmuRv0yE2Xc4aOc+WWkbT6sakpHBrnkYD
WiLFl9tWOQ+Y/BwvcpBDcnKneBYuYFRJ9vNOpA3mn/gB0uNp0nzHzXDjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGY+AdFV6tA08oSaYYdfStLgF1hKMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvWmo0QjBWWHEwRFR5aEpwaGgxOUswdUFYV0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgqMA0G
CSqGSIb3DQEBCwUAA4IBAQCCqoTJvEIQgk5er/DbVEjtcZOOGKJhEp2cZlCs68FG
TUmglpT7FaRpVGPqcLQaE9HZiS3CEKvr1hSbYXkNOlBMcJmTbrZJ2GwBg/Qmibx/
mCppc+jLkBiPciPiurKxfX8mQ+TCn13fIhcgR2U1gIj2iN5l0BFIM7YFA56p64Qv
Jk9JfoJBuhovRsTl6S6Aog79G56XeDGNgSyRCFa9kE7h8Zw0XEo645oiC1yZShGd
9bm3LkxQm3ChXehR5JcnAYJLtxKB1NsIG1tXJNEeT3rvD1hXHbuIlg5Xe9FLiHIn
DtM116pmTPsbAce8kcsUXhdiYyFUP8ULIoEw3g4b1kSq
-----END CERTIFICATE-----