This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/zNwjbISK5avijA3i46y9IHGbFLY.roa
File:                     zNwjbISK5avijA3i46y9IHGbFLY.roa (raw, json)
Hash identifier:          WSiODWfBhlqFMMi3wYTLpfHI3pUjnJ5tu+k2ZH3CI4w=
Subject key identifier:   CC:DC:23:6C:84:8A:E5:AB:E2:8C:0D:E2:E3:AC:BD:20:71:9B:14:B6
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       019B7BA39ABE6B91FB3D61307CD4746E4E33
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/zNwjbISK5avijA3i46y9IHGbFLY.roa
Signing time:             Thu 01 Jan 2026 22:17:58 +0000
ROA not before:           Thu 01 Jan 2026 22:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50749
IP address blocks:        217.66.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:9a:be:6b:91:fb:3d:61:30:7c:d4:74:6e:4e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  1 22:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccdc236c848ae5abe28c0de2e3acbd20719b14b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d5:37:af:c4:b0:b7:d5:1f:52:90:0c:07:6c:
                    ab:8b:2f:e8:88:17:ff:5e:57:ea:b1:c9:49:5a:34:
                    14:93:1b:79:fc:fb:37:42:c8:d0:a7:77:5e:23:0c:
                    32:f8:c3:ec:f2:81:47:c4:46:1f:1f:ec:1d:95:9f:
                    e4:5f:fa:85:d5:ce:13:b8:95:5f:e1:a9:45:00:44:
                    54:65:8f:cf:b4:5e:ae:77:53:43:13:12:d5:b5:99:
                    fd:12:88:19:a7:44:67:25:38:9d:08:7d:63:48:77:
                    5c:89:ea:da:40:c3:b6:07:c2:71:f0:9d:dc:b8:23:
                    56:38:6f:ac:78:48:c9:90:68:4e:29:fd:0c:98:2a:
                    52:c0:bf:51:26:de:c7:85:37:a8:58:3c:60:d9:ff:
                    5e:a7:e8:f2:00:e4:9f:28:08:d9:a3:5d:8c:ea:2f:
                    38:f3:7f:cc:f3:da:c0:2b:60:71:5a:0f:16:2e:bd:
                    b8:63:9e:1a:67:58:0a:6f:d4:6c:fa:fa:5a:d1:ce:
                    ea:8f:86:f1:ad:e6:b3:14:56:ce:82:eb:a3:99:58:
                    8d:fb:3d:32:6f:22:15:bb:67:35:be:a3:71:7e:a8:
                    8d:30:8f:5c:7d:3d:28:6e:d5:f6:a2:39:51:35:6b:
                    b7:d1:a3:7f:17:0b:59:7b:98:89:01:6b:7a:73:e2:
                    ce:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:DC:23:6C:84:8A:E5:AB:E2:8C:0D:E2:E3:AC:BD:20:71:9B:14:B6
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/zNwjbISK5avijA3i46y9IHGbFLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.66.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:4d:31:b5:21:1a:a0:9f:0d:38:fb:84:9d:28:73:b1:f4:28:
         ff:98:e0:18:d5:1e:7d:fc:aa:95:d5:65:58:f4:f0:54:6b:95:
         5c:65:06:99:16:e5:e1:61:ef:dc:2a:46:9c:73:af:55:3e:c3:
         9f:01:83:5d:08:c7:e4:bf:32:e2:a0:55:4a:fc:20:b1:a8:cf:
         14:15:ef:4c:62:14:cc:d5:f9:9a:42:a3:27:ec:47:14:f1:70:
         05:29:14:4a:af:6b:de:62:a3:f7:c1:58:53:a3:12:76:5d:e3:
         83:34:2f:c2:63:70:cb:39:ab:4b:50:de:14:0b:1e:25:6b:79:
         0f:4b:2c:5e:ce:0a:11:e6:f7:cf:f1:57:d8:5f:38:d0:cb:87:
         c6:5c:05:31:f2:c4:ca:b0:e4:05:4d:8d:12:b3:9c:ea:36:c4:
         fc:8b:50:4c:06:3f:bb:26:34:3e:ed:9d:e4:ee:a2:b7:50:e0:
         26:38:6a:2c:02:a1:56:40:72:66:0d:1e:8d:16:e7:81:63:d8:
         68:2f:23:e1:66:52:b6:86:35:9d:3f:d2:00:e5:7b:79:46:4b:
         c1:f0:23:ce:8f:b3:74:65:ed:ac:02:39:9e:71:95:83:e8:59:
         79:ac:d6:76:89:92:0c:38:60:d1:8b:2a:d9:a9:eb:e2:16:25:
         74:3c:a8:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o5q+a5H7PWEwfNR0bk4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjYwMTAxMjIxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2RjMjM2Yzg0OGFlNWFiZTI4YzBkZTJlM2FjYmQyMDcxOWIxNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydU3r8Swt9UfUpAMB2yriy/oiBf/
XlfqsclJWjQUkxt5/Ps3QsjQp3deIwwy+MPs8oFHxEYfH+wdlZ/kX/qF1c4TuJVf
4alFAERUZY/PtF6ud1NDExLVtZn9EogZp0RnJTidCH1jSHdcieraQMO2B8Jx8J3c
uCNWOG+seEjJkGhOKf0MmCpSwL9RJt7HhTeoWDxg2f9ep+jyAOSfKAjZo12M6i84
83/M89rAK2BxWg8WLr24Y54aZ1gKb9Rs+vpa0c7qj4bxreazFFbOguujmViN+z0y
byIVu2c1vqNxfqiNMI9cfT0obtX2ojlRNWu30aN/FwtZe5iJAWt6c+LOIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzcI2yEiuWr4owN4uOsvSBxmxS2MB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvek53amJJU0s1YXZpakEzaTQ2eTlJSEdiRkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ULNMA0G
CSqGSIb3DQEBCwUAA4IBAQCBTTG1IRqgnw04+4SdKHOx9Cj/mOAY1R59/KqV1WVY
9PBUa5VcZQaZFuXhYe/cKkacc69VPsOfAYNdCMfkvzLioFVK/CCxqM8UFe9MYhTM
1fmaQqMn7EcU8XAFKRRKr2veYqP3wVhToxJ2XeODNC/CY3DLOatLUN4UCx4la3kP
SyxezgoR5vfP8VfYXzjQy4fGXAUx8sTKsOQFTY0Ss5zqNsT8i1BMBj+7JjQ+7Z3k
7qK3UOAmOGosAqFWQHJmDR6NFueBY9hoLyPhZlK2hjWdP9IA5Xt5RkvB8CPOj7N0
Ze2sAjmecZWD6Fl5rNZ2iZIMOGDRiyrZqeviFiV0PKjX
-----END CERTIFICATE-----