This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/z1DkUd2XVt6-3mpdk1d5JBWy8pk.roa
File:                     z1DkUd2XVt6-3mpdk1d5JBWy8pk.roa (raw, json)
Hash identifier:          Nd41zSlcpnJ9luejNMRZ4qZmw74tJoui7F4UBsvSDmA=
Subject key identifier:   CF:50:E4:51:DD:97:56:DE:BE:DE:6A:5D:93:57:79:24:15:B2:F2:99
Certificate issuer:       /CN=af036816a317dd99d25383a32a681859c047b5ff
Certificate serial:       019B7CECBB8C45D21117CDBB6DAA96891CB9
Authority key identifier: AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/z1DkUd2XVt6-3mpdk1d5JBWy8pk.roa
Signing time:             Fri 02 Jan 2026 04:17:27 +0000
ROA not before:           Fri 02 Jan 2026 04:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51212
IP address blocks:        194.187.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:bb:8c:45:d2:11:17:cd:bb:6d:aa:96:89:1c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af036816a317dd99d25383a32a681859c047b5ff
        Validity
            Not Before: Jan  2 04:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf50e451dd9756debede6a5d9357792415b2f299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:14:1a:29:77:00:ba:5a:5f:50:2a:f9:e9:17:
                    a5:ad:98:26:fc:4e:62:54:3b:3b:0f:bf:98:74:1e:
                    f1:16:3e:81:c7:61:2a:a5:7d:e1:0f:0a:96:87:c3:
                    2c:74:fc:59:f3:0f:3b:84:ae:74:4d:83:4e:76:16:
                    ad:b9:3d:7c:5a:78:0a:07:6f:6e:00:2f:65:ca:d7:
                    12:a0:63:65:d8:30:55:6c:50:e1:35:58:cc:11:73:
                    2a:c5:e7:22:c4:73:a9:e5:89:2a:80:36:7f:75:44:
                    1a:c4:81:63:bc:ef:87:34:fd:29:82:ad:5b:86:4f:
                    51:72:3d:cc:34:f9:70:75:74:c0:aa:ff:61:ae:d5:
                    73:be:2c:ad:90:ba:51:7d:1a:29:f8:13:69:09:f4:
                    cc:21:61:07:25:a2:0c:68:87:1b:19:b3:aa:12:de:
                    62:11:01:cc:cf:af:07:9d:32:a0:d6:11:6a:b9:f9:
                    d4:1c:67:7d:2b:25:91:77:fb:7a:4e:09:e9:51:51:
                    e8:ef:c5:c4:78:d5:95:68:1a:a8:86:3d:46:98:63:
                    f8:b9:7c:e0:c9:d7:21:45:2a:b7:2b:90:9b:b2:71:
                    31:26:5b:31:6b:c7:d3:1d:a2:14:4d:6b:d7:a7:e4:
                    13:4c:75:65:07:7f:08:80:99:dd:9d:73:ab:60:0a:
                    f6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:50:E4:51:DD:97:56:DE:BE:DE:6A:5D:93:57:79:24:15:B2:F2:99
            X509v3 Authority Key Identifier:
                keyid:AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/z1DkUd2XVt6-3mpdk1d5JBWy8pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:34:93:8d:24:ed:cd:7e:c5:bb:64:d3:7b:65:8e:a1:5a:72:
         e1:c2:9e:4d:e6:cb:99:37:9e:b4:a8:73:f3:ef:f4:c1:f4:71:
         66:4c:a0:66:d1:6e:79:75:f5:40:ef:2e:eb:b7:34:49:cd:5b:
         f8:ee:10:87:7f:3c:26:7f:54:74:a4:33:76:20:ba:cc:09:18:
         00:a1:cd:4d:a3:9e:34:57:52:af:88:9d:61:0b:e7:31:6e:6b:
         50:a6:aa:0f:e5:9d:a3:ac:0e:f5:bd:9a:ce:ae:1d:83:ab:67:
         04:34:64:36:81:09:00:f5:72:a1:d5:25:6c:29:c2:3d:6f:74:
         2b:75:84:e4:9e:3d:84:f8:05:bf:da:c7:44:c4:13:f4:f7:6e:
         a9:74:c3:09:74:db:3f:e6:00:83:92:2a:05:7d:99:65:b0:e9:
         50:c4:0e:ca:9c:fc:1e:6e:d3:8f:80:38:3d:e5:80:c0:00:04:
         3e:8e:ec:71:50:0b:08:49:c7:a5:ef:0b:ae:9e:d3:c9:9f:f9:
         d4:df:2b:bc:38:44:2f:27:f2:75:63:ed:ac:65:4c:ef:4f:fd:
         4d:c5:3a:11:c5:6a:30:30:41:1d:d1:8e:ea:c5:7b:6f:15:2a:
         ed:ee:0e:6f:85:cb:78:fd:a8:04:f2:9d:da:65:12:28:b6:7f:
         28:e1:99:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87LuMRdIRF827baqWiRy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDM2ODE2YTMxN2RkOTlkMjUzODNhMzJhNjgxODU5YzA0
N2I1ZmYwHhcNMjYwMTAyMDQxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjUwZTQ1MWRkOTc1NmRlYmVkZTZhNWQ5MzU3NzkyNDE1YjJmMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7RQaKXcAulpfUCr56RelrZgm/E5i
VDs7D7+YdB7xFj6Bx2EqpX3hDwqWh8MsdPxZ8w87hK50TYNOdhatuT18WngKB29u
AC9lytcSoGNl2DBVbFDhNVjMEXMqxecixHOp5YkqgDZ/dUQaxIFjvO+HNP0pgq1b
hk9Rcj3MNPlwdXTAqv9hrtVzviytkLpRfRop+BNpCfTMIWEHJaIMaIcbGbOqEt5i
EQHMz68HnTKg1hFqufnUHGd9KyWRd/t6TgnpUVHo78XEeNWVaBqohj1GmGP4uXzg
ydchRSq3K5CbsnExJlsxa8fTHaIUTWvXp+QTTHVlB38IgJndnXOrYAr2SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9Q5FHdl1bevt5qXZNXeSQVsvKZMB8GA1UdIwQY
MBaAFK8DaBajF92Z0lODoypoGFnAR7X/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEt
NGE0ZTBmNDI0ZjE3LzEvejFEa1VkMlhWdDYtM21wZGsxZDVKQld5OHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEtNGE0ZTBmNDI0ZjE3
LzEvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrs4MA0G
CSqGSIb3DQEBCwUAA4IBAQB1NJONJO3NfsW7ZNN7ZY6hWnLhwp5N5suZN560qHPz
7/TB9HFmTKBm0W55dfVA7y7rtzRJzVv47hCHfzwmf1R0pDN2ILrMCRgAoc1No540
V1KviJ1hC+cxbmtQpqoP5Z2jrA71vZrOrh2Dq2cENGQ2gQkA9XKh1SVsKcI9b3Qr
dYTknj2E+AW/2sdExBP0926pdMMJdNs/5gCDkioFfZllsOlQxA7KnPwebtOPgDg9
5YDAAAQ+juxxUAsIScel7wuuntPJn/nU3yu8OEQvJ/J1Y+2sZUzvT/1NxToRxWow
MEEd0Y7qxXtvFSrt7g5vhct4/agE8p3aZRIotn8o4Zmy
-----END CERTIFICATE-----