This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Zr5E5Uyj4GOiWGDZoZTyHnpvIJ4.roa
File:                     Zr5E5Uyj4GOiWGDZoZTyHnpvIJ4.roa (raw, json)
Hash identifier:          madd5KlyT00vj9uUg+eBkhaQBvhjFwRwQ3GrocWWN6Y=
Subject key identifier:   66:BE:44:E5:4C:A3:E0:63:A2:58:60:D9:A1:94:F2:1E:7A:6F:20:9E
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAFADF28561E2044600BDABC78EFD4
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Zr5E5Uyj4GOiWGDZoZTyHnpvIJ4.roa
Signing time:             Thu 01 Jan 2026 00:17:49 +0000
ROA not before:           Thu 01 Jan 2026 00:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201691
IP address blocks:        45.146.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:fa:df:28:56:1e:20:44:60:0b:da:bc:78:ef:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66be44e54ca3e063a25860d9a194f21e7a6f209e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8e:f2:41:57:64:30:8f:72:b7:04:b6:32:2f:
                    04:6c:62:5a:d8:a0:22:c3:a8:1b:6b:dd:6a:0b:c5:
                    fc:76:03:81:ac:a4:51:01:cd:3e:bf:00:33:a8:eb:
                    03:07:e9:8f:89:6e:5e:de:ae:84:19:f3:1c:62:7c:
                    aa:66:eb:ae:63:5f:74:e7:ac:f1:56:07:ea:f7:fd:
                    f3:95:68:6d:a8:97:4a:34:bb:30:4d:6e:1c:cd:d7:
                    d8:d0:d5:4b:2b:97:72:d1:df:26:60:4f:40:96:b5:
                    eb:0a:e3:cf:c5:ce:65:d2:17:54:29:3e:30:fa:85:
                    4a:b7:57:ac:a5:ba:af:b0:e4:69:67:d6:af:25:5a:
                    e6:00:65:f8:70:7b:24:de:51:aa:ed:75:17:47:48:
                    54:77:4d:56:5e:7e:10:0a:95:df:bd:9e:6a:9c:e8:
                    21:47:9b:ad:9b:ea:fc:43:a0:c0:c6:44:db:79:d8:
                    ee:9e:7f:45:89:aa:d4:6e:7a:6a:2a:84:54:88:23:
                    7f:d4:de:79:ce:99:8b:ae:07:61:e0:56:89:af:33:
                    cf:5a:19:e1:1f:7f:b0:26:25:80:de:73:9d:47:cb:
                    d9:01:29:e6:0f:6f:ae:e9:56:d8:f7:fc:78:f0:bc:
                    66:75:17:06:b4:44:ff:86:16:65:52:65:c7:c3:b4:
                    09:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BE:44:E5:4C:A3:E0:63:A2:58:60:D9:A1:94:F2:1E:7A:6F:20:9E
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Zr5E5Uyj4GOiWGDZoZTyHnpvIJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:90:0f:b9:8e:a5:13:d7:c9:c2:19:12:8f:70:8c:ce:98:05:
         9e:d4:bb:c8:fd:63:c8:3a:3e:6c:9a:07:d3:9b:f4:ec:bc:03:
         0b:01:37:ce:df:88:33:b5:8b:50:64:71:2a:2a:b9:ca:f3:29:
         97:0d:74:13:6d:91:11:76:e6:e1:85:66:78:e1:75:f5:38:1c:
         f8:f6:79:f9:86:b0:09:27:53:36:a6:b8:98:ff:7c:0b:a4:60:
         4b:69:2f:f7:73:3e:27:17:29:d2:67:eb:68:1a:b7:49:09:2c:
         52:3c:62:85:18:0c:7f:57:78:b4:86:9b:ae:22:0a:f6:67:76:
         4d:ee:81:83:dc:74:fe:29:1e:27:57:dd:0b:f4:e7:11:ab:ee:
         87:f5:5d:74:2d:45:b6:c8:9e:f8:92:1f:d6:9c:1a:9b:dc:5d:
         20:99:c7:2d:5e:6a:68:fb:49:62:47:00:fe:92:a8:cb:dc:9f:
         82:44:82:e7:22:47:87:c6:c3:33:f3:11:f5:e1:55:4f:64:2e:
         42:e0:09:60:0e:fe:04:8e:22:33:61:ad:f4:fe:ed:58:d9:30:
         5f:fa:a1:a6:a5:70:e8:33:dc:a4:d1:18:a3:be:10:45:b6:bf:
         1e:3f:cc:b4:98:8e:4e:fd:b8:7a:59:0e:78:93:2c:0a:9b:11:
         d2:a2:71:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vrfKFYeIERgC9q8eO/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJlNDRlNTRjYTNlMDYzYTI1ODYwZDlhMTk0ZjIxZTdhNmYyMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I7yQVdkMI9ytwS2Mi8EbGJa2KAi
w6gba91qC8X8dgOBrKRRAc0+vwAzqOsDB+mPiW5e3q6EGfMcYnyqZuuuY19056zx
Vgfq9/3zlWhtqJdKNLswTW4czdfY0NVLK5dy0d8mYE9AlrXrCuPPxc5l0hdUKT4w
+oVKt1espbqvsORpZ9avJVrmAGX4cHsk3lGq7XUXR0hUd01WXn4QCpXfvZ5qnOgh
R5utm+r8Q6DAxkTbedjunn9FiarUbnpqKoRUiCN/1N55zpmLrgdh4FaJrzPPWhnh
H3+wJiWA3nOdR8vZASnmD2+u6VbY9/x48LxmdRcGtET/hhZlUmXHw7QJ/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa+ROVMo+Bjolhg2aGU8h56byCeMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWnI1RTVVeWo0R09pV0dEWm9aVHlIbnB2SUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0kA+5jqUT18nCGRKPcIzOmAWe1LvI/WPIOj5smgfT
m/TsvAMLATfO34gztYtQZHEqKrnK8ymXDXQTbZERdubhhWZ44XX1OBz49nn5hrAJ
J1M2priY/3wLpGBLaS/3cz4nFynSZ+toGrdJCSxSPGKFGAx/V3i0hpuuIgr2Z3ZN
7oGD3HT+KR4nV90L9OcRq+6H9V10LUW2yJ74kh/WnBqb3F0gmcctXmpo+0liRwD+
kqjL3J+CRILnIkeHxsMz8xH14VVPZC5C4AlgDv4EjiIzYa30/u1Y2TBf+qGmpXDo
M9yk0RijvhBFtr8eP8y0mI5O/bh6WQ54kywKmxHSonHI
-----END CERTIFICATE-----