This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/ZQnjKzMiLPska4NwmS-KarsB6hc.roa
File:                     ZQnjKzMiLPska4NwmS-KarsB6hc.roa (raw, json)
Hash identifier:          VaTyMYTVE9hwdwkKtBVMYjo3+Z7dKMCqeU0/sZhoqXQ=
Subject key identifier:   65:09:E3:2B:33:22:2C:FB:24:6B:83:70:99:2F:8A:6A:BB:01:EA:17
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019BBD6EE1411ADCEA5D7389F0C108B80E0E
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/ZQnjKzMiLPska4NwmS-KarsB6hc.roa
Signing time:             Wed 14 Jan 2026 16:55:19 +0000
ROA not before:           Wed 14 Jan 2026 16:55:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397477
IP address blocks:        185.40.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:bd:6e:e1:41:1a:dc:ea:5d:73:89:f0:c1:08:b8:0e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan 14 16:55:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6509e32b33222cfb246b8370992f8a6abb01ea17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8f:8b:5b:f0:99:5b:7e:08:69:20:88:f1:d8:
                    73:3b:e8:f2:70:ab:17:e0:0b:e5:c9:16:2f:c1:c1:
                    34:ab:49:15:4a:f5:20:b7:19:98:c6:33:bf:f0:3a:
                    ce:6c:ca:e6:4b:9a:01:a5:70:cd:80:0b:67:4c:3a:
                    d9:62:4d:ae:81:ec:0b:42:02:dd:0b:1e:ea:56:7c:
                    e4:15:79:a6:91:ef:92:42:51:04:ab:e4:00:47:45:
                    5b:9e:c3:6e:80:aa:76:7d:60:b8:88:e6:53:d3:6d:
                    7c:fc:44:64:d2:b0:29:c9:e6:9f:00:88:81:23:79:
                    ae:bf:81:7b:d9:02:e5:de:20:c9:df:28:f1:89:19:
                    8a:d0:1d:75:bb:86:1c:39:ea:c0:fc:c0:d3:68:1b:
                    65:b6:d8:76:e9:ae:ab:67:65:72:39:5d:b2:93:77:
                    85:79:66:12:d2:91:d6:2a:64:66:eb:a3:07:6c:25:
                    57:17:02:72:41:4f:f3:9f:e8:ed:c1:04:7c:95:0e:
                    cd:94:66:ef:22:50:d4:f9:56:be:e0:60:f9:d0:b7:
                    f8:82:53:32:9d:fe:cc:90:42:ac:2b:0a:92:38:5a:
                    e2:29:00:eb:07:ff:f0:c7:57:dd:0b:e7:7f:fb:f0:
                    f2:79:5d:14:9e:f3:a2:fe:01:bb:3b:ce:54:f2:06:
                    66:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:09:E3:2B:33:22:2C:FB:24:6B:83:70:99:2F:8A:6A:BB:01:EA:17
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/ZQnjKzMiLPska4NwmS-KarsB6hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:71:fe:dd:05:49:cc:41:b3:ff:23:06:95:ed:cd:46:17:2b:
         63:41:2a:4c:64:5b:58:c2:71:19:80:8b:92:e0:51:2b:14:4b:
         c7:06:57:c9:0a:60:75:30:83:50:2e:98:89:4b:8d:cc:5f:b7:
         ae:7e:1f:fb:5f:fb:bb:c1:48:d8:9b:ee:78:32:d7:aa:e5:9b:
         2e:fb:bc:c8:cb:a8:f6:8f:40:98:5e:c6:b7:b7:df:0c:07:ac:
         43:61:c0:30:2e:51:be:56:86:7b:8d:1f:53:7a:f9:1c:77:0b:
         11:7c:62:f5:13:06:da:e1:8a:50:3d:33:94:62:fa:45:ad:37:
         14:b8:57:12:06:7b:e7:3d:dc:a5:37:a2:1e:66:8e:c5:2b:64:
         e9:da:0f:ff:af:34:65:da:97:7a:ba:57:43:1b:2a:c9:6f:b8:
         90:94:bf:52:ba:84:cd:e2:07:cd:e7:ac:f2:ab:27:a5:db:07:
         02:93:87:bf:fc:14:7e:91:4e:3e:47:58:ab:6e:c7:dc:99:5d:
         74:dc:c5:76:48:33:9a:da:f6:a0:c7:16:0f:54:6c:b1:42:c9:
         8d:24:dc:d3:dc:91:cd:16:0f:a0:67:29:af:69:bf:da:18:62:
         97:5f:53:1c:68:d9:7d:7c:f5:de:b6:7c:da:1b:9e:0e:a1:90:
         ad:5b:4e:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu9buFBGtzqXXOJ8MEIuA4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMTE0MTY1NTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTA5ZTMyYjMzMjIyY2ZiMjQ2YjgzNzA5OTJmOGE2YWJiMDFlYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro+LW/CZW34IaSCI8dhzO+jycKsX
4AvlyRYvwcE0q0kVSvUgtxmYxjO/8DrObMrmS5oBpXDNgAtnTDrZYk2ugewLQgLd
Cx7qVnzkFXmmke+SQlEEq+QAR0VbnsNugKp2fWC4iOZT0218/ERk0rApyeafAIiB
I3muv4F72QLl3iDJ3yjxiRmK0B11u4YcOerA/MDTaBtltth26a6rZ2VyOV2yk3eF
eWYS0pHWKmRm66MHbCVXFwJyQU/zn+jtwQR8lQ7NlGbvIlDU+Va+4GD50Lf4glMy
nf7MkEKsKwqSOFriKQDrB//wx1fdC+d/+/DyeV0UnvOi/gG7O85U8gZmEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUJ4yszIiz7JGuDcJkvimq7AeoXMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvWlFuakt6TWlMUHNrYTROd21TLUthcnNCNmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSgSMA0G
CSqGSIb3DQEBCwUAA4IBAQAgcf7dBUnMQbP/IwaV7c1GFytjQSpMZFtYwnEZgIuS
4FErFEvHBlfJCmB1MINQLpiJS43MX7eufh/7X/u7wUjYm+54Mteq5Zsu+7zIy6j2
j0CYXsa3t98MB6xDYcAwLlG+VoZ7jR9TevkcdwsRfGL1Ewba4YpQPTOUYvpFrTcU
uFcSBnvnPdylN6IeZo7FK2Tp2g//rzRl2pd6uldDGyrJb7iQlL9SuoTN4gfN56zy
qyel2wcCk4e//BR+kU4+R1irbsfcmV103MV2SDOa2vagxxYPVGyxQsmNJNzT3JHN
Fg+gZymvab/aGGKXX1McaNl9fPXetnzaG54OoZCtW06v
-----END CERTIFICATE-----