This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/za-LnExB795o0ADlEf73NRgBV8g.roa
File:                     za-LnExB795o0ADlEf73NRgBV8g.roa (raw, json)
Hash identifier:          lixci9OgIWVaYV96kzzTCwvRA6VguOmrjErH/pjJQdY=
Subject key identifier:   CD:AF:8B:9C:4C:41:EF:DE:68:D0:00:E5:11:FE:F7:35:18:01:57:C8
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019BD7298810B698851E856F58F7327DC42F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/za-LnExB795o0ADlEf73NRgBV8g.roa
Signing time:             Mon 19 Jan 2026 16:49:41 +0000
ROA not before:           Mon 19 Jan 2026 16:49:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52114
IP address blocks:        94.131.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d7:29:88:10:b6:98:85:1e:85:6f:58:f7:32:7d:c4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan 19 16:49:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdaf8b9c4c41efde68d000e511fef735180157c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d6:fb:c3:ce:d0:78:6d:8c:9c:45:4a:f1:24:
                    7e:d8:79:c3:fe:d9:90:e3:21:fc:fd:f9:e9:1f:ea:
                    a2:a4:d9:18:d0:86:51:43:e2:87:0a:7f:98:c2:37:
                    aa:97:f5:42:1a:a2:7e:67:4c:00:f9:78:d9:fb:bc:
                    35:c3:9e:32:fd:2b:65:b2:47:66:29:3d:87:93:50:
                    e4:d0:b7:7c:73:7f:b2:46:95:11:79:25:ff:e5:e8:
                    01:4a:f0:e9:ff:16:ce:be:a3:f4:87:4a:a6:63:c9:
                    b0:fb:2b:df:f0:f9:ee:a9:62:64:b0:7e:76:03:76:
                    51:38:04:07:da:5a:94:09:dc:bb:c4:22:29:23:fd:
                    fd:6a:e2:51:75:99:65:87:65:cc:f1:2f:06:1f:c8:
                    8c:b7:ae:6c:a1:15:a7:b6:b8:c7:6e:05:ce:38:ae:
                    f1:85:8b:3c:cb:96:83:df:85:71:33:6b:9d:f9:73:
                    15:8f:90:40:4d:ee:b5:be:61:17:90:ec:d5:f4:b2:
                    46:0b:fc:cf:ff:23:d5:8e:82:6c:8b:99:9d:35:51:
                    d5:07:70:74:27:84:82:57:40:de:5f:0d:e8:88:c5:
                    b2:d4:aa:3f:32:16:7f:54:63:d3:ac:3b:5a:59:65:
                    e8:fd:9f:19:a1:c2:90:59:a6:f5:de:47:40:84:7a:
                    c9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AF:8B:9C:4C:41:EF:DE:68:D0:00:E5:11:FE:F7:35:18:01:57:C8
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/za-LnExB795o0ADlEf73NRgBV8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:00:ec:ff:42:55:5a:29:17:ca:94:3c:56:93:16:6a:c2:9f:
         6e:65:5c:9c:4b:bc:68:fa:75:18:c5:7c:77:66:63:54:a1:37:
         8c:5e:a1:17:29:d5:08:e7:b2:20:20:1a:19:b5:4c:20:a9:c1:
         aa:a8:54:2f:67:96:38:95:78:dc:06:d0:79:48:f7:98:52:43:
         bc:46:01:49:0d:b9:47:c6:4b:00:3f:03:b4:34:bc:8d:e4:eb:
         e8:97:10:81:d3:ca:b0:6f:77:03:db:73:f2:6d:59:93:54:49:
         c0:b7:f9:db:8b:d0:00:ec:69:64:2c:d2:f9:8d:59:7e:59:38:
         3e:86:8d:b2:4d:07:37:63:33:c3:7f:22:76:bc:16:00:bd:03:
         24:c2:c0:bf:41:74:0d:fb:ab:0f:e3:b9:f1:65:4b:02:18:00:
         28:73:1d:8d:cb:0d:6b:ec:8a:6a:92:e5:d2:c0:b9:cf:aa:51:
         5d:5e:1b:62:fc:12:c0:ae:d2:48:10:12:40:2b:cd:61:0d:09:
         91:25:20:a8:28:bc:a1:fb:24:4f:63:ed:35:14:be:18:7e:aa:
         d0:58:43:05:42:e9:a1:a9:51:42:1f:67:23:61:ab:e1:28:9e:
         cb:91:db:17:11:a9:03:e0:69:71:75:b0:e9:59:ff:01:a8:19:
         d4:a0:74:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvXKYgQtpiFHoVvWPcyfcQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMTE5MTY0OTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFmOGI5YzRjNDFlZmRlNjhkMDAwZTUxMWZlZjczNTE4MDE1N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydb7w87QeG2MnEVK8SR+2HnD/tmQ
4yH8/fnpH+qipNkY0IZRQ+KHCn+Ywjeql/VCGqJ+Z0wA+XjZ+7w1w54y/Stlskdm
KT2Hk1Dk0Ld8c3+yRpUReSX/5egBSvDp/xbOvqP0h0qmY8mw+yvf8PnuqWJksH52
A3ZROAQH2lqUCdy7xCIpI/39auJRdZllh2XM8S8GH8iMt65soRWntrjHbgXOOK7x
hYs8y5aD34VxM2ud+XMVj5BATe61vmEXkOzV9LJGC/zP/yPVjoJsi5mdNVHVB3B0
J4SCV0DeXw3oiMWy1Ko/MhZ/VGPTrDtaWWXo/Z8ZocKQWab13kdAhHrJAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2vi5xMQe/eaNAA5RH+9zUYAVfIMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvemEtTG5FeEI3OTVvMEFEbEVmNzNOUmdCVjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmAOz/QlVaKRfKlDxWkxZqwp9uZVycS7xo+nUYxXx3
ZmNUoTeMXqEXKdUI57IgIBoZtUwgqcGqqFQvZ5Y4lXjcBtB5SPeYUkO8RgFJDblH
xksAPwO0NLyN5OvolxCB08qwb3cD23PybVmTVEnAt/nbi9AA7GlkLNL5jVl+WTg+
ho2yTQc3YzPDfyJ2vBYAvQMkwsC/QXQN+6sP47nxZUsCGAAocx2Nyw1r7IpqkuXS
wLnPqlFdXhti/BLArtJIEBJAK81hDQmRJSCoKLyh+yRPY+01FL4YfqrQWEMFQumh
qVFCH2cjYavhKJ7LkdsXEakD4GlxdbDpWf8BqBnUoHQQ
-----END CERTIFICATE-----