This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NZhAdOiHD1zio5nnxiLQXypL-04.roa
File:                     NZhAdOiHD1zio5nnxiLQXypL-04.roa (raw, json)
Hash identifier:          cXPsSX6LaAvczX/mV2tPPsm8l4OjqgM1mQ6UY42I7C0=
Subject key identifier:   35:98:40:74:E8:87:0F:5C:E2:A3:99:E7:C6:22:D0:5F:2A:4B:FB:4E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE3A21DF890A0572491B290B33482E
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NZhAdOiHD1zio5nnxiLQXypL-04.roa
Signing time:             Fri 02 Jan 2026 04:19:05 +0000
ROA not before:           Fri 02 Jan 2026 04:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        5.102.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 01:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3a:21:df:89:0a:05:72:49:1b:29:0b:33:48:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35984074e8870f5ce2a399e7c622d05f2a4bfb4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5d:9d:ab:9c:b2:10:be:4f:33:01:07:fe:ae:
                    d9:6d:f0:2e:cb:77:88:48:21:36:56:65:30:a6:b7:
                    64:f6:af:c5:09:2c:93:02:69:ed:d4:84:33:7c:6b:
                    c9:44:84:52:97:00:2a:f1:6c:6c:b0:2a:89:e9:d5:
                    4f:ab:03:b4:95:a7:ea:7a:4c:33:9e:63:5b:4b:a5:
                    c0:b2:27:80:b9:26:5c:31:48:97:4f:ef:09:32:6b:
                    a2:48:9f:28:f0:4f:8f:45:9f:24:40:01:b5:81:03:
                    55:63:2a:ad:5e:e3:fc:a7:9e:d5:7c:74:5c:4a:45:
                    19:30:8a:15:b9:09:f1:c2:b7:38:65:0d:02:a7:e5:
                    ef:c1:76:9f:fe:62:ee:c8:f7:81:f3:98:0d:1e:89:
                    72:93:3f:b2:ce:be:bf:36:9b:cb:3c:15:01:f0:f7:
                    41:4c:c0:c3:28:95:a3:22:e2:2f:4f:68:1d:02:f9:
                    0e:62:4f:e8:b6:62:9d:ae:12:97:ab:a0:81:02:79:
                    45:b7:7d:ae:6e:32:d6:ce:f6:b5:36:b2:de:af:11:
                    81:2d:7a:ff:07:0c:06:71:13:f0:b8:89:e5:b5:b1:
                    e5:1a:0f:bb:96:42:e2:20:91:bb:64:db:d7:cd:7d:
                    41:4a:66:b0:9b:00:92:e0:78:7c:62:2a:de:d1:d5:
                    12:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:98:40:74:E8:87:0F:5C:E2:A3:99:E7:C6:22:D0:5F:2A:4B:FB:4E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NZhAdOiHD1zio5nnxiLQXypL-04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:03:89:24:df:6a:74:fc:1c:60:be:c8:7b:b6:1c:2a:1d:f1:
         cb:78:a5:45:33:79:11:82:be:bd:1a:b8:db:89:15:a7:c3:b4:
         02:9d:06:e7:d2:a5:05:a3:0e:ec:58:ba:4a:0a:99:48:53:fe:
         b9:fc:42:d0:87:80:c7:53:8e:57:dd:54:cd:8a:b9:24:96:03:
         57:17:9c:20:6b:52:0c:e4:f5:b3:27:01:33:1a:dd:a9:fb:d2:
         24:cb:1e:d4:42:2d:a8:c2:2a:21:d4:ca:71:02:f3:d2:72:e5:
         89:5b:62:16:b6:cc:b6:45:6b:f6:8b:91:67:2d:43:6c:8a:71:
         68:fc:24:65:cb:b5:b2:f7:ec:d0:81:5c:29:3c:a5:da:ab:c5:
         72:75:fb:f6:1b:17:77:f1:a1:0b:e9:b0:93:67:45:68:45:c5:
         cd:7a:34:f6:6d:4e:e2:f2:73:bf:02:b8:6f:a2:a6:9e:dc:1c:
         52:9c:8a:4c:94:32:0a:b9:b0:fa:8d:f9:e9:4c:01:9a:c7:42:
         de:11:22:76:fa:9f:62:6f:81:35:3e:f8:49:ba:77:d5:bc:d8:
         65:4b:fb:56:73:51:84:ff:49:8e:33:93:8a:a9:08:c6:cb:e7:
         52:c8:e1:65:9b:05:09:d6:cc:7d:f5:57:38:24:2e:a2:b0:42:
         d3:f6:e7:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87joh34kKBXJJGykLM0guMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk4NDA3NGU4ODcwZjVjZTJhMzk5ZTdjNjIyZDA1ZjJhNGJmYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA212dq5yyEL5PMwEH/q7ZbfAuy3eI
SCE2VmUwprdk9q/FCSyTAmnt1IQzfGvJRIRSlwAq8WxssCqJ6dVPqwO0lafqekwz
nmNbS6XAsieAuSZcMUiXT+8JMmuiSJ8o8E+PRZ8kQAG1gQNVYyqtXuP8p57VfHRc
SkUZMIoVuQnxwrc4ZQ0Cp+XvwXaf/mLuyPeB85gNHolykz+yzr6/NpvLPBUB8PdB
TMDDKJWjIuIvT2gdAvkOYk/otmKdrhKXq6CBAnlFt32ubjLWzva1NrLerxGBLXr/
BwwGcRPwuInltbHlGg+7lkLiIJG7ZNvXzX1BSmawmwCS4Hh8Yire0dUSKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWYQHTohw9c4qOZ58Yi0F8qS/tOMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvTlpoQWRPaUhEMXppbzVubnhpTFFYeXBMLTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZwMA0G
CSqGSIb3DQEBCwUAA4IBAQAKA4kk32p0/Bxgvsh7thwqHfHLeKVFM3kRgr69Grjb
iRWnw7QCnQbn0qUFow7sWLpKCplIU/65/ELQh4DHU45X3VTNirkklgNXF5wga1IM
5PWzJwEzGt2p+9Ikyx7UQi2owioh1MpxAvPScuWJW2IWtsy2RWv2i5FnLUNsinFo
/CRly7Wy9+zQgVwpPKXaq8Vydfv2Gxd38aEL6bCTZ0VoRcXNejT2bU7i8nO/Arhv
oqae3BxSnIpMlDIKubD6jfnpTAGax0LeESJ2+p9ib4E1PvhJunfVvNhlS/tWc1GE
/0mOM5OKqQjGy+dSyOFlmwUJ1sx99Vc4JC6isELT9ufN
-----END CERTIFICATE-----