This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/zmTBeaOk9Z3ILkpv-ARPF1zMzsk.roa
File:                     zmTBeaOk9Z3ILkpv-ARPF1zMzsk.roa (raw, json)
Hash identifier:          bgI8iSX+LdsfCs0Q1Dy9dI2WKBTxu8AuZOoBRJ0/wkU=
Subject key identifier:   CE:64:C1:79:A3:A4:F5:9D:C8:2E:4A:6F:F8:04:4F:17:5C:CC:CE:C9
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B77594B0079307BBCB6FD6C17C5DDA80C
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/zmTBeaOk9Z3ILkpv-ARPF1zMzsk.roa
Signing time:             Thu 01 Jan 2026 02:18:19 +0000
ROA not before:           Thu 01 Jan 2026 02:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41414
IP address blocks:        89.38.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:4b:00:79:30:7b:bc:b6:fd:6c:17:c5:dd:a8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce64c179a3a4f59dc82e4a6ff8044f175ccccec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:82:d4:5c:3a:01:86:6f:1a:a7:1c:f2:31:f0:
                    05:4a:92:32:b3:3d:b4:44:fa:8e:e9:e2:68:f4:1e:
                    0d:d7:69:31:f8:8d:c2:fc:71:a2:9a:2d:d7:c6:63:
                    8b:b6:79:e7:80:9a:a6:71:ed:d1:41:75:25:6c:94:
                    da:9f:0d:4b:fe:a8:86:5a:b3:07:16:6d:87:a4:b9:
                    53:f0:50:03:10:58:fa:4f:30:76:87:3c:3d:b9:85:
                    3d:99:2e:31:34:39:98:6c:ed:cf:a3:88:cd:8e:a5:
                    95:a9:48:7e:5c:4f:8e:1d:1e:1e:c6:65:8a:44:28:
                    59:fc:3d:21:75:b9:6b:ad:0c:0b:21:3e:93:f5:50:
                    55:f9:42:bd:0a:89:ee:d7:79:fc:8d:80:69:3a:96:
                    2b:a2:26:e0:a4:d8:f8:bc:e9:ce:2d:a7:7b:92:9f:
                    56:57:7a:5e:4b:e0:7e:dd:1d:fc:44:06:80:e2:5b:
                    2c:2f:31:95:4f:1a:2a:b7:85:65:9f:03:61:96:5e:
                    35:34:ad:30:a6:9c:95:de:45:25:25:10:60:48:82:
                    aa:4d:2d:43:3e:78:86:76:16:75:ef:0d:c5:15:a8:
                    00:5d:d3:94:6d:d6:45:a6:a1:e2:c5:80:c1:cc:6c:
                    bb:cd:e6:e2:ab:ca:c7:c3:22:b9:96:a7:1d:b7:2d:
                    c8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:64:C1:79:A3:A4:F5:9D:C8:2E:4A:6F:F8:04:4F:17:5C:CC:CE:C9
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/zmTBeaOk9Z3ILkpv-ARPF1zMzsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:48:d8:86:bc:c5:77:41:83:43:9f:b3:89:be:65:8b:c0:6f:
         40:05:e9:a7:3d:e7:64:90:10:b5:06:28:8e:6f:5c:88:4e:c5:
         25:2d:51:5a:c5:23:af:de:ba:cd:05:ee:7a:b0:bf:45:04:6b:
         e7:78:61:b8:1f:56:9d:00:55:19:b4:9f:2d:2d:e6:bb:5e:54:
         26:c1:b0:b5:0a:eb:c8:71:55:7e:a1:72:47:5f:a2:86:69:24:
         15:db:0f:b4:15:ae:5b:85:72:12:5f:ad:4a:5e:a8:62:a7:3f:
         f8:f4:9a:1b:9d:80:c9:48:65:6b:af:36:94:d6:b7:a7:78:09:
         c8:1a:1d:da:ae:95:19:b0:22:8a:22:39:44:f6:c5:3a:76:6a:
         59:61:fb:a5:ff:26:16:20:a8:93:eb:44:09:65:7d:3c:0c:ac:
         7f:53:95:31:c7:f9:08:f0:b2:b9:14:20:bc:f4:c9:b7:47:b9:
         76:65:d0:7d:4f:d4:b6:64:62:50:b5:ed:a7:a2:f5:50:9a:79:
         02:4e:42:9a:a9:1e:17:3c:5a:af:22:5c:97:f0:64:92:a2:15:
         ec:e5:a3:f0:f1:b3:01:32:e3:f8:d3:f0:94:d0:41:aa:7c:36:
         f8:0e:db:f8:ac:8f:68:18:47:3c:cb:d8:3e:42:bd:1a:d3:cb:
         9a:c0:3c:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WUsAeTB7vLb9bBfF3agMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTY0YzE3OWEzYTRmNTlkYzgyZTRhNmZmODA0NGYxNzVjY2NjZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvILUXDoBhm8apxzyMfAFSpIysz20
RPqO6eJo9B4N12kx+I3C/HGimi3XxmOLtnnngJqmce3RQXUlbJTanw1L/qiGWrMH
Fm2HpLlT8FADEFj6TzB2hzw9uYU9mS4xNDmYbO3Po4jNjqWVqUh+XE+OHR4exmWK
RChZ/D0hdblrrQwLIT6T9VBV+UK9Conu13n8jYBpOpYroibgpNj4vOnOLad7kp9W
V3peS+B+3R38RAaA4lssLzGVTxoqt4VlnwNhll41NK0wppyV3kUlJRBgSIKqTS1D
PniGdhZ17w3FFagAXdOUbdZFpqHixYDBzGy7zebiq8rHwyK5lqcdty3IHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM5kwXmjpPWdyC5Kb/gETxdczM7JMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3ptVEJlYU9rOVozSUxrcHYtQVJQRjF6TXpzay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZJjkw
DQYJKoZIhvcNAQELBQADggEBAMFI2Ia8xXdBg0Ofs4m+ZYvAb0AF6ac952SQELUG
KI5vXIhOxSUtUVrFI6/eus0F7nqwv0UEa+d4YbgfVp0AVRm0ny0t5rteVCbBsLUK
68hxVX6hckdfooZpJBXbD7QVrluFchJfrUpeqGKnP/j0mhudgMlIZWuvNpTWt6d4
CcgaHdqulRmwIooiOUT2xTp2allh+6X/JhYgqJPrRAllfTwMrH9TlTHH+QjwsrkU
ILz0ybdHuXZl0H1P1LZkYlC17aei9VCaeQJOQpqpHhc8Wq8iXJfwZJKiFezlo/Dx
swEy4/jT8JTQQap8NvgO2/isj2gYRzzL2D5CvRrTy5rAPK8=
-----END CERTIFICATE-----