This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/zKkeUh7VNsp6y830PVmPSLIbPcg.roa
File:                     zKkeUh7VNsp6y830PVmPSLIbPcg.roa (raw, json)
Hash identifier:          tCyEfnYca7v24CX+6Ugz0SsMY+Ip+uFePZwLtw8tlPM=
Subject key identifier:   CC:A9:1E:52:1E:D5:36:CA:7A:CB:CD:F4:3D:59:8F:48:B2:1B:3D:C8
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019B7BA3D083BEF1AA20D2C12C92BA8F7460
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/zKkeUh7VNsp6y830PVmPSLIbPcg.roa
Signing time:             Thu 01 Jan 2026 22:18:11 +0000
ROA not before:           Thu 01 Jan 2026 22:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9318
IP address blocks:        212.100.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:d0:83:be:f1:aa:20:d2:c1:2c:92:ba:8f:74:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jan  1 22:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cca91e521ed536ca7acbcdf43d598f48b21b3dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:64:d8:aa:13:97:44:37:0b:6a:c1:a0:2e:
                    39:35:c5:4f:33:b5:35:b7:15:7c:65:38:f0:b5:d0:
                    08:02:69:fa:0e:c4:34:0a:4b:bb:50:a7:fd:46:b6:
                    01:9c:da:2e:aa:ed:1e:12:d7:9b:8d:2b:bf:38:73:
                    7e:b4:09:c5:1a:67:9d:07:b5:3a:0c:bc:15:bc:a0:
                    a8:3b:e6:2d:41:d1:b6:1b:c8:41:bd:5c:22:26:60:
                    63:74:f9:43:0c:08:ac:23:cb:6a:fc:b6:fe:96:45:
                    75:39:d0:17:2b:37:c3:44:64:c4:8a:1c:fd:20:d7:
                    62:d7:61:b0:d9:8e:9a:e6:2e:fd:e1:2f:80:f1:09:
                    84:4c:81:3a:0a:f6:79:8d:9d:63:55:f4:f9:07:4c:
                    86:3d:42:18:57:b8:6f:74:3b:92:86:1a:2f:09:b3:
                    d6:41:58:2d:68:06:4e:bb:8b:cc:d9:35:95:97:44:
                    85:ef:74:db:6e:67:29:88:bb:38:25:6c:d1:7e:13:
                    63:04:7b:fb:a9:c5:07:09:e9:86:c1:5d:14:69:a9:
                    bd:3c:d4:3f:86:af:f4:6a:09:59:79:44:66:22:50:
                    09:89:8d:38:81:a3:87:81:de:32:39:bb:d9:a4:d4:
                    04:c9:1a:59:d0:d2:40:e7:3a:55:99:05:4d:43:81:
                    5b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A9:1E:52:1E:D5:36:CA:7A:CB:CD:F4:3D:59:8F:48:B2:1B:3D:C8
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/zKkeUh7VNsp6y830PVmPSLIbPcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:5f:06:3c:d0:74:c2:ba:3e:e3:ea:93:49:0d:80:c7:03:00:
         8d:0f:a4:39:59:3d:e0:73:36:e0:a0:55:f0:21:b3:48:50:8a:
         f1:31:86:13:bc:ef:d0:bf:93:ef:75:c5:9d:0e:4a:bc:43:22:
         40:e3:61:cd:0c:89:8e:01:87:a6:e4:94:d9:d3:ea:62:2d:9f:
         03:bc:7e:be:9a:93:1e:21:4b:3d:ed:ee:ee:fa:1c:0b:fa:10:
         ca:f6:c6:7c:1d:96:d2:d6:4f:7b:b7:4d:81:2c:89:50:a5:e4:
         20:1c:d7:05:f0:25:a6:9b:a1:84:fe:f5:ef:6b:1b:a6:7e:ec:
         3e:39:a1:27:e0:01:ed:c7:b6:9c:87:e5:c0:32:75:55:9e:b2:
         9a:c8:d6:6b:34:ef:f3:ba:21:a2:c3:f0:c5:72:58:42:bd:33:
         1c:8a:3a:d5:c7:6e:8f:ba:c1:f2:3a:43:e4:e4:f8:97:83:e1:
         ce:42:a4:4f:b7:06:1b:26:00:47:5f:0a:02:cf:48:ab:58:69:
         fe:65:2e:f9:87:cc:0d:73:a7:e8:bd:e0:c2:d2:29:36:17:f0:
         00:92:a9:3b:4a:5b:ec:98:ca:dd:a2:44:04:f8:56:2b:78:b2:
         3d:1c:1b:af:f6:54:a3:10:b5:e8:96:40:3f:92:91:e6:76:69:
         17:cb:d5:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o9CDvvGqINLBLJK6j3RgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMTAxMjIxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E5MWU1MjFlZDUzNmNhN2FjYmNkZjQzZDU5OGY0OGIyMWIzZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr75k2KoTl0Q3C2rBoC45NcVPM7U1
txV8ZTjwtdAIAmn6DsQ0Cku7UKf9RrYBnNouqu0eEtebjSu/OHN+tAnFGmedB7U6
DLwVvKCoO+YtQdG2G8hBvVwiJmBjdPlDDAisI8tq/Lb+lkV1OdAXKzfDRGTEihz9
INdi12Gw2Y6a5i794S+A8QmETIE6CvZ5jZ1jVfT5B0yGPUIYV7hvdDuShhovCbPW
QVgtaAZOu4vM2TWVl0SF73TbbmcpiLs4JWzRfhNjBHv7qcUHCemGwV0Uaam9PNQ/
hq/0aglZeURmIlAJiY04gaOHgd4yObvZpNQEyRpZ0NJA5zpVmQVNQ4FbEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMypHlIe1TbKesvN9D1Zj0iyGz3IMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvektrZVVoN1ZOc3A2eTgzMFBWbVBTTEliUGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSnMA0G
CSqGSIb3DQEBCwUAA4IBAQBGXwY80HTCuj7j6pNJDYDHAwCND6Q5WT3gczbgoFXw
IbNIUIrxMYYTvO/Qv5PvdcWdDkq8QyJA42HNDImOAYem5JTZ0+piLZ8DvH6+mpMe
IUs97e7u+hwL+hDK9sZ8HZbS1k97t02BLIlQpeQgHNcF8CWmm6GE/vXvaxumfuw+
OaEn4AHtx7ach+XAMnVVnrKayNZrNO/zuiGiw/DFclhCvTMcijrVx26PusHyOkPk
5PiXg+HOQqRPtwYbJgBHXwoCz0irWGn+ZS75h8wNc6foveDC0ik2F/AAkqk7Slvs
mMrdokQE+FYreLI9HBuv9lSjELXolkA/kpHmdmkXy9U/
-----END CERTIFICATE-----