This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/ZdOe5duMlKgftx4sCUBfvKL9r7k.roa
File:                     ZdOe5duMlKgftx4sCUBfvKL9r7k.roa (raw, json)
Hash identifier:          bjHkwEiq2cW+XLkEY9gWMKSxWTAbcT6KMMzri8KPRbU=
Subject key identifier:   65:D3:9E:E5:DB:8C:94:A8:1F:B7:1E:2C:09:40:5F:BC:A2:FD:AF:B9
Certificate issuer:       /CN=d38579e4c7da01df0465186236e9af27eb7312ed
Certificate serial:       019B7BA4F91002060EC5C262F0DF44ED8F60
Authority key identifier: D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/ZdOe5duMlKgftx4sCUBfvKL9r7k.roa
Signing time:             Thu 01 Jan 2026 22:19:27 +0000
ROA not before:           Thu 01 Jan 2026 22:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29469
IP address blocks:        178.216.12.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:f9:10:02:06:0e:c5:c2:62:f0:df:44:ed:8f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38579e4c7da01df0465186236e9af27eb7312ed
        Validity
            Not Before: Jan  1 22:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65d39ee5db8c94a81fb71e2c09405fbca2fdafb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:39:30:ec:0f:e8:02:c8:e7:19:ae:01:cc:14:
                    f5:a2:24:aa:71:86:9f:bf:dc:24:3a:27:6a:09:96:
                    21:f2:09:e2:d7:ab:87:62:46:ce:cc:3e:d0:6b:e4:
                    af:1f:4a:41:ee:d1:14:81:a4:6d:36:3b:7a:85:49:
                    8e:b7:d4:53:f6:6c:c7:93:c9:3e:7e:22:a5:f9:4b:
                    62:0d:22:3f:e2:5f:50:43:47:44:36:b9:3f:9d:85:
                    e1:52:e0:de:3e:26:bd:3b:d9:db:b7:73:13:45:f8:
                    b2:19:30:04:7d:f2:6a:f3:04:58:00:94:f2:6d:95:
                    7b:25:11:ec:f0:ac:ba:3e:74:ea:cb:75:05:09:a9:
                    b5:2e:a4:6f:50:07:dd:b8:0c:9c:84:16:0f:4e:23:
                    b6:56:eb:86:c7:4a:61:0a:e9:4f:39:52:1e:4b:98:
                    ac:3f:be:73:b4:b8:f3:eb:2b:bc:6e:d7:08:a9:2f:
                    71:49:3a:8f:a8:7a:74:99:fe:09:2e:0c:f4:7d:f5:
                    46:94:ed:66:a9:1a:9b:58:81:f8:cc:ef:7f:40:0f:
                    1b:3e:98:b0:8e:57:d7:c7:29:6b:81:e1:2b:b2:93:
                    a9:09:fb:5e:49:de:c0:f2:15:6d:b5:85:4b:14:6e:
                    da:e1:35:86:9e:77:24:a3:1f:a3:1a:39:25:b0:41:
                    97:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D3:9E:E5:DB:8C:94:A8:1F:B7:1E:2C:09:40:5F:BC:A2:FD:AF:B9
            X509v3 Authority Key Identifier:
                keyid:D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/ZdOe5duMlKgftx4sCUBfvKL9r7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:dd:0d:13:43:f8:c3:86:f8:d4:8a:9f:1f:93:1d:16:f8:2d:
         5d:14:f6:12:78:ac:33:2d:65:ba:a3:d4:7f:45:c7:59:3f:d4:
         41:7b:98:27:89:a4:7b:92:8e:15:13:ac:d8:33:61:81:81:09:
         f5:fb:6c:b7:7b:7d:d5:36:87:30:3b:88:11:6c:e3:f3:4c:d2:
         68:1e:1f:5e:36:b6:c2:fe:27:e9:f3:87:9c:72:1f:f3:3b:64:
         0e:8c:45:61:77:96:95:96:3b:88:c7:e6:d3:a6:5a:07:a5:f0:
         89:1b:da:87:3a:ab:30:ec:ba:26:13:94:f1:60:0f:52:fa:7e:
         f0:09:ac:cc:78:66:0c:f7:ca:c9:a4:03:cf:1b:62:b4:ff:f7:
         a4:75:63:49:fd:6d:c6:0b:91:71:7e:a1:84:39:11:3c:41:1a:
         69:fd:5c:9d:5a:3b:08:1c:c9:55:97:9a:e9:eb:10:7d:9d:b8:
         e9:a2:f5:de:d6:fa:84:07:07:18:31:40:c6:04:eb:51:63:94:
         88:24:93:e8:b6:3e:ea:3a:c0:e9:fc:f9:19:94:ec:e8:9d:d9:
         d4:14:23:e4:fc:34:13:7d:ca:77:3e:9b:63:81:00:b0:3a:77:
         0c:1d:29:ee:b1:0f:d9:b5:d3:30:ba:22:29:85:aa:66:7f:f2:
         2a:28:09:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pPkQAgYOxcJi8N9E7Y9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODU3OWU0YzdkYTAxZGYwNDY1MTg2MjM2ZTlhZjI3ZWI3
MzEyZWQwHhcNMjYwMTAxMjIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQzOWVlNWRiOGM5NGE4MWZiNzFlMmMwOTQwNWZiY2EyZmRhZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzkw7A/oAsjnGa4BzBT1oiSqcYaf
v9wkOidqCZYh8gni16uHYkbOzD7Qa+SvH0pB7tEUgaRtNjt6hUmOt9RT9mzHk8k+
fiKl+UtiDSI/4l9QQ0dENrk/nYXhUuDePia9O9nbt3MTRfiyGTAEffJq8wRYAJTy
bZV7JRHs8Ky6PnTqy3UFCam1LqRvUAfduAychBYPTiO2VuuGx0phCulPOVIeS5is
P75ztLjz6yu8btcIqS9xSTqPqHp0mf4JLgz0ffVGlO1mqRqbWIH4zO9/QA8bPpiw
jlfXxylrgeErspOpCfteSd7A8hVttYVLFG7a4TWGnnckox+jGjklsEGXeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXTnuXbjJSoH7ceLAlAX7yi/a+5MB8GA1UdIwQY
MBaAFNOFeeTH2gHfBGUYYjbpryfrcxLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTkt
YmQ0MDU0MTliMDBkLzEvWmRPZTVkdU1sS2dmdHg0c0NVQmZ2S0w5cjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTktYmQ0MDU0MTliMDBk
LzEvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstgMMA0G
CSqGSIb3DQEBCwUAA4IBAQBG3Q0TQ/jDhvjUip8fkx0W+C1dFPYSeKwzLWW6o9R/
RcdZP9RBe5gniaR7ko4VE6zYM2GBgQn1+2y3e33VNocwO4gRbOPzTNJoHh9eNrbC
/ifp84ecch/zO2QOjEVhd5aVljuIx+bTploHpfCJG9qHOqsw7LomE5TxYA9S+n7w
CazMeGYM98rJpAPPG2K0//ekdWNJ/W3GC5FxfqGEORE8QRpp/VydWjsIHMlVl5rp
6xB9nbjpovXe1vqEBwcYMUDGBOtRY5SIJJPotj7qOsDp/PkZlOzondnUFCPk/DQT
fcp3PptjgQCwOncMHSnusQ/ZtdMwuiIphapmf/IqKAkl
-----END CERTIFICATE-----