This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/zfs1n8rEspCcwaljPO1LWoriK7A.roa
File:                     zfs1n8rEspCcwaljPO1LWoriK7A.roa (raw, json)
Hash identifier:          Cw4La7Iv+J3S/kv3dOrnyO46Wye0r7XGdA/N85GgLG8=
Subject key identifier:   CD:FB:35:9F:CA:C4:B2:90:9C:C1:A9:63:3C:ED:4B:5A:8A:E2:2B:B0
Certificate issuer:       /CN=b732762a5e861e976de53d14786f39e3a669681b
Certificate serial:       019B77C768F0F40350B64BEA47DE45F3E69C
Authority key identifier: B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/zfs1n8rEspCcwaljPO1LWoriK7A.roa
Signing time:             Thu 01 Jan 2026 04:18:35 +0000
ROA not before:           Thu 01 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211661
IP address blocks:        31.185.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:68:f0:f4:03:50:b6:4b:ea:47:de:45:f3:e6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b732762a5e861e976de53d14786f39e3a669681b
        Validity
            Not Before: Jan  1 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdfb359fcac4b2909cc1a9633ced4b5a8ae22bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e5:92:04:2b:db:89:03:8d:91:0f:a6:9d:78:
                    49:8b:f7:d2:46:90:94:dc:ad:9f:fd:46:d5:1f:eb:
                    78:12:64:7c:e8:e0:fb:f6:98:6b:10:3c:63:cc:c3:
                    71:cf:bd:7e:61:7a:26:6c:5b:ea:6d:4d:ef:2f:c4:
                    55:3c:ed:3a:e6:fb:47:71:1b:b0:0f:07:06:bc:68:
                    ef:a4:eb:eb:d9:e5:d3:99:cb:c1:9a:9c:29:4d:fa:
                    4e:92:c6:22:e7:4c:ff:44:69:47:1b:94:bf:43:6b:
                    bf:37:6a:a1:80:2d:64:ff:14:a8:3b:ba:00:dc:d3:
                    24:87:6e:a5:07:b2:bb:ba:af:8e:1e:37:a5:f7:1f:
                    09:77:72:5b:ac:3d:7b:87:7f:80:ec:35:ac:e8:f9:
                    f9:14:eb:e7:45:2b:61:58:1c:51:0c:aa:61:a9:18:
                    d0:f2:43:ad:29:d9:4a:dd:62:e4:3b:84:88:0f:b3:
                    8d:e4:21:88:7e:23:e2:4f:1a:a3:48:6f:2f:43:b7:
                    7b:a7:6d:51:0a:6b:32:26:c5:df:6e:c8:ce:28:45:
                    e9:04:65:cc:e7:01:b7:e0:b8:08:e6:7b:af:7e:18:
                    6a:55:26:ab:40:d2:e0:e2:e4:1d:19:ed:82:1f:53:
                    32:13:ae:9d:90:bd:b3:ed:cb:25:ee:0b:7b:9b:92:
                    30:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FB:35:9F:CA:C4:B2:90:9C:C1:A9:63:3C:ED:4B:5A:8A:E2:2B:B0
            X509v3 Authority Key Identifier:
                keyid:B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/zfs1n8rEspCcwaljPO1LWoriK7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:6c:37:20:69:2a:44:7c:a8:1a:05:95:ff:ab:3a:79:12:fd:
         6f:64:e5:44:d6:ff:e9:48:64:a0:0e:93:4f:9c:87:10:f6:5d:
         39:27:54:eb:e9:11:d6:b5:46:86:7b:ed:ce:5e:51:c9:7d:e0:
         31:a2:37:b9:dd:a8:27:d8:cc:c9:ad:e5:f7:93:b5:a2:61:03:
         97:0e:b6:86:be:5b:1f:20:ae:2c:76:1f:95:07:a2:14:76:4e:
         76:bd:73:bd:5c:a7:54:98:7c:a4:ad:23:54:df:41:d6:ed:d5:
         8d:da:2c:68:53:71:13:b2:41:09:62:c0:7c:5e:96:66:54:e1:
         fd:5b:c6:21:59:31:f6:de:fd:8e:a2:36:9a:56:2f:b8:c6:50:
         c9:44:0a:d4:10:68:2a:ea:fc:3d:d6:61:9b:70:84:df:f8:f9:
         2d:01:43:61:61:44:86:e6:b9:0e:8b:1d:63:34:58:3e:bf:56:
         46:78:de:6b:f0:94:fb:08:27:35:17:78:a5:7e:47:d3:9f:c2:
         1a:d6:7b:b9:bd:c0:bf:cd:39:c6:07:87:b6:1d:28:d7:a9:62:
         2e:a2:0c:53:95:62:c4:a0:ac:8e:c2:06:19:3b:f9:d9:32:5c:
         27:bd:40:0a:87:b4:01:03:ff:27:ac:0a:90:5a:32:82:14:d8:
         1a:d9:0b:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x2jw9ANQtkvqR95F8+acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MzI3NjJhNWU4NjFlOTc2ZGU1M2QxNDc4NmYzOWUzYTY2
OTY4MWIwHhcNMjYwMTAxMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZiMzU5ZmNhYzRiMjkwOWNjMWE5NjMzY2VkNGI1YThhZTIyYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuWSBCvbiQONkQ+mnXhJi/fSRpCU
3K2f/UbVH+t4EmR86OD79phrEDxjzMNxz71+YXombFvqbU3vL8RVPO065vtHcRuw
DwcGvGjvpOvr2eXTmcvBmpwpTfpOksYi50z/RGlHG5S/Q2u/N2qhgC1k/xSoO7oA
3NMkh26lB7K7uq+OHjel9x8Jd3JbrD17h3+A7DWs6Pn5FOvnRSthWBxRDKphqRjQ
8kOtKdlK3WLkO4SID7ON5CGIfiPiTxqjSG8vQ7d7p21RCmsyJsXfbsjOKEXpBGXM
5wG34LgI5nuvfhhqVSarQNLg4uQdGe2CH1MyE66dkL2z7csl7gt7m5Iw4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM37NZ/KxLKQnMGpYzztS1qK4iuwMB8GA1UdIwQY
MBaAFLcydipehh6XbeU9FHhvOeOmaWgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDct
NjNiNTJhYTdmOGRhLzEvemZzMW44ckVzcENjd2FsalBPMUxXb3JpSzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDctNjNiNTJhYTdmOGRh
LzEvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7lhMA0G
CSqGSIb3DQEBCwUAA4IBAQBQbDcgaSpEfKgaBZX/qzp5Ev1vZOVE1v/pSGSgDpNP
nIcQ9l05J1Tr6RHWtUaGe+3OXlHJfeAxoje53agn2MzJreX3k7WiYQOXDraGvlsf
IK4sdh+VB6IUdk52vXO9XKdUmHykrSNU30HW7dWN2ixoU3ETskEJYsB8XpZmVOH9
W8YhWTH23v2OojaaVi+4xlDJRArUEGgq6vw91mGbcITf+PktAUNhYUSG5rkOix1j
NFg+v1ZGeN5r8JT7CCc1F3ilfkfTn8Ia1nu5vcC/zTnGB4e2HSjXqWIuogxTlWLE
oKyOwgYZO/nZMlwnvUAKh7QBA/8nrAqQWjKCFNga2QtV
-----END CERTIFICATE-----