This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZMeHfDWXTSuyvKCdo0uc_y9a4cQ.roa
File:                     ZMeHfDWXTSuyvKCdo0uc_y9a4cQ.roa (raw, json)
Hash identifier:          adadVHzuqQkXM8cG+ugF/epPTs+7UF/lDABjXS9xTDM=
Subject key identifier:   64:C7:87:7C:35:97:4D:2B:B2:BC:A0:9D:A3:4B:9C:FF:2F:5A:E1:C4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AD62F316CF0CCBA42A4EC92F548FA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZMeHfDWXTSuyvKCdo0uc_y9a4cQ.roa
Signing time:             Thu 01 Jan 2026 16:18:51 +0000
ROA not before:           Thu 01 Jan 2026 16:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214208
IP address blocks:        213.218.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d6:2f:31:6c:f0:cc:ba:42:a4:ec:92:f5:48:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64c7877c35974d2bb2bca09da34b9cff2f5ae1c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:05:eb:14:20:22:13:2c:5f:e0:03:c9:2b:d1:
                    44:0c:80:81:8a:5f:90:01:4b:c2:14:11:18:ae:67:
                    41:b1:ee:d5:f8:c1:05:c9:62:cd:d9:64:f5:6a:12:
                    3a:c3:30:b7:cc:0b:80:4f:44:c9:0c:91:45:4f:d9:
                    61:47:60:54:f3:7c:9c:be:7b:7d:55:7c:9e:90:db:
                    7d:e7:5c:04:98:30:85:d8:62:42:1d:3c:3b:62:e6:
                    50:88:93:c6:88:bb:15:7a:de:a7:5d:36:f0:97:7d:
                    e7:98:9b:c5:93:5a:8c:45:7c:b7:2d:68:89:a8:90:
                    12:f4:db:67:c5:8b:2b:ce:2b:23:b0:06:81:a0:af:
                    89:52:41:fb:f4:4a:bf:77:21:0d:5f:00:4c:8a:3e:
                    01:40:ca:db:e2:20:d6:39:ed:16:e0:d7:6e:35:1d:
                    c1:4e:67:78:08:35:2e:1a:10:3e:65:a3:0a:dc:a4:
                    f7:0b:94:a0:ce:4a:af:87:ac:51:5a:99:ca:3f:46:
                    0e:dc:b9:6e:e4:ab:5f:6b:32:1f:96:2a:c2:cb:20:
                    53:b0:40:e9:d8:e2:d3:b3:b5:40:d1:7c:e8:c8:24:
                    9a:a0:28:90:38:5c:ee:c7:3a:9f:4d:91:d3:96:a6:
                    8e:1c:34:20:15:7b:95:b9:31:34:b3:d4:4f:34:30:
                    64:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C7:87:7C:35:97:4D:2B:B2:BC:A0:9D:A3:4B:9C:FF:2F:5A:E1:C4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZMeHfDWXTSuyvKCdo0uc_y9a4cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:00:d9:f6:95:57:40:7e:76:df:72:09:ac:73:03:d2:5b:3f:
         a5:f0:1a:3e:7c:4d:d0:0a:22:90:ce:ba:f8:14:dd:9d:7f:55:
         5f:9e:e8:6c:05:85:93:41:e3:a5:55:63:49:77:9b:82:c1:3c:
         8b:56:67:56:82:ad:48:b1:89:77:d0:35:44:04:75:d0:71:62:
         63:6c:69:86:30:84:08:2c:e2:6a:6b:9f:71:92:81:5d:83:50:
         10:6a:85:33:6d:71:12:ed:de:df:99:1a:f6:1d:51:0f:54:2b:
         86:83:6c:ef:6f:15:1a:37:ca:a2:de:11:ac:4c:e2:e1:ec:27:
         89:f5:c0:5b:be:8e:5f:01:f6:6b:44:65:e3:3c:f9:53:db:60:
         63:f0:bc:23:b6:43:d9:1e:5d:5a:a1:28:40:aa:bb:ab:a0:1e:
         28:fa:19:9d:15:a6:de:15:a7:89:8a:f1:4f:c3:61:86:cd:42:
         ff:cc:24:a2:46:2a:17:c1:79:cd:77:a1:cc:87:c5:fb:40:e0:
         08:0d:15:c2:0e:57:3a:90:c2:f1:53:2d:5f:d6:85:4c:ec:ec:
         b6:03:60:b2:90:63:14:3b:77:63:e1:3c:d1:c1:c1:31:22:ac:
         69:60:bb:88:73:4e:a3:96:b8:2c:94:87:6c:bf:03:89:92:e4:
         55:65:19:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WtYvMWzwzLpCpOyS9Uj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGM3ODc3YzM1OTc0ZDJiYjJiY2EwOWRhMzRiOWNmZjJmNWFlMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAXrFCAiEyxf4APJK9FEDICBil+Q
AUvCFBEYrmdBse7V+MEFyWLN2WT1ahI6wzC3zAuAT0TJDJFFT9lhR2BU83ycvnt9
VXyekNt951wEmDCF2GJCHTw7YuZQiJPGiLsVet6nXTbwl33nmJvFk1qMRXy3LWiJ
qJAS9NtnxYsrzisjsAaBoK+JUkH79Eq/dyENXwBMij4BQMrb4iDWOe0W4NduNR3B
Tmd4CDUuGhA+ZaMK3KT3C5Sgzkqvh6xRWpnKP0YO3Llu5KtfazIflirCyyBTsEDp
2OLTs7VA0XzoyCSaoCiQOFzuxzqfTZHTlqaOHDQgFXuVuTE0s9RPNDBkQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTHh3w1l00rsrygnaNLnP8vWuHEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWk1lSGZEV1hUU3V5dktDZG8wdWNfeTlhNGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drXMA0G
CSqGSIb3DQEBCwUAA4IBAQBVANn2lVdAfnbfcgmscwPSWz+l8Bo+fE3QCiKQzrr4
FN2df1VfnuhsBYWTQeOlVWNJd5uCwTyLVmdWgq1IsYl30DVEBHXQcWJjbGmGMIQI
LOJqa59xkoFdg1AQaoUzbXES7d7fmRr2HVEPVCuGg2zvbxUaN8qi3hGsTOLh7CeJ
9cBbvo5fAfZrRGXjPPlT22Bj8LwjtkPZHl1aoShAqruroB4o+hmdFabeFaeJivFP
w2GGzUL/zCSiRioXwXnNd6HMh8X7QOAIDRXCDlc6kMLxUy1f1oVM7Oy2A2CykGMU
O3dj4TzRwcExIqxpYLuIc06jlrgslIdsvwOJkuRVZRkH
-----END CERTIFICATE-----