This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZPnR3HMA7sGvzycup7HofhXYTG8.roa
File:                     ZPnR3HMA7sGvzycup7HofhXYTG8.roa (raw, json)
Hash identifier:          A+4R2yyAAlbJkqTLskXX0nzQm93oNzg5z6lYvLAvYBQ=
Subject key identifier:   64:F9:D1:DC:73:00:EE:C1:AF:CF:27:2E:A7:B1:E8:7E:15:D8:4C:6F
Certificate issuer:       /CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
Certificate serial:       019BDC5D9FA1F86632FE41D7A3234E2DAFE6
Authority key identifier: 64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZPnR3HMA7sGvzycup7HofhXYTG8.roa
Signing time:             Tue 20 Jan 2026 17:04:41 +0000
ROA not before:           Tue 20 Jan 2026 17:04:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212692
IP address blocks:        45.10.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:dc:5d:9f:a1:f8:66:32:fe:41:d7:a3:23:4e:2d:af:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
        Validity
            Not Before: Jan 20 17:04:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64f9d1dc7300eec1afcf272ea7b1e87e15d84c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:38:db:a8:4a:73:93:c4:65:a3:9c:64:e3:8b:
                    31:9b:cc:1a:18:5b:3b:62:7f:13:e2:38:bc:4e:7d:
                    c3:85:75:09:d7:d2:77:67:20:48:c1:48:29:2b:85:
                    69:de:de:e5:89:0a:9c:cc:03:b7:bc:2b:68:4d:16:
                    09:d2:22:e1:28:0c:39:19:2f:16:8b:16:99:37:01:
                    58:64:b5:36:76:c1:1c:59:8d:48:a6:9c:5a:f3:ef:
                    0e:34:79:38:46:43:e4:dc:74:41:40:90:5d:34:3b:
                    f6:4d:dd:36:f2:37:f9:42:ba:64:f6:d8:1e:08:39:
                    f1:19:bf:7a:84:fc:e1:01:52:24:8a:e8:3f:f7:81:
                    7c:b1:c7:7b:6a:ba:bf:dd:83:31:b7:db:c2:48:c4:
                    c4:2e:0d:12:27:01:9a:02:a1:b4:68:28:24:f5:10:
                    68:85:a0:1d:79:fa:84:69:69:fe:53:5f:a0:44:ca:
                    d2:0f:e9:27:f8:e1:c3:fa:2f:a8:66:42:5a:79:ab:
                    c9:90:bf:9d:dd:7c:8e:d8:a8:64:d0:32:d5:d5:f0:
                    2f:68:86:62:d0:d7:2d:49:4c:58:a6:81:0b:3c:e8:
                    d0:01:d7:21:69:2c:6b:c9:88:c9:bc:bb:e5:c3:c5:
                    d1:4e:61:bc:48:a7:4d:b4:7b:07:bd:d3:22:05:f2:
                    f6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F9:D1:DC:73:00:EE:C1:AF:CF:27:2E:A7:B1:E8:7E:15:D8:4C:6F
            X509v3 Authority Key Identifier:
                keyid:64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZPnR3HMA7sGvzycup7HofhXYTG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:9e:7f:ec:59:97:28:c3:03:f6:27:b7:7e:ed:25:74:b6:0d:
         9a:eb:69:c7:2f:b3:a0:d6:8d:6f:ab:ca:a9:e6:3e:44:0a:cc:
         32:36:09:c7:ce:00:f0:b4:b8:63:82:41:2e:9b:71:28:13:14:
         08:c1:90:9b:e7:bd:a1:05:cf:b0:8a:c8:33:8a:c7:a5:45:01:
         1b:4c:31:8e:c4:75:d6:7b:87:71:8d:8d:95:5b:09:84:58:40:
         e6:d9:6f:12:54:31:dc:39:83:12:66:8c:c2:d4:34:d7:8c:8e:
         dd:60:e2:bf:53:6d:df:dd:fe:94:d8:0a:10:8a:09:61:78:7a:
         54:88:60:1d:f8:64:d8:f6:00:97:bb:84:28:6a:64:36:0d:da:
         d2:34:a2:04:c4:6d:c4:f5:92:17:a2:89:b1:f7:12:67:71:78:
         ee:48:5a:09:69:ee:f2:73:f5:59:d9:34:50:3d:57:9b:c7:08:
         89:b8:81:cb:9f:6e:e3:d6:81:63:fa:49:53:d4:c7:85:f4:9c:
         d1:a5:50:63:d4:45:fc:22:19:35:22:e1:00:28:7d:c0:73:d3:
         70:15:45:d8:13:ad:a4:d8:02:36:73:29:10:a6:d4:93:64:d1:
         97:5d:ec:65:72:11:ca:2b:1b:78:21:64:21:f6:53:16:cb:12:
         5e:21:a1:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvcXZ+h+GYy/kHXoyNOLa/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDg2NGFlOTJiZDdjZWFiNTA4M2JjYzcxMTAxZWYwNDY3
NmY4YWMwHhcNMjYwMTIwMTcwNDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGY5ZDFkYzczMDBlZWMxYWZjZjI3MmVhN2IxZTg3ZTE1ZDg0YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDjbqEpzk8Rlo5xk44sxm8waGFs7
Yn8T4ji8Tn3DhXUJ19J3ZyBIwUgpK4Vp3t7liQqczAO3vCtoTRYJ0iLhKAw5GS8W
ixaZNwFYZLU2dsEcWY1Ippxa8+8ONHk4RkPk3HRBQJBdNDv2Td028jf5Qrpk9tge
CDnxGb96hPzhAVIkiug/94F8scd7arq/3YMxt9vCSMTELg0SJwGaAqG0aCgk9RBo
haAdefqEaWn+U1+gRMrSD+kn+OHD+i+oZkJaeavJkL+d3XyO2Khk0DLV1fAvaIZi
0NctSUxYpoELPOjQAdchaSxryYjJvLvlw8XRTmG8SKdNtHsHvdMiBfL2SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGT50dxzAO7Br88nLqex6H4V2ExvMB8GA1UdIwQY
MBaAFGTYZK6SvXzqtQg7zHEQHvBGdvisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAt
MmMwNWNjOTIyMDAxLzEvWlBuUjNITUE3c0d2enljdXA3SG9maFhZVEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAtMmMwNWNjOTIyMDAx
LzEvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQrLMA0G
CSqGSIb3DQEBCwUAA4IBAQB7nn/sWZcowwP2J7d+7SV0tg2a62nHL7Og1o1vq8qp
5j5ECswyNgnHzgDwtLhjgkEum3EoExQIwZCb572hBc+wisgziselRQEbTDGOxHXW
e4dxjY2VWwmEWEDm2W8SVDHcOYMSZozC1DTXjI7dYOK/U23f3f6U2AoQiglheHpU
iGAd+GTY9gCXu4QoamQ2DdrSNKIExG3E9ZIXoomx9xJncXjuSFoJae7yc/VZ2TRQ
PVebxwiJuIHLn27j1oFj+klT1MeF9JzRpVBj1EX8Ihk1IuEAKH3Ac9NwFUXYE62k
2AI2cykQptSTZNGXXexlchHKKxt4IWQh9lMWyxJeIaHI
-----END CERTIFICATE-----