This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/mYZ-CoJ30ryRjfCq_ZwrN2mkqqU.roa
File:                     mYZ-CoJ30ryRjfCq_ZwrN2mkqqU.roa (raw, json)
Hash identifier:          yzaoDw2vJVnlrfgQa+Wm4W0pkL/1ud5VYXRkIehmaa4=
Subject key identifier:   99:86:7E:0A:82:77:D2:BC:91:8D:F0:AA:FD:9C:2B:37:69:A4:AA:A5
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       019B7DCA9C0FB2B70CE15AB1BD9F5369DDAD
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/mYZ-CoJ30ryRjfCq_ZwrN2mkqqU.roa
Signing time:             Fri 02 Jan 2026 08:19:48 +0000
ROA not before:           Fri 02 Jan 2026 08:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214670
IP address blocks:        195.5.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:9c:0f:b2:b7:0c:e1:5a:b1:bd:9f:53:69:dd:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  2 08:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99867e0a8277d2bc918df0aafd9c2b3769a4aaa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4d:81:40:ac:52:e5:a8:f8:7f:43:f3:03:84:
                    71:28:bc:c3:84:f1:88:69:cb:e7:71:89:58:a4:48:
                    1d:bf:38:47:dd:92:46:1f:09:3b:9f:04:af:d6:51:
                    9f:e0:1c:5c:35:41:c3:59:4c:1e:53:3a:a8:b9:22:
                    59:d1:a6:b1:a6:48:9e:99:d6:04:29:49:32:f6:8c:
                    07:87:4b:32:f6:2f:81:40:09:3c:82:ac:f9:33:16:
                    61:9a:c6:bc:9e:52:fa:0f:e9:6d:66:ff:ea:e2:43:
                    4f:5b:20:d2:98:e1:c5:db:1e:a8:08:d7:e0:b9:40:
                    3d:4b:b7:63:f4:ec:5d:aa:47:51:f7:ec:28:e3:e6:
                    24:00:dd:06:19:5c:50:e2:b3:42:78:cd:6a:34:10:
                    0f:93:58:00:b2:5f:bb:2d:cc:4b:10:be:b9:34:88:
                    ac:a1:d5:0f:f9:70:59:a9:f6:37:52:6e:bc:55:fe:
                    41:e4:a4:2e:7a:44:6d:9b:54:25:f9:69:b3:87:c9:
                    84:02:a5:f4:dd:a7:1d:e7:0b:17:16:a6:db:48:9d:
                    e3:1e:ca:3a:18:1e:ae:45:40:7e:16:de:b0:2f:00:
                    1c:43:2c:fc:63:78:3e:dd:3a:bc:45:3e:de:75:d1:
                    89:59:5e:e1:7a:d7:f9:78:aa:cc:a1:03:59:2b:68:
                    79:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:86:7E:0A:82:77:D2:BC:91:8D:F0:AA:FD:9C:2B:37:69:A4:AA:A5
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/mYZ-CoJ30ryRjfCq_ZwrN2mkqqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:77:c0:20:c6:d6:52:1f:63:0a:4a:06:63:98:ed:ad:04:30:
         70:5c:e4:68:6e:9a:9d:9c:59:ac:36:83:21:8b:5f:ca:a1:78:
         37:a4:43:29:af:38:ab:7a:9d:67:b5:7a:b3:4c:fc:c9:68:f9:
         8e:5d:26:a5:09:1f:70:64:ad:fa:cf:67:42:bb:18:20:f2:76:
         47:bd:ff:cc:cb:2d:17:91:92:9d:7e:f5:31:59:ea:ab:f5:10:
         38:89:59:1f:43:ca:92:8f:7c:53:b2:f2:2d:11:08:e4:c1:3f:
         e9:6d:ec:28:f5:96:8f:7d:8b:f2:cc:17:cf:cd:49:b2:51:52:
         49:d9:f0:3a:af:a3:12:79:50:75:4f:68:89:50:cb:96:92:3b:
         31:d2:f0:34:ea:76:fe:96:52:10:d3:94:67:be:ea:45:d0:e7:
         c6:ba:ad:69:e5:3d:2b:b1:a5:6a:05:7a:7b:d6:44:a9:52:e6:
         60:a1:d9:eb:1f:39:ee:5f:37:00:9e:b1:2f:1b:cb:4c:2e:88:
         f2:06:c2:b7:82:d4:2d:a6:7c:90:3e:b9:68:ac:91:34:1a:1d:
         0e:bb:22:84:eb:a8:75:7c:39:57:3c:be:e9:63:7d:0b:97:39:
         a1:7d:65:88:7c:fa:66:ae:6b:1a:92:ed:4e:d2:6d:82:93:4d:
         d0:2c:36:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ypwPsrcM4VqxvZ9Tad2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjYwMTAyMDgxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTg2N2UwYTgyNzdkMmJjOTE4ZGYwYWFmZDljMmIzNzY5YTRhYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU2BQKxS5aj4f0PzA4RxKLzDhPGI
acvncYlYpEgdvzhH3ZJGHwk7nwSv1lGf4BxcNUHDWUweUzqouSJZ0aaxpkiemdYE
KUky9owHh0sy9i+BQAk8gqz5MxZhmsa8nlL6D+ltZv/q4kNPWyDSmOHF2x6oCNfg
uUA9S7dj9OxdqkdR9+wo4+YkAN0GGVxQ4rNCeM1qNBAPk1gAsl+7LcxLEL65NIis
odUP+XBZqfY3Um68Vf5B5KQuekRtm1Ql+Wmzh8mEAqX03acd5wsXFqbbSJ3jHso6
GB6uRUB+Ft6wLwAcQyz8Y3g+3Tq8RT7eddGJWV7hetf5eKrMoQNZK2h5gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmGfgqCd9K8kY3wqv2cKzdppKqlMB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvbVlaLUNvSjMwcnlSamZDcV9ad3JOMm1rcXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwWhMA0G
CSqGSIb3DQEBCwUAA4IBAQAbd8AgxtZSH2MKSgZjmO2tBDBwXORobpqdnFmsNoMh
i1/KoXg3pEMprzirep1ntXqzTPzJaPmOXSalCR9wZK36z2dCuxgg8nZHvf/Myy0X
kZKdfvUxWeqr9RA4iVkfQ8qSj3xTsvItEQjkwT/pbewo9ZaPfYvyzBfPzUmyUVJJ
2fA6r6MSeVB1T2iJUMuWkjsx0vA06nb+llIQ05RnvupF0OfGuq1p5T0rsaVqBXp7
1kSpUuZgodnrHznuXzcAnrEvG8tMLojyBsK3gtQtpnyQPrlorJE0Gh0OuyKE66h1
fDlXPL7pY30LlzmhfWWIfPpmrmsaku1O0m2Ck03QLDa3
-----END CERTIFICATE-----