This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrABntG9K9mhIhdqztHDeRg--G4.roa
File:                     zrABntG9K9mhIhdqztHDeRg--G4.roa (raw, json)
Hash identifier:          gMDq/Kln5jA0QKMrkqoy1kLNKDrHuD7nJKA9uHp8ouU=
Subject key identifier:   CE:B0:01:9E:D1:BD:2B:D9:A1:22:17:6A:CE:D1:C3:79:18:3E:F8:6E
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019BF1EF00188FE7BDBF2F415769185DF1B3
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrABntG9K9mhIhdqztHDeRg--G4.roa
Signing time:             Sat 24 Jan 2026 21:35:30 +0000
ROA not before:           Sat 24 Jan 2026 21:35:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        222.167.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f1:ef:00:18:8f:e7:bd:bf:2f:41:57:69:18:5d:f1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Jan 24 21:35:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ceb0019ed1bd2bd9a122176aced1c379183ef86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6b:4f:31:90:f2:d1:ed:e4:15:82:42:28:ae:
                    0e:e7:b4:8a:e3:e4:65:e8:6d:e1:c7:d0:d4:04:c5:
                    ea:90:9d:2b:89:3e:07:5f:98:7f:46:72:33:a1:41:
                    db:b3:78:5f:49:a7:a6:ee:1f:1d:13:86:dc:5b:82:
                    66:ba:bb:be:86:29:ef:9d:21:81:a8:64:3e:46:46:
                    9f:f2:e8:85:e7:b3:dd:a2:fe:f7:f5:b3:27:f9:92:
                    b3:f2:8d:68:9d:fd:e0:ac:4e:7e:c2:a9:41:a4:eb:
                    be:52:ac:fe:d1:fa:b1:4e:2d:46:48:48:06:62:0e:
                    c2:64:d4:71:2c:ca:2b:27:cb:ae:a0:cd:25:5f:b2:
                    13:e9:8c:45:5b:f0:4b:a9:a3:86:01:c3:16:bd:62:
                    a4:12:96:20:22:e0:88:06:4d:86:7c:d2:e2:3f:c9:
                    7f:cb:26:cb:7b:22:50:9d:cf:23:ef:3b:79:f3:1e:
                    35:f4:d6:f8:45:3d:4d:df:d5:73:a3:51:cd:76:f0:
                    08:cf:7c:39:5c:ec:db:f5:67:fe:8a:7b:21:97:08:
                    55:1a:7d:25:5e:fc:f9:8d:a5:82:2d:07:1f:5a:b6:
                    e6:02:51:cb:1c:dd:9c:b4:35:e8:f2:e7:11:c0:4a:
                    3a:b5:dd:18:28:b5:d6:7c:cb:42:4e:9f:2f:15:3d:
                    ab:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B0:01:9E:D1:BD:2B:D9:A1:22:17:6A:CE:D1:C3:79:18:3E:F8:6E
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrABntG9K9mhIhdqztHDeRg--G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ed:58:66:a5:f1:43:8e:f1:fd:56:1e:88:4a:8a:2b:30:29:
         8c:71:84:cd:a2:8b:56:bf:f9:c5:b6:e3:fe:b8:f2:a6:b6:d8:
         1b:a0:45:4d:74:b5:ac:41:0b:35:6a:d9:23:08:de:8f:06:72:
         5c:5f:26:76:a9:ae:6c:c3:ec:75:d5:02:ae:1d:64:89:db:50:
         7a:55:4c:74:9c:28:5a:ac:a8:08:6e:26:f8:e9:7c:a7:6b:9e:
         51:b5:67:60:19:28:f9:22:f8:d0:24:1e:f7:0f:86:39:aa:0c:
         3e:f8:87:00:18:fb:cc:d2:05:e1:4d:bb:cf:ee:9f:e0:22:1e:
         dc:f2:f7:81:9d:7d:99:80:88:09:1b:e5:67:b8:06:1c:a1:7a:
         52:ba:f5:fd:e8:d8:ac:8b:6d:4f:b4:df:55:69:16:3a:f8:f8:
         74:f7:86:a1:2e:92:ce:b1:79:38:4b:a8:03:7b:f8:ce:08:f6:
         c5:57:c0:4e:1b:0e:a3:a5:5a:e1:1a:0b:15:09:ad:03:c0:be:
         3d:0b:4c:d2:8d:da:94:10:6b:23:7b:0c:71:cb:44:11:15:1d:
         eb:8b:76:75:75:01:c4:c6:00:3a:62:2c:a8:49:51:b8:76:c8:
         1b:46:6a:77:26:ca:28:08:86:5f:b2:c1:39:be:e2:58:b3:0c:
         e1:97:9c:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvx7wAYj+e9vy9BV2kYXfGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMTI0MjEzNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIwMDE5ZWQxYmQyYmQ5YTEyMjE3NmFjZWQxYzM3OTE4M2VmODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2tPMZDy0e3kFYJCKK4O57SK4+Rl
6G3hx9DUBMXqkJ0riT4HX5h/RnIzoUHbs3hfSaem7h8dE4bcW4Jmuru+hinvnSGB
qGQ+Rkaf8uiF57Pdov739bMn+ZKz8o1onf3grE5+wqlBpOu+Uqz+0fqxTi1GSEgG
Yg7CZNRxLMorJ8uuoM0lX7IT6YxFW/BLqaOGAcMWvWKkEpYgIuCIBk2GfNLiP8l/
yybLeyJQnc8j7zt58x419Nb4RT1N39Vzo1HNdvAIz3w5XOzb9Wf+inshlwhVGn0l
Xvz5jaWCLQcfWrbmAlHLHN2ctDXo8ucRwEo6td0YKLXWfMtCTp8vFT2rmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6wAZ7RvSvZoSIXas7Rw3kYPvhuMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvenJBQm50RzlLOW1oSWhkcXp0SERlUmctLUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qf8MA0G
CSqGSIb3DQEBCwUAA4IBAQA/7VhmpfFDjvH9Vh6ISoorMCmMcYTNootWv/nFtuP+
uPKmttgboEVNdLWsQQs1atkjCN6PBnJcXyZ2qa5sw+x11QKuHWSJ21B6VUx0nCha
rKgIbib46Xyna55RtWdgGSj5IvjQJB73D4Y5qgw++IcAGPvM0gXhTbvP7p/gIh7c
8veBnX2ZgIgJG+VnuAYcoXpSuvX96Nisi21PtN9VaRY6+Ph094ahLpLOsXk4S6gD
e/jOCPbFV8BOGw6jpVrhGgsVCa0DwL49C0zSjdqUEGsjewxxy0QRFR3ri3Z1dQHE
xgA6YiyoSVG4dsgbRmp3JsooCIZfssE5vuJYswzhl5zY
-----END CERTIFICATE-----