This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ZOtkDypeoPWpBqSKJdEKPCwN01U.roa
File:                     ZOtkDypeoPWpBqSKJdEKPCwN01U.roa (raw, json)
Hash identifier:          BEmoCqXq30cDeaaRKHag6xYKPx98KrD2HYrRNS9+4gQ=
Subject key identifier:   64:EB:64:0F:2A:5E:A0:F5:A9:06:A4:8A:25:D1:0A:3C:2C:0D:D3:55
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019B7E3912B54E772A8C3674455CE010984C
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ZOtkDypeoPWpBqSKJdEKPCwN01U.roa
Signing time:             Fri 02 Jan 2026 10:20:28 +0000
ROA not before:           Fri 02 Jan 2026 10:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202989
IP address blocks:        85.143.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:12:b5:4e:77:2a:8c:36:74:45:5c:e0:10:98:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  2 10:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64eb640f2a5ea0f5a906a48a25d10a3c2c0dd355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:19:ef:3a:27:f4:cc:d7:53:53:42:64:f1:40:
                    4b:7b:7e:34:66:46:39:bf:9e:52:c0:23:00:21:61:
                    ad:07:1c:de:23:f5:81:cc:89:fb:81:a3:4b:f4:c1:
                    79:49:00:c9:18:6d:b1:73:1f:15:18:57:a4:ed:88:
                    54:ae:89:c7:23:f0:bd:12:85:14:f9:ff:0c:3d:21:
                    e6:4a:cb:73:db:16:30:c9:b0:16:de:46:f6:e5:e6:
                    98:6d:90:29:05:86:9a:fe:84:2f:cc:77:1c:e5:74:
                    be:17:60:80:79:38:86:91:96:eb:a6:9a:c5:d0:ac:
                    b6:c0:5f:d0:01:3b:a7:6e:7b:61:32:8a:dc:fc:49:
                    f8:36:1d:f1:80:20:27:f2:7e:d6:46:f1:b2:21:71:
                    d4:4a:49:b8:56:de:d7:8c:91:a9:49:24:9e:cc:3e:
                    8c:a7:39:2a:71:21:dc:5a:4f:3b:22:58:4e:ee:8c:
                    b4:9d:8b:d0:58:57:b6:01:10:33:7e:8d:1a:bc:b2:
                    9a:22:8b:cb:c9:27:71:2d:5c:84:b0:8b:a6:ae:a9:
                    5d:16:d1:d4:0e:7f:9a:32:eb:93:06:c2:ea:76:04:
                    2e:20:da:55:c6:51:ce:86:8c:46:cb:2c:97:b8:9d:
                    4c:a9:0d:0f:e0:26:36:2a:9b:cf:64:cb:58:99:8e:
                    4a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:EB:64:0F:2A:5E:A0:F5:A9:06:A4:8A:25:D1:0A:3C:2C:0D:D3:55
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ZOtkDypeoPWpBqSKJdEKPCwN01U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:41:e9:2e:e3:29:cc:71:cc:a7:d5:ef:57:ea:e7:82:9b:24:
         de:51:e5:20:0c:64:34:07:b1:d5:e6:0f:59:a3:28:75:ea:29:
         10:f2:07:9f:aa:f0:72:3e:da:5b:a3:a0:3d:0e:d7:b6:81:30:
         13:e4:56:5b:87:80:68:79:f0:8b:15:c2:0f:ee:82:69:ce:3f:
         87:b1:cd:f9:72:37:ed:39:72:ed:c5:e5:ae:3d:f6:2b:03:75:
         b2:c5:38:d8:28:5c:45:49:ca:ac:d5:74:8d:17:47:d2:ed:c5:
         98:f7:3f:28:41:2f:93:31:b7:24:6b:46:42:53:6d:77:7d:81:
         38:79:75:f9:fc:0a:ce:75:59:54:19:ff:63:01:da:ea:c5:c5:
         b6:b7:2c:38:c0:40:54:5b:97:91:a4:48:d1:f0:68:05:32:fc:
         39:de:42:9a:46:c7:b2:44:86:a7:86:a4:bb:14:01:1a:75:8b:
         bf:3a:08:4a:ff:5a:a2:31:f2:cb:ee:b1:f5:aa:a7:e1:c7:eb:
         a1:fe:51:a6:37:59:94:de:37:28:35:05:37:f9:b9:c2:cf:d2:
         06:00:05:cb:42:b5:9e:da:d3:b6:62:65:5f:69:aa:66:2c:8d:
         74:29:78:0e:f5:26:0f:78:49:2c:af:51:e5:df:81:34:21:a4:
         56:b6:85:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ORK1TncqjDZ0RVzgEJhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMTAyMTAyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGViNjQwZjJhNWVhMGY1YTkwNmE0OGEyNWQxMGEzYzJjMGRkMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BnvOif0zNdTU0Jk8UBLe340ZkY5
v55SwCMAIWGtBxzeI/WBzIn7gaNL9MF5SQDJGG2xcx8VGFek7YhUronHI/C9EoUU
+f8MPSHmSstz2xYwybAW3kb25eaYbZApBYaa/oQvzHcc5XS+F2CAeTiGkZbrpprF
0Ky2wF/QATunbnthMorc/En4Nh3xgCAn8n7WRvGyIXHUSkm4Vt7XjJGpSSSezD6M
pzkqcSHcWk87IlhO7oy0nYvQWFe2ARAzfo0avLKaIovLySdxLVyEsIumrqldFtHU
Dn+aMuuTBsLqdgQuINpVxlHOhoxGyyyXuJ1MqQ0P4CY2KpvPZMtYmY5KbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTrZA8qXqD1qQakiiXRCjwsDdNVMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvWk90a0R5cGVvUFdwQnFTS0pkRUtQQ3dOMDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/4MA0G
CSqGSIb3DQEBCwUAA4IBAQAxQeku4ynMccyn1e9X6ueCmyTeUeUgDGQ0B7HV5g9Z
oyh16ikQ8gefqvByPtpbo6A9Dte2gTAT5FZbh4BoefCLFcIP7oJpzj+Hsc35cjft
OXLtxeWuPfYrA3WyxTjYKFxFScqs1XSNF0fS7cWY9z8oQS+TMbcka0ZCU213fYE4
eXX5/ArOdVlUGf9jAdrqxcW2tyw4wEBUW5eRpEjR8GgFMvw53kKaRseyRIanhqS7
FAEadYu/OghK/1qiMfLL7rH1qqfhx+uh/lGmN1mU3jcoNQU3+bnCz9IGAAXLQrWe
2tO2YmVfaapmLI10KXgO9SYPeEksr1Hl34E0IaRWtoWU
-----END CERTIFICATE-----