This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/zE9HbI7BKRJnOxPJyfZqqZZHuXg.roa
File:                     zE9HbI7BKRJnOxPJyfZqqZZHuXg.roa (raw, json)
Hash identifier:          /XMUTbGL/UqNtuY35Gp0SBdfX/z3vMQWC8vSiInHi6o=
Subject key identifier:   CC:4F:47:6C:8E:C1:29:12:67:3B:13:C9:C9:F6:6A:A9:96:47:B9:78
Certificate issuer:       /CN=e5cbde75d536e91b28a23469349d1cf28b884a3b
Certificate serial:       019B7EA4EF42E26B181B33CF85DC91CB09CD
Authority key identifier: E5:CB:DE:75:D5:36:E9:1B:28:A2:34:69:34:9D:1C:F2:8B:88:4A:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/zE9HbI7BKRJnOxPJyfZqqZZHuXg.roa
Signing time:             Fri 02 Jan 2026 12:18:16 +0000
ROA not before:           Fri 02 Jan 2026 12:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396501
IP address blocks:        185.159.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:ef:42:e2:6b:18:1b:33:cf:85:dc:91:cb:09:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5cbde75d536e91b28a23469349d1cf28b884a3b
        Validity
            Not Before: Jan  2 12:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc4f476c8ec12912673b13c9c9f66aa99647b978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:77:df:09:dc:f4:a3:95:eb:47:af:93:68:bd:
                    91:62:86:81:12:1d:3d:9c:a4:c8:da:8c:32:7a:ab:
                    c8:19:cb:a0:7d:a8:a0:a7:0e:71:cf:f9:fb:54:80:
                    fc:f3:e5:d7:22:ee:50:94:68:18:99:3d:98:44:86:
                    b3:ae:af:7a:a8:7c:42:30:9a:dd:27:8a:5a:f7:f7:
                    9c:3b:c0:b3:de:fd:56:9d:bb:bc:dc:88:87:09:aa:
                    22:e4:d6:c0:d2:80:6b:88:d7:5c:69:bd:e5:a9:9b:
                    0e:4d:17:df:a7:62:ab:e0:d3:e3:ba:a3:eb:96:93:
                    00:58:ba:f0:f3:68:95:d8:46:45:9c:2a:8b:0f:79:
                    82:82:8e:3d:fe:3f:91:7f:07:0b:9f:0d:b0:2d:6d:
                    a4:d8:eb:9c:d7:45:d4:e5:c4:dd:b2:06:ca:5c:4e:
                    54:8c:d6:9a:c3:12:da:38:ba:ed:ef:f9:32:bb:dc:
                    b2:22:08:5c:a3:85:9b:bc:cd:bd:78:99:ca:0a:cd:
                    b9:69:e0:26:ed:12:ed:42:54:cd:91:83:7b:2e:8d:
                    05:65:86:f5:e8:f6:65:e0:2c:2b:61:a0:b0:61:00:
                    89:9f:fe:b2:30:1e:72:f1:6b:96:75:82:c2:72:a3:
                    ba:6d:25:4a:05:c3:78:db:f0:38:ee:2b:42:c1:4a:
                    62:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:4F:47:6C:8E:C1:29:12:67:3B:13:C9:C9:F6:6A:A9:96:47:B9:78
            X509v3 Authority Key Identifier:
                keyid:E5:CB:DE:75:D5:36:E9:1B:28:A2:34:69:34:9D:1C:F2:8B:88:4A:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cveddU26RsoojRpNJ0c8ouISjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/zE9HbI7BKRJnOxPJyfZqqZZHuXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/015e90-5204-4d09-8b26-fceacbd73845/1/5cveddU26RsoojRpNJ0c8ouISjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:62:30:18:49:5e:a6:62:89:eb:b2:5c:5b:d3:de:fc:0a:7c:
         d4:9e:19:69:ae:4e:88:f4:ae:6b:d2:9a:88:c5:a1:1a:5c:2b:
         09:cc:1b:44:a0:c4:42:1e:f9:03:6f:22:a5:d0:44:89:c1:a8:
         39:20:2d:8e:d1:15:71:2c:34:b5:60:34:8d:4f:5a:4b:12:3e:
         e9:76:9e:d1:df:27:db:fc:19:8a:00:33:a3:5d:ee:e3:b5:0e:
         fe:4f:8b:96:f4:5a:fd:f8:ed:c6:62:1a:17:34:9f:6c:0d:2f:
         8f:76:7e:6a:40:93:6b:93:3f:05:17:bb:b8:5d:c1:79:7e:ab:
         74:81:db:5e:41:62:f5:f1:e4:b1:78:05:8a:3f:58:99:c7:dc:
         18:c9:66:89:94:6d:cb:f9:1c:1e:c8:38:af:e9:3f:1f:1c:9d:
         7e:c2:5e:cb:d2:a3:3c:d9:f0:cd:f9:b5:37:10:61:e6:ea:7f:
         b0:d7:2b:69:16:be:76:ad:b6:54:ff:60:51:db:d2:5b:52:ba:
         02:00:29:01:d2:c4:0d:4e:5b:dc:c5:07:48:e4:b0:cb:48:8e:
         5e:b2:44:cf:6f:cb:d9:38:01:81:68:63:45:65:4d:31:f7:20:
         1a:ec:bd:0e:5e:d0:36:08:1f:e4:56:20:db:e9:29:25:6a:af:
         2e:f0:52:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pO9C4msYGzPPhdyRywnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Y2JkZTc1ZDUzNmU5MWIyOGEyMzQ2OTM0OWQxY2YyOGI4
ODRhM2IwHhcNMjYwMTAyMTIxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzRmNDc2YzhlYzEyOTEyNjczYjEzYzljOWY2NmFhOTk2NDdiOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHffCdz0o5XrR6+TaL2RYoaBEh09
nKTI2owyeqvIGcugfaigpw5xz/n7VID88+XXIu5QlGgYmT2YRIazrq96qHxCMJrd
J4pa9/ecO8Cz3v1Wnbu83IiHCaoi5NbA0oBriNdcab3lqZsOTRffp2Kr4NPjuqPr
lpMAWLrw82iV2EZFnCqLD3mCgo49/j+RfwcLnw2wLW2k2Ouc10XU5cTdsgbKXE5U
jNaawxLaOLrt7/kyu9yyIghco4WbvM29eJnKCs25aeAm7RLtQlTNkYN7Lo0FZYb1
6PZl4CwrYaCwYQCJn/6yMB5y8WuWdYLCcqO6bSVKBcN42/A47itCwUpipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxPR2yOwSkSZzsTycn2aqmWR7l4MB8GA1UdIwQY
MBaAFOXL3nXVNukbKKI0aTSdHPKLiEo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWN2ZWRkVTI2UnNvb2pScE5KMGM4b3VJU2pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wMTVlOTAtNTIwNC00ZDA5LThiMjYt
ZmNlYWNiZDczODQ1LzEvekU5SGJJN0JLUkpuT3hQSnlmWnFxWlpIdVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wMTVlOTAtNTIwNC00ZDA5LThiMjYtZmNlYWNiZDczODQ1
LzEvNWN2ZWRkVTI2UnNvb2pScE5KMGM4b3VJU2pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ/HMA0G
CSqGSIb3DQEBCwUAA4IBAQBSYjAYSV6mYonrslxb0978CnzUnhlprk6I9K5r0pqI
xaEaXCsJzBtEoMRCHvkDbyKl0ESJwag5IC2O0RVxLDS1YDSNT1pLEj7pdp7R3yfb
/BmKADOjXe7jtQ7+T4uW9Fr9+O3GYhoXNJ9sDS+Pdn5qQJNrkz8FF7u4XcF5fqt0
gdteQWL18eSxeAWKP1iZx9wYyWaJlG3L+RweyDiv6T8fHJ1+wl7L0qM82fDN+bU3
EGHm6n+w1ytpFr52rbZU/2BR29JbUroCACkB0sQNTlvcxQdI5LDLSI5eskTPb8vZ
OAGBaGNFZU0x9yAa7L0OXtA2CB/kViDb6Sklaq8u8FLY
-----END CERTIFICATE-----