This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/RZOthdT6C9nuwbu3UIjhWwOwnms.roa
File:                     RZOthdT6C9nuwbu3UIjhWwOwnms.roa (raw, json)
Hash identifier:          4fpWeQoxlDupX+sNQZiRpRjPM8u1NiZ4u0eyQTGiQO8=
Subject key identifier:   45:93:AD:85:D4:FA:0B:D9:EE:C1:BB:B7:50:88:E1:5B:03:B0:9E:6B
Certificate issuer:       /CN=97eac753379fd22ff6515033f513dc282463ad2d
Certificate serial:       019B775892F9FF88B88F89D0FB1DFE7EAA41
Authority key identifier: 97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/RZOthdT6C9nuwbu3UIjhWwOwnms.roa
Signing time:             Thu 01 Jan 2026 02:17:32 +0000
ROA not before:           Thu 01 Jan 2026 02:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198009
IP address blocks:        193.201.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:92:f9:ff:88:b8:8f:89:d0:fb:1d:fe:7e:aa:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97eac753379fd22ff6515033f513dc282463ad2d
        Validity
            Not Before: Jan  1 02:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4593ad85d4fa0bd9eec1bbb75088e15b03b09e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e0:19:d8:89:30:6b:07:8b:9f:66:8d:b3:4a:
                    48:89:c7:73:2f:26:bd:a1:84:64:d6:65:37:ac:0f:
                    00:30:cb:59:ed:20:e2:4c:52:8a:24:b4:ba:c2:a8:
                    04:98:e6:2e:b8:fe:9c:09:70:6d:36:56:48:5d:b4:
                    99:21:aa:0d:74:94:a6:9f:37:2e:fa:5b:c6:9b:b3:
                    2f:09:43:94:05:6c:8e:1b:3f:c8:1e:2e:71:93:e5:
                    3b:8a:4f:b1:21:51:c4:08:54:d8:be:78:61:55:9e:
                    df:d4:64:44:3e:3c:33:46:ab:c4:0d:ea:82:96:65:
                    f7:a6:fd:d5:77:4e:1b:7d:6b:be:52:52:5a:0c:27:
                    27:a1:3d:8a:a3:18:9b:fd:33:c1:0c:56:fe:2f:8d:
                    39:9a:0b:e9:f7:2a:41:1a:cc:d1:2d:85:c1:72:c4:
                    d9:76:11:bf:f7:8b:ce:2c:80:6a:36:11:9d:35:f3:
                    74:9b:b3:9e:11:4e:5a:9c:0e:e5:27:50:04:89:c2:
                    ce:bd:cd:bb:62:71:df:a8:3d:f8:4f:a7:e0:5e:fa:
                    4c:08:ee:6a:8f:a5:bd:68:86:f7:28:1d:ac:af:33:
                    e9:5c:f4:7a:80:4d:7c:aa:b8:c8:1d:cb:72:b6:86:
                    67:e1:66:88:72:93:67:77:e3:cd:8c:41:81:c2:80:
                    65:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:93:AD:85:D4:FA:0B:D9:EE:C1:BB:B7:50:88:E1:5B:03:B0:9E:6B
            X509v3 Authority Key Identifier:
                keyid:97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/RZOthdT6C9nuwbu3UIjhWwOwnms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:37:a6:d3:4d:f7:99:23:f5:bb:2d:ef:82:55:01:e8:42:43:
         d8:24:d3:5e:ca:9a:58:de:97:e0:ae:9e:27:85:0b:cc:de:0c:
         ee:4f:0d:28:ed:7d:8d:fa:cf:9b:dc:98:8e:3b:1f:74:18:3b:
         28:8e:1d:db:18:f7:35:a2:80:70:56:c1:93:2c:22:2b:df:46:
         ee:85:2b:9a:ff:03:79:64:55:85:d0:57:26:84:b6:f7:a0:8b:
         65:de:f6:32:8b:b6:bb:4e:80:84:7f:b0:41:f1:d2:cf:55:d4:
         2c:24:68:cf:47:64:2f:33:ca:ca:25:6e:5e:ab:e2:28:c0:72:
         c1:63:7d:e1:f3:5f:42:d5:7c:83:e2:be:75:f7:9c:07:24:25:
         90:18:f1:2d:5c:95:d8:0c:93:bc:94:95:d8:9b:81:0b:c0:07:
         f1:ac:e6:d9:9e:71:4b:af:10:b6:49:ab:55:90:2c:df:98:1b:
         03:d6:98:d6:ac:00:b7:d9:3d:b6:66:bb:3e:fe:d7:00:ee:2b:
         5c:03:91:a6:c8:f4:59:4c:fc:36:62:42:4a:a1:95:4d:b8:59:
         ed:66:5c:5a:29:6d:12:30:41:c4:eb:7c:73:9f:87:7d:5d:5b:
         62:28:00:14:c8:2d:26:62:7e:e3:b6:6a:d5:0c:e6:fe:7a:98:
         eb:b9:eb:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WJL5/4i4j4nQ+x3+fqpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWFjNzUzMzc5ZmQyMmZmNjUxNTAzM2Y1MTNkYzI4MjQ2
M2FkMmQwHhcNMjYwMTAxMDIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTkzYWQ4NWQ0ZmEwYmQ5ZWVjMWJiYjc1MDg4ZTE1YjAzYjA5ZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOAZ2IkwaweLn2aNs0pIicdzLya9
oYRk1mU3rA8AMMtZ7SDiTFKKJLS6wqgEmOYuuP6cCXBtNlZIXbSZIaoNdJSmnzcu
+lvGm7MvCUOUBWyOGz/IHi5xk+U7ik+xIVHECFTYvnhhVZ7f1GREPjwzRqvEDeqC
lmX3pv3Vd04bfWu+UlJaDCcnoT2Koxib/TPBDFb+L405mgvp9ypBGszRLYXBcsTZ
dhG/94vOLIBqNhGdNfN0m7OeEU5anA7lJ1AEicLOvc27YnHfqD34T6fgXvpMCO5q
j6W9aIb3KB2srzPpXPR6gE18qrjIHctytoZn4WaIcpNnd+PNjEGBwoBlFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWTrYXU+gvZ7sG7t1CI4VsDsJ5rMB8GA1UdIwQY
MBaAFJfqx1M3n9Iv9lFQM/UT3CgkY60tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQt
ZWY1OTBjMWM4ZTEyLzEvUlpPdGhkVDZDOW51d2J1M1VJamhXd093bm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQtZWY1OTBjMWM4ZTEy
LzEvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwckgMA0G
CSqGSIb3DQEBCwUAA4IBAQBSN6bTTfeZI/W7Le+CVQHoQkPYJNNeyppY3pfgrp4n
hQvM3gzuTw0o7X2N+s+b3JiOOx90GDsojh3bGPc1ooBwVsGTLCIr30buhSua/wN5
ZFWF0FcmhLb3oItl3vYyi7a7ToCEf7BB8dLPVdQsJGjPR2QvM8rKJW5eq+IowHLB
Y33h819C1XyD4r5195wHJCWQGPEtXJXYDJO8lJXYm4ELwAfxrObZnnFLrxC2SatV
kCzfmBsD1pjWrAC32T22Zrs+/tcA7itcA5GmyPRZTPw2YkJKoZVNuFntZlxaKW0S
MEHE63xzn4d9XVtiKAAUyC0mYn7jtmrVDOb+epjruetr
-----END CERTIFICATE-----