This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/SZX71ph8QaHTDKUZ_awWsJ3Rop8.roa
File:                     SZX71ph8QaHTDKUZ_awWsJ3Rop8.roa (raw, json)
Hash identifier:          Ezxrik8lWqt6m7GXayjzec/qOLlnThrVGFvxsgwlbj0=
Subject key identifier:   49:95:FB:D6:98:7C:41:A1:D3:0C:A5:19:FD:AC:16:B0:9D:D1:A2:9F
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       019B79114B272D3B9CFB0F660051DECFDEFE
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/SZX71ph8QaHTDKUZ_awWsJ3Rop8.roa
Signing time:             Thu 01 Jan 2026 10:18:55 +0000
ROA not before:           Thu 01 Jan 2026 10:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20546
IP address blocks:        185.64.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:4b:27:2d:3b:9c:fb:0f:66:00:51:de:cf:de:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 10:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4995fbd6987c41a1d30ca519fdac16b09dd1a29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bb:f4:0e:51:78:17:54:13:31:9c:60:51:a8:
                    41:5b:4f:be:ad:7c:55:4b:62:ef:0a:bf:3a:19:3c:
                    eb:45:6c:d2:85:95:51:44:a9:72:08:38:6b:df:b2:
                    f4:de:c2:09:e5:fb:0c:69:4f:6a:d3:f6:5b:78:68:
                    a0:47:32:2f:71:d5:56:3f:ac:81:89:2d:69:36:0e:
                    9a:a3:e7:cc:86:1e:2e:85:b2:64:ac:b9:d6:3d:51:
                    8f:ea:50:b6:e5:50:36:17:99:a2:df:cf:7f:6e:1a:
                    a9:69:0c:87:83:31:e6:90:a9:cb:ff:0c:73:55:33:
                    95:f6:40:a6:ce:ea:1c:8f:f9:29:e0:78:1a:f5:29:
                    85:71:9e:84:02:e4:4d:2d:9e:0f:71:0e:93:30:75:
                    a8:c5:1b:77:c3:87:4a:1b:58:a4:30:ed:3c:1e:ce:
                    ef:28:ce:4e:63:7e:1e:9d:89:b6:61:ac:c8:e2:05:
                    2a:be:64:92:c2:82:96:d6:63:66:f9:f3:be:7d:7c:
                    d0:4e:11:e9:c1:8b:4a:07:ef:d3:9a:8b:4c:3d:f9:
                    f3:f4:02:16:40:64:8a:ca:3f:a3:fc:03:d7:f8:21:
                    99:00:a2:c3:05:ea:26:43:2f:6f:5a:d1:bc:b1:b4:
                    3d:89:63:11:83:ce:71:63:2e:ff:10:6f:ca:e4:cc:
                    c0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:95:FB:D6:98:7C:41:A1:D3:0C:A5:19:FD:AC:16:B0:9D:D1:A2:9F
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/SZX71ph8QaHTDKUZ_awWsJ3Rop8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:f4:cb:a2:ce:90:1e:44:9b:ab:f8:73:b8:5d:de:b1:18:7e:
         c9:ea:c0:62:7c:b7:aa:bf:f7:d1:c6:14:33:fd:43:8b:70:b0:
         51:d5:c6:2b:fc:4c:a5:4a:9b:f2:c7:47:71:3a:85:06:8b:e8:
         71:89:81:fc:6f:c2:79:4e:2c:67:fc:ed:91:bf:de:99:e3:81:
         00:40:e3:34:a1:99:70:e4:0a:32:c2:5c:c6:20:98:8c:4c:e9:
         00:c5:f7:f1:db:3f:57:13:5b:98:4f:17:83:90:a0:e2:d0:6e:
         99:94:12:23:1b:a2:c5:b1:24:41:47:b5:3e:08:10:b3:1f:58:
         7d:81:6e:90:0d:f7:06:21:61:a4:c6:4f:44:95:37:42:59:51:
         d6:78:7e:31:5a:71:3b:7a:70:f6:16:54:a2:a3:2e:ae:74:a2:
         69:18:8b:c7:a0:f6:f4:64:0b:c4:f3:b9:e8:9d:52:ab:4a:32:
         96:e9:0c:dc:ed:6b:6c:38:71:c1:29:87:e0:44:39:54:65:2f:
         52:48:c5:69:64:77:01:11:39:66:a7:36:00:3d:c0:20:06:a5:
         fa:85:89:4c:0d:ab:a6:a0:6c:e8:0a:71:17:b5:96:1e:4c:00:
         fc:ee:b7:83:d1:8d:af:fb:57:1e:c9:8d:c2:f9:c2:bc:02:16:
         25:b4:82:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EUsnLTuc+w9mAFHez97+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjYwMTAxMTAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk1ZmJkNjk4N2M0MWExZDMwY2E1MTlmZGFjMTZiMDlkZDFhMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLv0DlF4F1QTMZxgUahBW0++rXxV
S2LvCr86GTzrRWzShZVRRKlyCDhr37L03sIJ5fsMaU9q0/ZbeGigRzIvcdVWP6yB
iS1pNg6ao+fMhh4uhbJkrLnWPVGP6lC25VA2F5mi389/bhqpaQyHgzHmkKnL/wxz
VTOV9kCmzuocj/kp4Hga9SmFcZ6EAuRNLZ4PcQ6TMHWoxRt3w4dKG1ikMO08Hs7v
KM5OY34enYm2YazI4gUqvmSSwoKW1mNm+fO+fXzQThHpwYtKB+/TmotMPfnz9AIW
QGSKyj+j/APX+CGZAKLDBeomQy9vWtG8sbQ9iWMRg85xYy7/EG/K5MzAGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmV+9aYfEGh0wylGf2sFrCd0aKfMB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvU1pYNzFwaDhRYUhUREtVWl9hd1dzSjNSb3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQCT9MuizpAeRJur+HO4Xd6xGH7J6sBifLeqv/fRxhQz
/UOLcLBR1cYr/EylSpvyx0dxOoUGi+hxiYH8b8J5Tixn/O2Rv96Z44EAQOM0oZlw
5AoywlzGIJiMTOkAxffx2z9XE1uYTxeDkKDi0G6ZlBIjG6LFsSRBR7U+CBCzH1h9
gW6QDfcGIWGkxk9ElTdCWVHWeH4xWnE7enD2FlSioy6udKJpGIvHoPb0ZAvE87no
nVKrSjKW6Qzc7WtsOHHBKYfgRDlUZS9SSMVpZHcBETlmpzYAPcAgBqX6hYlMDaum
oGzoCnEXtZYeTAD87reD0Y2v+1ceyY3C+cK8AhYltIKw
-----END CERTIFICATE-----