This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/ZH-fOKhfhXtTvq5cNeuUVWkcFIQ.roa
File:                     ZH-fOKhfhXtTvq5cNeuUVWkcFIQ.roa (raw, json)
Hash identifier:          2xvhce+amLHD9b2VUMk2z7GO/hZOLwWwWRJLNXmF+4g=
Subject key identifier:   64:7F:9F:38:A8:5F:85:7B:53:BE:AE:5C:35:EB:94:55:69:1C:14:84
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       019B7C120F2DB01982D92CE56D03969C953F
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/ZH-fOKhfhXtTvq5cNeuUVWkcFIQ.roa
Signing time:             Fri 02 Jan 2026 00:18:36 +0000
ROA not before:           Fri 02 Jan 2026 00:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49961
IP address blocks:        212.99.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:0f:2d:b0:19:82:d9:2c:e5:6d:03:96:9c:95:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  2 00:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=647f9f38a85f857b53beae5c35eb9455691c1484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:24:25:32:f8:b2:4e:e1:d7:c3:73:1d:4b:da:
                    5b:04:02:db:ae:cc:82:41:98:da:3e:b3:65:df:2b:
                    d7:4a:e9:00:d9:54:34:3b:3a:35:fe:88:97:11:e2:
                    f9:d7:8d:bb:5e:e7:b8:bb:73:ea:59:3e:31:d7:63:
                    3d:ed:4f:b4:cd:2f:03:86:70:4a:f6:53:48:4a:b2:
                    05:c5:a9:33:13:12:67:6d:3c:78:79:bc:cb:5e:24:
                    6e:1b:c1:d6:90:eb:ed:23:a2:08:00:67:ef:29:96:
                    8c:65:5b:54:36:9f:af:a1:aa:c3:1b:eb:c5:54:12:
                    60:5c:d9:e4:9d:e7:7a:7f:82:b1:63:55:0f:e7:ca:
                    12:51:30:0d:7c:7d:3e:0e:e6:0c:dd:82:b4:d9:58:
                    96:13:93:6d:a8:7b:95:35:6e:d0:6e:32:3b:96:ea:
                    c7:96:c4:37:c3:46:7e:e9:18:0a:84:89:aa:84:97:
                    00:7d:22:d1:f2:bc:0a:a7:52:45:8c:05:2e:95:75:
                    40:1c:20:94:c0:cf:b0:38:b1:fe:14:19:cb:6c:08:
                    a2:d2:68:55:fc:c9:2d:29:d9:b9:eb:ce:c0:75:63:
                    d3:71:f2:32:b4:a3:7b:16:a3:10:1d:eb:d8:ac:e4:
                    f7:09:51:87:54:9e:f5:e4:a5:7f:16:34:ec:a9:46:
                    99:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7F:9F:38:A8:5F:85:7B:53:BE:AE:5C:35:EB:94:55:69:1C:14:84
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/ZH-fOKhfhXtTvq5cNeuUVWkcFIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.99.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:32:1d:59:4b:fc:db:90:8d:a1:12:cc:4b:59:e2:e7:6e:da:
         b5:7c:9f:fa:08:00:f8:2b:e9:0a:0c:35:e1:b8:0e:57:af:f9:
         bf:82:03:8e:77:f7:46:d8:dd:65:4f:21:d0:38:f8:6c:99:86:
         58:ab:df:f6:5d:d1:95:49:db:90:6f:1a:37:2b:fc:79:22:8a:
         00:46:4e:d7:d3:d5:da:93:f7:f3:b8:46:16:32:db:4c:7d:d8:
         ab:a7:cf:59:f2:72:a1:98:22:3d:df:67:38:b6:3b:58:34:f0:
         7e:65:bd:22:8e:96:1f:fc:5a:9f:c5:80:be:e4:e4:cf:d4:49:
         02:a4:2a:8f:38:67:22:e8:97:57:e9:a9:53:77:3a:3d:40:bd:
         62:b9:1e:ec:f4:d4:b3:10:97:1f:85:9c:a3:d8:28:e8:60:ec:
         ea:7b:18:ab:7e:72:62:ce:7c:6f:b4:65:3f:87:bd:c3:6e:b2:
         3a:56:6b:83:26:5c:cf:0c:4f:27:5f:31:89:14:2f:a0:b0:83:
         fd:c5:a7:58:b2:8f:b2:ec:1c:5f:2a:3f:95:40:75:4e:da:49:
         21:2b:32:ea:8e:d7:4a:60:d1:1e:03:be:c3:ff:84:6d:40:b2:
         56:6e:10:95:ce:fa:72:bc:80:02:b2:7f:ff:8f:97:7a:9a:e6:
         50:4c:2d:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eg8tsBmC2SzlbQOWnJU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjYwMTAyMDAxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDdmOWYzOGE4NWY4NTdiNTNiZWFlNWMzNWViOTQ1NTY5MWMxNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iQlMviyTuHXw3MdS9pbBALbrsyC
QZjaPrNl3yvXSukA2VQ0Ozo1/oiXEeL51427Xue4u3PqWT4x12M97U+0zS8DhnBK
9lNISrIFxakzExJnbTx4ebzLXiRuG8HWkOvtI6IIAGfvKZaMZVtUNp+voarDG+vF
VBJgXNnkned6f4KxY1UP58oSUTANfH0+DuYM3YK02ViWE5NtqHuVNW7QbjI7lurH
lsQ3w0Z+6RgKhImqhJcAfSLR8rwKp1JFjAUulXVAHCCUwM+wOLH+FBnLbAii0mhV
/MktKdm5687AdWPTcfIytKN7FqMQHevYrOT3CVGHVJ715KV/FjTsqUaZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGR/nzioX4V7U76uXDXrlFVpHBSEMB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvWkgtZk9LaGZoWHRUdnE1Y05ldVVWV2tjRklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GMPMA0G
CSqGSIb3DQEBCwUAA4IBAQBdMh1ZS/zbkI2hEsxLWeLnbtq1fJ/6CAD4K+kKDDXh
uA5Xr/m/ggOOd/dG2N1lTyHQOPhsmYZYq9/2XdGVSduQbxo3K/x5IooARk7X09Xa
k/fzuEYWMttMfdirp89Z8nKhmCI932c4tjtYNPB+Zb0ijpYf/FqfxYC+5OTP1EkC
pCqPOGci6JdX6alTdzo9QL1iuR7s9NSzEJcfhZyj2CjoYOzqexirfnJiznxvtGU/
h73DbrI6VmuDJlzPDE8nXzGJFC+gsIP9xadYso+y7BxfKj+VQHVO2kkhKzLqjtdK
YNEeA77D/4RtQLJWbhCVzvpyvIACsn//j5d6muZQTC0G
-----END CERTIFICATE-----