This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ZGekjXEzpu_RZ-7_vyg6Eo2ZkNk.roa
File:                     ZGekjXEzpu_RZ-7_vyg6Eo2ZkNk.roa (raw, json)
Hash identifier:          g9zJSRkWxGZifxxDK0NFw2MI+0xI5nvgLjURj1IFEFw=
Subject key identifier:   64:67:A4:8D:71:33:A6:EF:D1:67:EE:FF:BF:28:3A:12:8D:99:90:D9
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       019B7F82282D855DDA55937BD7BB1DBD5971
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ZGekjXEzpu_RZ-7_vyg6Eo2ZkNk.roa
Signing time:             Fri 02 Jan 2026 16:19:54 +0000
ROA not before:           Fri 02 Jan 2026 16:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2854
IP address blocks:        91.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:28:2d:85:5d:da:55:93:7b:d7:bb:1d:bd:59:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: Jan  2 16:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6467a48d7133a6efd167eeffbf283a128d9990d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1a:4d:79:e2:8f:05:8b:1a:e8:8c:e5:f6:1f:
                    7a:1f:b1:fb:ce:c7:cb:d4:1c:25:3c:0d:1c:b7:f5:
                    33:ef:12:20:d6:1a:5f:6b:1f:68:07:77:c0:1a:ca:
                    ef:74:bd:79:c2:74:be:4f:a2:e9:97:be:1c:ce:2e:
                    1a:d4:38:47:d8:07:b0:05:95:b4:45:58:38:5d:ad:
                    8d:41:4d:d8:11:e6:e2:35:6e:21:04:e8:54:83:43:
                    02:ec:7d:ce:96:69:3b:14:6f:80:7c:1a:b5:83:18:
                    26:ca:f0:04:e4:2e:57:73:94:ae:9f:1b:9c:e2:73:
                    d8:c5:0b:64:b5:92:6d:22:15:e6:ca:1f:e0:5d:79:
                    28:8b:21:97:4f:ae:24:b6:54:25:e1:d6:c4:15:5c:
                    93:b5:e5:41:09:33:06:95:aa:7f:b7:4f:ef:28:d2:
                    b7:7b:73:16:61:f4:b2:52:08:75:db:cb:59:07:cb:
                    a4:c9:73:46:fb:47:03:bb:40:97:3e:f7:21:32:ad:
                    4b:3a:e3:06:23:4c:3f:cb:1a:c9:f5:f8:2a:59:a3:
                    b0:23:25:c8:c0:08:97:74:bc:1f:f2:d2:0e:8c:e2:
                    96:9e:80:99:0f:ee:b7:ad:74:6f:c5:10:a6:9d:f2:
                    8f:f6:f5:bf:16:1a:7d:e9:73:7a:ca:93:13:30:b1:
                    78:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:67:A4:8D:71:33:A6:EF:D1:67:EE:FF:BF:28:3A:12:8D:99:90:D9
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ZGekjXEzpu_RZ-7_vyg6Eo2ZkNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:04:27:e7:4b:35:b3:5d:c0:9b:39:6d:99:bf:96:f7:bf:ad:
         e6:4e:fe:f8:fc:62:65:e9:1c:44:c3:cc:fa:a6:5b:5b:9d:3f:
         0a:8e:41:aa:98:57:80:21:e9:45:9f:44:08:81:6e:0c:d8:ab:
         a0:a9:41:5b:72:88:c5:31:2f:13:39:de:f3:a7:8f:c0:57:8f:
         6e:c6:31:4c:9b:a6:43:6a:39:64:56:f4:32:f3:de:ee:2e:30:
         2e:3a:70:1b:3c:45:59:53:bf:8a:01:be:84:99:83:ac:cc:02:
         be:89:b2:3c:d7:5e:6b:02:4b:6d:da:06:79:96:bf:c2:d5:fe:
         20:34:90:1c:42:cb:33:a3:23:78:4e:39:f5:e8:ff:76:3c:b9:
         46:ec:50:b6:d2:57:2b:e3:9f:39:df:f8:6e:ad:64:dd:f3:0f:
         5d:53:b2:83:16:92:34:c3:35:d2:a0:05:fc:65:50:d8:da:99:
         dc:23:cb:31:90:5d:91:90:f2:a7:8c:4d:58:9a:34:a2:32:f6:
         41:24:71:b1:d9:d6:0e:12:f1:53:b9:bf:42:b0:d3:ad:79:68:
         a3:3f:01:da:98:23:1f:75:26:91:be:7c:9a:8c:04:68:50:63:
         67:87:41:d6:07:19:3d:9d:6f:58:63:98:8f:a8:5d:e7:70:7f:
         20:91:71:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gigthV3aVZN717sdvVlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjYwMTAyMTYxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDY3YTQ4ZDcxMzNhNmVmZDE2N2VlZmZiZjI4M2ExMjhkOTk5MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhpNeeKPBYsa6Izl9h96H7H7zsfL
1BwlPA0ct/Uz7xIg1hpfax9oB3fAGsrvdL15wnS+T6Lpl74czi4a1DhH2AewBZW0
RVg4Xa2NQU3YEebiNW4hBOhUg0MC7H3Olmk7FG+AfBq1gxgmyvAE5C5Xc5Sunxuc
4nPYxQtktZJtIhXmyh/gXXkoiyGXT64ktlQl4dbEFVyTteVBCTMGlap/t0/vKNK3
e3MWYfSyUgh128tZB8ukyXNG+0cDu0CXPvchMq1LOuMGI0w/yxrJ9fgqWaOwIyXI
wAiXdLwf8tIOjOKWnoCZD+63rXRvxRCmnfKP9vW/Fhp96XN6ypMTMLF40QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRnpI1xM6bv0Wfu/78oOhKNmZDZMB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEvWkdla2pYRXpwdV9SWi03X3Z5ZzZFbzJaa05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQBTBCfnSzWzXcCbOW2Zv5b3v63mTv74/GJl6RxEw8z6
pltbnT8KjkGqmFeAIelFn0QIgW4M2KugqUFbcojFMS8TOd7zp4/AV49uxjFMm6ZD
ajlkVvQy897uLjAuOnAbPEVZU7+KAb6EmYOszAK+ibI8115rAktt2gZ5lr/C1f4g
NJAcQsszoyN4Tjn16P92PLlG7FC20lcr45853/hurWTd8w9dU7KDFpI0wzXSoAX8
ZVDY2pncI8sxkF2RkPKnjE1YmjSiMvZBJHGx2dYOEvFTub9CsNOteWijPwHamCMf
dSaRvnyajARoUGNnh0HWBxk9nW9YY5iPqF3ncH8gkXFI
-----END CERTIFICATE-----