This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/ZX0valTvB4XUFb2t2MvkLevuS6o.roa
File:                     ZX0valTvB4XUFb2t2MvkLevuS6o.roa (raw, json)
Hash identifier:          mqjFEPpJKWkFc8eYY9RB4MA5DD2L0uPMPEokQ0eKgy4=
Subject key identifier:   65:7D:2F:6A:54:EF:07:85:D4:15:BD:AD:D8:CB:E4:2D:EB:EE:4B:AA
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       019B7F15A9BA46F326150F7F06B057812385
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/ZX0valTvB4XUFb2t2MvkLevuS6o.roa
Signing time:             Fri 02 Jan 2026 14:21:24 +0000
ROA not before:           Fri 02 Jan 2026 14:21:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3356
IP address blocks:        185.34.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:a9:ba:46:f3:26:15:0f:7f:06:b0:57:81:23:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  2 14:21:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=657d2f6a54ef0785d415bdadd8cbe42debee4baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:20:5b:90:57:a7:e2:24:f8:e3:22:9b:27:fc:
                    bf:db:80:a8:38:7a:e1:f6:c5:10:da:4d:38:13:3b:
                    c8:62:bb:de:46:ac:48:18:72:76:a9:3a:9c:aa:78:
                    79:c1:1a:15:0e:bd:42:d5:88:5e:f9:cd:dc:54:fd:
                    91:de:ce:9b:a7:9d:77:38:6a:f9:f1:77:1a:7a:f7:
                    d3:ac:42:ac:49:b5:75:73:36:03:09:7a:0f:ab:7f:
                    09:1a:08:64:7d:d0:4a:33:ad:91:bc:76:6f:65:e9:
                    3d:e8:68:a5:4c:35:db:00:49:0b:75:f2:dd:29:aa:
                    e3:e9:e4:7c:2f:32:e1:a4:d0:42:09:c5:b9:e0:89:
                    1d:c6:73:6e:20:aa:36:aa:5a:09:2f:3f:c8:1c:7f:
                    9b:68:3f:b6:bd:19:ce:0d:13:c0:5e:79:cc:e4:ec:
                    da:17:85:0d:f8:3d:df:0a:82:89:f5:5a:ab:77:6c:
                    89:5f:16:d7:c7:95:02:fd:e8:3d:e7:80:0f:7f:bb:
                    d0:86:f7:7b:ad:c9:3a:5c:48:59:64:e0:de:a4:6a:
                    aa:aa:b4:5c:ea:0d:a0:f7:6a:ec:bc:00:71:59:f9:
                    11:e1:60:6d:f8:16:79:74:5e:6c:b2:f8:a8:23:f7:
                    98:53:94:f9:2c:dd:4c:37:bc:f5:1e:a2:5a:1f:3f:
                    3e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7D:2F:6A:54:EF:07:85:D4:15:BD:AD:D8:CB:E4:2D:EB:EE:4B:AA
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/ZX0valTvB4XUFb2t2MvkLevuS6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:bc:32:39:ec:4b:92:81:a2:7f:04:d5:35:81:a6:15:77:99:
         c1:44:42:0d:db:88:ff:b8:68:a4:a0:b8:70:22:c3:41:4f:62:
         25:b8:fb:df:d8:4e:bf:5e:bb:3a:7f:65:e5:5e:7e:97:fa:d3:
         f3:2a:d8:53:97:7f:57:54:c7:99:ae:3a:1a:08:4f:c8:34:57:
         ab:9c:68:f3:03:30:e3:f2:78:b0:cc:2a:1f:e3:aa:74:25:2e:
         84:4c:bc:1e:98:9a:1a:21:21:1d:27:36:3e:bf:66:c0:0c:a5:
         86:d2:7f:24:67:75:c9:6a:f1:49:50:c8:37:26:82:35:18:72:
         b2:80:55:ba:97:da:17:81:f2:e5:69:c1:67:a9:32:ae:df:7a:
         0b:a0:0d:97:ff:2b:7c:1c:34:91:f5:a3:ad:1a:e0:11:c6:a1:
         85:dc:66:f4:7b:48:19:5a:fd:b3:f6:2d:56:9b:05:09:24:c8:
         66:67:7c:8d:87:b6:56:a1:12:86:ad:07:26:d8:d7:88:49:f8:
         e4:43:2b:c4:68:68:0d:53:aa:22:d8:52:16:33:61:2f:b5:6f:
         30:fd:7f:92:ba:c1:5b:a9:04:5c:1f:11:e1:e2:78:ed:a9:da:
         da:75:66:c0:32:48:5a:1b:67:f1:ff:d6:d4:58:91:1e:41:79:
         a2:83:1a:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fam6RvMmFQ9/BrBXgSOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjYwMTAyMTQyMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdkMmY2YTU0ZWYwNzg1ZDQxNWJkYWRkOGNiZTQyZGViZWU0YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yBbkFen4iT44yKbJ/y/24CoOHrh
9sUQ2k04EzvIYrveRqxIGHJ2qTqcqnh5wRoVDr1C1Yhe+c3cVP2R3s6bp513OGr5
8XcaevfTrEKsSbV1czYDCXoPq38JGghkfdBKM62RvHZvZek96GilTDXbAEkLdfLd
Karj6eR8LzLhpNBCCcW54IkdxnNuIKo2qloJLz/IHH+baD+2vRnODRPAXnnM5Oza
F4UN+D3fCoKJ9Vqrd2yJXxbXx5UC/eg954APf7vQhvd7rck6XEhZZODepGqqqrRc
6g2g92rsvABxWfkR4WBt+BZ5dF5ssvioI/eYU5T5LN1MN7z1HqJaHz8+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV9L2pU7weF1BW9rdjL5C3r7kuqMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvWlgwdmFsVHZCNFhVRmIydDJNdmtMZXZ1UzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSI4MA0G
CSqGSIb3DQEBCwUAA4IBAQB4vDI57EuSgaJ/BNU1gaYVd5nBREIN24j/uGikoLhw
IsNBT2IluPvf2E6/Xrs6f2XlXn6X+tPzKthTl39XVMeZrjoaCE/INFernGjzAzDj
8niwzCof46p0JS6ETLwemJoaISEdJzY+v2bADKWG0n8kZ3XJavFJUMg3JoI1GHKy
gFW6l9oXgfLlacFnqTKu33oLoA2X/yt8HDSR9aOtGuARxqGF3Gb0e0gZWv2z9i1W
mwUJJMhmZ3yNh7ZWoRKGrQcm2NeISfjkQyvEaGgNU6oi2FIWM2EvtW8w/X+SusFb
qQRcHxHh4njtqdradWbAMkhaG2fx/9bUWJEeQXmigxpa
-----END CERTIFICATE-----