This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZSW23YwH4XzEhsypid4J24T-kFM.roa
File:                     ZSW23YwH4XzEhsypid4J24T-kFM.roa (raw, json)
Hash identifier:          U7IODZ8xIpPfmadI09khER9WNVurzvDftSLrxaFnTq4=
Subject key identifier:   65:25:B6:DD:8C:07:E1:7C:C4:86:CC:A9:89:DE:09:DB:84:FE:90:53
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8552185FCAA4592DE602EACD0F45AE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZSW23YwH4XzEhsypid4J24T-kFM.roa
Signing time:             Fri 02 Jan 2026 16:23:22 +0000
ROA not before:           Fri 02 Jan 2026 16:23:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        195.133.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:52:18:5f:ca:a4:59:2d:e6:02:ea:cd:0f:45:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6525b6dd8c07e17cc486cca989de09db84fe9053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3d:e4:67:fd:5c:3c:30:d9:3d:d3:0d:7a:16:
                    47:25:43:4d:ed:79:b9:22:8f:a3:bd:0d:61:6e:19:
                    c0:75:d0:fa:ba:89:a3:73:06:0d:2f:a4:e6:da:86:
                    60:59:63:3b:8e:69:5f:3b:d6:ac:29:2b:1b:d7:40:
                    65:0f:7a:ff:46:cb:d3:a3:47:f2:3c:1d:c0:3c:51:
                    70:be:a6:8a:14:2e:7f:db:dc:98:d8:e1:48:68:9b:
                    11:ab:3a:b9:7b:b9:dd:a6:95:65:f6:95:ac:9a:a6:
                    4f:e5:b3:66:57:c9:39:b4:2b:d0:df:3c:3e:77:21:
                    06:a8:85:d9:1c:ca:8e:c7:40:ca:6e:f4:b7:da:96:
                    f9:24:f7:b0:00:88:6c:d7:60:07:5a:1d:49:9c:bb:
                    a6:16:68:5b:0f:64:ac:89:39:65:7c:a9:65:6b:b4:
                    c3:65:f9:a4:c3:94:8f:10:02:93:e4:56:e2:28:a9:
                    31:4c:f4:ea:2a:26:77:96:c4:e2:3a:0d:9e:b1:c3:
                    a2:e1:e2:8e:32:1f:ec:55:28:4c:1a:18:c8:73:c9:
                    12:93:5d:30:ac:b5:0e:7f:6a:12:d7:66:c5:58:c8:
                    bc:27:95:2c:46:b1:fd:37:e2:4f:d1:f2:d2:bc:40:
                    4e:81:44:bd:47:aa:2c:67:28:79:c4:e9:38:f5:9a:
                    cf:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:25:B6:DD:8C:07:E1:7C:C4:86:CC:A9:89:DE:09:DB:84:FE:90:53
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZSW23YwH4XzEhsypid4J24T-kFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:44:50:0f:a3:73:43:25:01:b4:b2:25:09:1f:32:ba:75:6c:
         4d:c8:ea:e6:3f:5b:e8:96:04:35:0c:fd:65:83:34:e8:51:d3:
         f4:5e:e5:dd:65:74:1e:68:b3:87:d1:3c:fd:33:f1:ab:93:bf:
         89:04:45:40:96:4b:e6:62:46:66:78:4d:de:81:32:6a:5f:64:
         27:f1:ca:14:65:36:85:95:c4:fe:ae:6e:8f:5d:5f:49:8b:72:
         4b:08:5f:4a:58:1b:50:e5:2a:6c:1a:e2:a2:3d:3d:5f:e1:90:
         e8:d1:d2:85:4d:96:4c:5c:c3:93:5f:3c:59:5e:ac:e2:99:17:
         9f:06:19:9e:4d:64:30:fb:f5:e0:13:80:85:b8:47:c6:da:0c:
         2a:52:25:e6:f1:1e:46:7f:ab:d4:d9:cc:ea:91:73:e3:1d:ad:
         72:aa:e3:5f:c5:fc:c8:b8:b3:0c:f9:4a:63:dd:ec:31:45:7c:
         e6:74:db:8f:1a:95:59:1f:57:5b:f3:0c:dc:57:77:42:f0:6b:
         6f:ac:8e:ab:ee:90:30:f8:6e:fd:20:3a:e4:17:30:10:ea:81:
         64:a8:46:d0:e2:04:18:98:a5:cb:29:5f:df:b9:9a:ab:7b:f2:
         64:5d:e8:de:f0:e0:e8:7d:c4:b2:ee:5c:2f:66:60:e9:7b:0a:
         84:16:8c:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hVIYX8qkWS3mAurND0WuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI1YjZkZDhjMDdlMTdjYzQ4NmNjYTk4OWRlMDlkYjg0ZmU5MDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D3kZ/1cPDDZPdMNehZHJUNN7Xm5
Io+jvQ1hbhnAddD6uomjcwYNL6Tm2oZgWWM7jmlfO9asKSsb10BlD3r/RsvTo0fy
PB3APFFwvqaKFC5/29yY2OFIaJsRqzq5e7ndppVl9pWsmqZP5bNmV8k5tCvQ3zw+
dyEGqIXZHMqOx0DKbvS32pb5JPewAIhs12AHWh1JnLumFmhbD2SsiTllfKlla7TD
Zfmkw5SPEAKT5FbiKKkxTPTqKiZ3lsTiOg2escOi4eKOMh/sVShMGhjIc8kSk10w
rLUOf2oS12bFWMi8J5UsRrH9N+JP0fLSvEBOgUS9R6osZyh5xOk49ZrPuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUltt2MB+F8xIbMqYneCduE/pBTMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWlNXMjNZd0g0WHpFaHN5cGlkNEoyNFQta0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UkMA0G
CSqGSIb3DQEBCwUAA4IBAQBxRFAPo3NDJQG0siUJHzK6dWxNyOrmP1volgQ1DP1l
gzToUdP0XuXdZXQeaLOH0Tz9M/Grk7+JBEVAlkvmYkZmeE3egTJqX2Qn8coUZTaF
lcT+rm6PXV9Ji3JLCF9KWBtQ5SpsGuKiPT1f4ZDo0dKFTZZMXMOTXzxZXqzimRef
BhmeTWQw+/XgE4CFuEfG2gwqUiXm8R5Gf6vU2czqkXPjHa1yquNfxfzIuLMM+Upj
3ewxRXzmdNuPGpVZH1db8wzcV3dC8GtvrI6r7pAw+G79IDrkFzAQ6oFkqEbQ4gQY
mKXLKV/fuZqre/JkXeje8ODofcSy7lwvZmDpewqEFowv
-----END CERTIFICATE-----