This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/ZbbPFYZ5et4E0DLQLx7QgD_-n_4.roa
File:                     ZbbPFYZ5et4E0DLQLx7QgD_-n_4.roa (raw, json)
Hash identifier:          kpo5V1Kis4etv3McfweDJYMJDNmzmYsbcpdv1gAavks=
Subject key identifier:   65:B6:CF:15:86:79:7A:DE:04:D0:32:D0:2F:1E:D0:80:3F:FE:9F:FE
Certificate issuer:       /CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
Certificate serial:       019B797DF956AA78F16957AC19E268917082
Authority key identifier: 0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/ZbbPFYZ5et4E0DLQLx7QgD_-n_4.roa
Signing time:             Thu 01 Jan 2026 12:17:37 +0000
ROA not before:           Thu 01 Jan 2026 12:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        31.217.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:f9:56:aa:78:f1:69:57:ac:19:e2:68:91:70:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
        Validity
            Not Before: Jan  1 12:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65b6cf1586797ade04d032d02f1ed0803ffe9ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cd:f9:18:44:66:e9:19:78:aa:a6:a8:f5:6f:
                    14:8e:96:14:c9:26:08:ea:22:aa:df:a6:54:84:98:
                    3c:ba:b1:6e:1c:c2:8d:9e:fc:1c:0c:76:0a:19:70:
                    f0:fe:8d:f0:c1:e3:c9:fa:35:8d:f1:03:96:28:8e:
                    43:ff:c9:11:d6:66:2c:a3:e3:6e:11:41:9d:15:65:
                    ba:97:8c:b7:71:41:15:99:d9:8e:1e:61:f3:d3:e2:
                    7a:5f:7a:be:9f:73:45:f6:cc:0d:c1:4d:b8:8a:84:
                    67:39:90:59:f6:d0:60:a0:e6:59:18:c6:3f:6f:9b:
                    54:13:5f:8b:e1:cb:b1:13:b2:cf:cf:f3:2a:07:99:
                    f5:d1:3e:d6:e8:b0:b8:03:f1:e4:9a:df:47:0b:26:
                    79:89:b6:fd:5f:9e:ec:17:0f:14:76:3b:27:ea:70:
                    dc:da:0e:94:ff:97:31:06:2c:70:9b:4e:51:16:d5:
                    8f:76:e9:d9:41:de:bb:be:6f:f3:26:8d:9f:80:c0:
                    f6:bc:f7:7f:1e:98:7c:58:d0:5d:ab:c7:66:bf:f3:
                    50:ba:e3:a5:a7:be:b1:25:49:6b:30:b2:4a:ad:b8:
                    da:dd:b5:98:3a:9e:df:4d:53:34:13:65:61:98:64:
                    95:13:5d:fe:57:7b:c9:5a:ac:74:ec:29:0e:5a:f6:
                    dd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B6:CF:15:86:79:7A:DE:04:D0:32:D0:2F:1E:D0:80:3F:FE:9F:FE
            X509v3 Authority Key Identifier:
                keyid:0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/ZbbPFYZ5et4E0DLQLx7QgD_-n_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e8:b1:a0:98:11:70:d8:f1:aa:77:99:37:fb:d9:27:5d:69:
         a6:dc:f0:ab:61:f9:21:94:36:48:dd:90:98:3c:46:da:f6:13:
         32:bc:7c:a4:d7:ea:dc:73:b3:93:0c:55:39:b0:9c:4d:22:23:
         61:b5:80:4e:24:84:8a:c6:d3:3d:f2:da:96:4d:fe:ed:3a:9c:
         21:70:24:0e:e7:5a:53:ad:bf:61:c5:c4:d7:5e:7b:2a:2a:ad:
         53:22:c3:36:2b:69:f1:04:45:e2:05:37:be:1d:be:2a:e2:df:
         2a:9d:ae:3c:18:95:4a:b7:3b:f9:60:d5:e3:a0:12:22:b1:41:
         11:33:f2:10:09:e4:e0:d8:53:2c:ef:81:f1:da:f3:f0:ce:c2:
         3b:51:ad:be:38:92:f8:d8:f7:f7:a0:d6:bb:8b:ba:48:23:ff:
         de:4a:4c:f0:e0:30:e7:18:67:75:ec:df:82:d8:09:8b:01:d3:
         76:22:48:75:57:83:fd:46:e0:4d:76:bf:bb:ad:8d:07:70:3c:
         b5:26:86:f8:39:bb:c3:73:53:23:9c:f3:c8:79:3e:0f:bb:a2:
         6f:fe:40:16:e0:b0:cf:8c:96:a3:5c:1c:9d:b7:54:0c:eb:38:
         4e:c6:91:b8:99:22:1b:a7:51:f9:2d:70:cb:0c:4d:9c:1c:7f:
         36:db:49:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fflWqnjxaVesGeJokXCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjk4OTAwMzU1ZmRmNDI1NGMyMDgzMWYyZDdlZTNiZWM0
MjliZGIwHhcNMjYwMTAxMTIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI2Y2YxNTg2Nzk3YWRlMDRkMDMyZDAyZjFlZDA4MDNmZmU5ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s35GERm6Rl4qqao9W8UjpYUySYI
6iKq36ZUhJg8urFuHMKNnvwcDHYKGXDw/o3wwePJ+jWN8QOWKI5D/8kR1mYso+Nu
EUGdFWW6l4y3cUEVmdmOHmHz0+J6X3q+n3NF9swNwU24ioRnOZBZ9tBgoOZZGMY/
b5tUE1+L4cuxE7LPz/MqB5n10T7W6LC4A/Hkmt9HCyZ5ibb9X57sFw8Udjsn6nDc
2g6U/5cxBixwm05RFtWPdunZQd67vm/zJo2fgMD2vPd/Hph8WNBdq8dmv/NQuuOl
p76xJUlrMLJKrbja3bWYOp7fTVM0E2VhmGSVE13+V3vJWqx07CkOWvbdfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGW2zxWGeXreBNAy0C8e0IA//p/+MB8GA1UdIwQY
MBaAFA4piQA1X99CVMIIMfLX7jvsQpvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYt
M2U0Yjc0ZGQwNThkLzEvWmJiUEZZWjVldDRFMERMUUx4N1FnRF8tbl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYtM2U0Yjc0ZGQwNThk
LzEvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9n6MA0G
CSqGSIb3DQEBCwUAA4IBAQBS6LGgmBFw2PGqd5k3+9knXWmm3PCrYfkhlDZI3ZCY
PEba9hMyvHyk1+rcc7OTDFU5sJxNIiNhtYBOJISKxtM98tqWTf7tOpwhcCQO51pT
rb9hxcTXXnsqKq1TIsM2K2nxBEXiBTe+Hb4q4t8qna48GJVKtzv5YNXjoBIisUER
M/IQCeTg2FMs74Hx2vPwzsI7Ua2+OJL42Pf3oNa7i7pII//eSkzw4DDnGGd17N+C
2AmLAdN2Ikh1V4P9RuBNdr+7rY0HcDy1Job4ObvDc1MjnPPIeT4Pu6Jv/kAW4LDP
jJajXBydt1QM6zhOxpG4mSIbp1H5LXDLDE2cHH8220nh
-----END CERTIFICATE-----