This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ZzV_VDVzaIqtDpwjtJwMSnjk_9Y.roa
File:                     ZzV_VDVzaIqtDpwjtJwMSnjk_9Y.roa (raw, json)
Hash identifier:          WaOF2f40LMOuM1ZWX/pUBZ5cJF1/e+UASVUsf1IegLw=
Subject key identifier:   67:35:7F:54:35:73:68:8A:AD:0E:9C:23:B4:9C:0C:4A:78:E4:FF:D6
Certificate issuer:       /CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
Certificate serial:       019B7F8278D09FCE5B2974DD0C22916BC307
Authority key identifier: D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ZzV_VDVzaIqtDpwjtJwMSnjk_9Y.roa
Signing time:             Fri 02 Jan 2026 16:20:15 +0000
ROA not before:           Fri 02 Jan 2026 16:20:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        194.201.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:78:d0:9f:ce:5b:29:74:dd:0c:22:91:6b:c3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
        Validity
            Not Before: Jan  2 16:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67357f543573688aad0e9c23b49c0c4a78e4ffd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:8f:1c:52:6d:b9:0f:fb:f4:c7:43:79:ce:
                    94:64:d0:9f:ba:04:e2:55:e5:13:5f:14:8b:28:0c:
                    fa:a4:c4:2d:04:74:1e:0d:20:64:2a:9f:91:8f:17:
                    b0:76:0f:b1:99:09:08:13:11:5e:9e:43:b2:44:33:
                    40:24:49:3f:86:72:74:e1:39:f7:ff:8b:4b:2c:c7:
                    48:05:db:cd:d4:05:1a:59:91:e5:08:72:7a:0d:b7:
                    65:c7:94:0c:2b:26:50:8e:b6:cd:5b:fb:5c:8a:e1:
                    dd:43:12:e0:de:0b:45:e8:b9:e4:74:1b:c9:e1:45:
                    1e:be:ac:3a:bf:74:c2:3d:79:81:66:1a:8f:73:cc:
                    9f:5a:17:0e:93:17:2a:4d:2a:63:0f:54:8a:1a:1c:
                    48:0c:d9:f2:30:ca:b9:46:35:cf:09:db:f2:a2:cf:
                    be:c9:aa:ab:7d:1a:c3:62:8b:73:89:1e:52:64:aa:
                    21:5a:9e:38:ec:45:c0:9f:e9:c5:78:51:1a:4c:1e:
                    37:30:ad:cb:9e:87:a3:92:d7:7b:73:f2:2d:34:cb:
                    b4:6f:d2:28:30:32:9c:f7:3d:3f:79:7a:ee:00:e9:
                    a4:93:4f:2b:40:b4:70:54:a3:3d:78:df:2d:29:e9:
                    fe:9a:d2:d3:f4:44:61:ab:dc:a2:ba:15:16:e2:49:
                    7d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:35:7F:54:35:73:68:8A:AD:0E:9C:23:B4:9C:0C:4A:78:E4:FF:D6
            X509v3 Authority Key Identifier:
                keyid:D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/ZzV_VDVzaIqtDpwjtJwMSnjk_9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.201.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:1b:7a:6c:32:d5:e0:91:f4:31:e2:46:84:7c:09:59:bd:cf:
         5f:3b:cb:89:7b:be:59:53:c0:74:ab:99:73:f2:a1:94:7f:b4:
         f7:1e:dd:e4:89:1c:3b:b0:9d:22:de:00:ad:a0:60:ef:ed:80:
         a1:b3:82:a7:5d:a6:a1:47:5b:c1:6e:9d:54:38:b2:70:85:a8:
         d4:51:f1:4b:8a:65:ef:ff:2e:a3:27:44:32:3d:21:c0:b5:5b:
         0c:b9:8d:90:8b:4f:20:62:93:74:d2:0d:c9:ea:f6:59:02:de:
         a2:77:40:b3:0d:f2:a6:2e:44:81:94:e1:46:3a:98:73:5d:e5:
         37:a1:89:e7:56:fe:d2:ca:38:b3:e9:53:df:4c:21:69:cd:51:
         cc:37:7e:0a:60:fa:96:64:9b:c6:2b:50:8b:13:03:bf:96:96:
         f0:54:58:c3:13:5b:ed:1e:a2:b7:1d:50:b3:e9:3a:77:d4:cd:
         e2:f6:56:62:eb:1c:23:c3:05:53:de:f6:12:c2:95:39:46:85:
         26:e9:16:4e:a2:d7:5b:8a:f2:1a:3b:8f:41:c7:60:0d:95:c5:
         ef:84:9a:b5:77:b7:d1:8f:78:c1:59:f4:a8:c0:9a:90:ba:e5:
         21:d1:50:8d:1b:be:eb:23:fe:73:68:c5:c5:69:2a:f1:51:38:
         30:f0:da:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gnjQn85bKXTdDCKRa8MHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZjYwYjE3NmQ5NWZkOGQzZDBiZDY1YzVkMTJjODM5NDFm
N2YwNTQwHhcNMjYwMTAyMTYyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM1N2Y1NDM1NzM2ODhhYWQwZTljMjNiNDljMGM0YTc4ZTRmZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotaPHFJtuQ/79MdDec6UZNCfugTi
VeUTXxSLKAz6pMQtBHQeDSBkKp+Rjxewdg+xmQkIExFenkOyRDNAJEk/hnJ04Tn3
/4tLLMdIBdvN1AUaWZHlCHJ6Dbdlx5QMKyZQjrbNW/tciuHdQxLg3gtF6LnkdBvJ
4UUevqw6v3TCPXmBZhqPc8yfWhcOkxcqTSpjD1SKGhxIDNnyMMq5RjXPCdvyos++
yaqrfRrDYotziR5SZKohWp447EXAn+nFeFEaTB43MK3Lnoejktd7c/ItNMu0b9Io
MDKc9z0/eXruAOmkk08rQLRwVKM9eN8tKen+mtLT9ERhq9yiuhUW4kl9bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc1f1Q1c2iKrQ6cI7ScDEp45P/WMB8GA1UdIwQY
MBaAFNP2Cxdtlf2NPQvWXF0SyDlB9/BUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjct
MTE3NWU1YTA3YTU1LzEvWnpWX1ZEVnphSXF0RHB3anRKd01TbmprXzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjctMTE3NWU1YTA3YTU1
LzEvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwsn9MA0G
CSqGSIb3DQEBCwUAA4IBAQBeG3psMtXgkfQx4kaEfAlZvc9fO8uJe75ZU8B0q5lz
8qGUf7T3Ht3kiRw7sJ0i3gCtoGDv7YChs4KnXaahR1vBbp1UOLJwhajUUfFLimXv
/y6jJ0QyPSHAtVsMuY2Qi08gYpN00g3J6vZZAt6id0CzDfKmLkSBlOFGOphzXeU3
oYnnVv7Syjiz6VPfTCFpzVHMN34KYPqWZJvGK1CLEwO/lpbwVFjDE1vtHqK3HVCz
6Tp31M3i9lZi6xwjwwVT3vYSwpU5RoUm6RZOotdbivIaO49Bx2ANlcXvhJq1d7fR
j3jBWfSowJqQuuUh0VCNG77rI/5zaMXFaSrxUTgw8Nol
-----END CERTIFICATE-----