This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ZvNsehsJsVXaNDRPVWkhYZcK6Xo.roa
File:                     ZvNsehsJsVXaNDRPVWkhYZcK6Xo.roa (raw, json)
Hash identifier:          q92Hm7FMaXG9YmSNI2PIxNNQ0GCpQNVFiLDNnMVXDF4=
Subject key identifier:   66:F3:6C:7A:1B:09:B1:55:DA:34:34:4F:55:69:21:61:97:0A:E9:7A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019AD0E65A06D9A6AF241ABBAADA672A1C52
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ZvNsehsJsVXaNDRPVWkhYZcK6Xo.roa
Signing time:             Sat 29 Nov 2025 18:35:48 +0000
ROA not before:           Sat 29 Nov 2025 18:35:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202799
IP address blocks:        147.45.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d0:e6:5a:06:d9:a6:af:24:1a:bb:aa:da:67:2a:1c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov 29 18:35:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66f36c7a1b09b155da34344f55692161970ae97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4b:ea:22:12:a6:dd:fc:a4:6d:1a:69:1b:c5:
                    d8:58:75:fe:ed:d6:0d:3c:4f:3a:4d:43:6a:e2:7a:
                    2a:bf:cc:e7:c0:00:5e:39:91:01:84:9b:46:9f:06:
                    9e:0d:c7:53:3e:d9:f3:6f:31:7c:f1:46:f3:3d:95:
                    f5:2f:2d:49:f4:e0:5c:de:09:f1:4a:5d:24:93:c9:
                    4f:6c:f1:11:62:fd:4f:55:54:0c:bb:41:7f:bc:cd:
                    4f:c2:8e:dc:3d:d9:a1:05:d5:b7:39:39:7f:05:47:
                    fc:0e:5a:1a:86:6f:13:83:64:4c:b6:85:87:82:00:
                    b3:37:99:3b:5a:55:74:83:18:01:e6:dd:be:35:51:
                    4f:ea:39:10:9b:25:5a:bc:9d:c8:b0:e1:2e:38:1d:
                    dd:3e:b9:b6:5a:f9:00:e0:31:f7:de:d4:34:61:77:
                    33:19:65:65:b3:e0:13:4a:dd:50:a5:d2:6f:11:6b:
                    df:ff:e3:0a:ff:14:64:00:69:1a:d4:f7:9c:f4:f2:
                    3f:65:4f:40:6c:c3:66:d2:3e:86:26:a0:a7:7d:8f:
                    63:2f:f4:98:b7:0c:79:22:81:ec:94:a0:5d:c8:8e:
                    1f:56:ca:88:3f:e2:f7:b2:6e:d6:c5:e0:f7:3b:d4:
                    a3:14:a5:cf:78:82:cc:f9:9e:d9:29:a2:05:f4:a3:
                    ac:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F3:6C:7A:1B:09:B1:55:DA:34:34:4F:55:69:21:61:97:0A:E9:7A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ZvNsehsJsVXaNDRPVWkhYZcK6Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:b9:3c:a3:7c:4a:a4:c3:6d:99:eb:13:92:89:14:f3:6c:13:
         5f:30:b0:26:25:01:67:9d:70:56:b3:1b:2d:e4:c5:49:95:70:
         95:50:12:2f:c5:07:3a:8f:f7:2c:a2:2f:34:e4:f9:bc:2e:86:
         60:90:6a:19:ea:ae:6a:21:2d:67:49:70:74:c8:1b:5c:a5:2c:
         71:95:73:de:0f:9b:66:16:5e:6f:a0:e6:9f:97:5e:b7:f0:4a:
         7f:ad:ec:84:13:8d:a7:43:6f:62:08:78:4d:1d:84:08:63:0a:
         62:45:93:0f:f1:09:00:ad:db:13:38:bc:4b:04:00:09:dd:20:
         2e:b7:dc:74:bb:12:f4:86:27:a1:cc:45:09:25:96:74:95:fe:
         f4:4a:97:3d:69:36:58:73:d3:a0:ec:bf:30:cd:c2:4e:2f:d4:
         b5:3d:00:1f:2b:85:5c:57:f4:e1:7e:da:38:aa:ba:a2:ef:a0:
         be:2d:24:19:21:13:57:63:56:55:b8:0b:99:7d:95:59:77:91:
         a8:6d:91:ce:15:84:13:66:a1:dd:85:cf:9c:9d:13:a2:8d:40:
         e8:fb:d7:7d:3e:7f:1d:3a:1e:97:25:f5:bf:8d:45:3f:6a:84:
         4c:29:6c:0e:d2:98:9d:15:f1:b2:34:9e:e6:1d:69:c9:23:b4:
         d5:e3:de:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrQ5loG2aavJBq7qtpnKhxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMTI5MTgzNTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmYzNmM3YTFiMDliMTU1ZGEzNDM0NGY1NTY5MjE2MTk3MGFlOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0vqIhKm3fykbRppG8XYWHX+7dYN
PE86TUNq4noqv8znwABeOZEBhJtGnwaeDcdTPtnzbzF88UbzPZX1Ly1J9OBc3gnx
Sl0kk8lPbPERYv1PVVQMu0F/vM1Pwo7cPdmhBdW3OTl/BUf8Dloahm8Tg2RMtoWH
ggCzN5k7WlV0gxgB5t2+NVFP6jkQmyVavJ3IsOEuOB3dPrm2WvkA4DH33tQ0YXcz
GWVls+ATSt1QpdJvEWvf/+MK/xRkAGka1Pec9PI/ZU9AbMNm0j6GJqCnfY9jL/SY
twx5IoHslKBdyI4fVsqIP+L3sm7WxeD3O9SjFKXPeILM+Z7ZKaIF9KOsxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbzbHobCbFV2jQ0T1VpIWGXCul6MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWnZOc2Voc0pzVlhhTkRSUFZXa2hZWmNLNlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky0sMA0G
CSqGSIb3DQEBCwUAA4IBAQB0uTyjfEqkw22Z6xOSiRTzbBNfMLAmJQFnnXBWsxst
5MVJlXCVUBIvxQc6j/csoi805Pm8LoZgkGoZ6q5qIS1nSXB0yBtcpSxxlXPeD5tm
Fl5voOafl1638Ep/reyEE42nQ29iCHhNHYQIYwpiRZMP8QkArdsTOLxLBAAJ3SAu
t9x0uxL0hiehzEUJJZZ0lf70Spc9aTZYc9Og7L8wzcJOL9S1PQAfK4VcV/Thfto4
qrqi76C+LSQZIRNXY1ZVuAuZfZVZd5GobZHOFYQTZqHdhc+cnROijUDo+9d9Pn8d
Oh6XJfW/jUU/aoRMKWwO0pidFfGyNJ7mHWnJI7TV494T
-----END CERTIFICATE-----