This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/zQ2cPGiLYRorXKpLrmhsMG9Hq3U.roa
File:                     zQ2cPGiLYRorXKpLrmhsMG9Hq3U.roa (raw, json)
Hash identifier:          P9J39aN5PrzHgpi4r/kcvUMTVkDz5wVom73BNd1GNto=
Subject key identifier:   CD:0D:9C:3C:68:8B:61:1A:2B:5C:AA:4B:AE:68:6C:30:6F:47:AB:75
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F145CCDEDC33F60507527E0A8898149
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/zQ2cPGiLYRorXKpLrmhsMG9Hq3U.roa
Signing time:             Fri 02 Jan 2026 14:19:59 +0000
ROA not before:           Fri 02 Jan 2026 14:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205628
IP address blocks:        193.233.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:5c:cd:ed:c3:3f:60:50:75:27:e0:a8:89:81:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd0d9c3c688b611a2b5caa4bae686c306f47ab75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:05:e5:00:6f:6b:31:cb:20:cc:05:6a:e9:
                    58:9e:82:5c:3a:31:a4:53:64:93:eb:14:2a:98:19:
                    17:f7:91:11:4e:ec:b4:2f:5e:46:1f:9c:72:55:27:
                    9d:27:6f:01:f8:e8:26:e0:e1:6d:5e:be:1f:bf:17:
                    b6:37:cd:d0:f6:e0:b7:03:2a:91:c0:fa:ff:67:89:
                    15:60:fc:40:ac:ec:51:20:75:2b:69:93:bf:17:47:
                    f0:27:82:23:bd:82:67:d7:aa:50:77:8a:f1:0a:9b:
                    16:20:ea:95:01:76:2c:8c:9d:03:a5:e5:89:a7:f6:
                    a8:b8:67:b3:fc:b7:78:66:33:86:f2:5b:57:cc:36:
                    ef:93:6d:7f:08:50:38:3a:fd:45:86:5c:bb:07:d9:
                    4e:56:e0:92:aa:aa:4c:80:81:16:77:72:fe:f1:c2:
                    6b:a8:c2:76:9a:a8:74:6c:82:48:a0:6b:c3:86:7e:
                    d2:db:ec:c5:6a:22:3a:f2:ba:1e:6c:47:ab:0b:6b:
                    bf:e5:76:5a:c2:b1:48:d9:27:f4:f4:47:f2:78:94:
                    22:16:52:d2:b6:7b:65:00:90:7b:2e:02:25:4c:8d:
                    b6:cb:05:b2:f8:06:a8:a8:32:e1:b5:cd:ea:95:c6:
                    87:6e:7a:6f:f3:7b:6e:01:d7:24:16:5b:39:91:92:
                    f6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0D:9C:3C:68:8B:61:1A:2B:5C:AA:4B:AE:68:6C:30:6F:47:AB:75
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/zQ2cPGiLYRorXKpLrmhsMG9Hq3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ab:35:eb:6e:b5:a5:82:79:f7:ba:08:16:f0:22:71:eb:f6:
         d0:fa:29:b0:af:a1:da:f3:f2:e7:07:ed:66:b8:4b:d9:6b:df:
         e9:ab:20:35:b4:40:98:f0:39:59:c0:05:91:49:fd:0d:ae:8e:
         4d:c3:a2:e9:c4:84:7f:9c:bb:a1:bf:5a:a0:45:04:72:ef:bc:
         3b:e0:2c:14:0b:4e:04:28:ec:1d:f4:1a:79:f4:34:94:d9:86:
         f3:fc:2d:69:3b:2c:db:4d:77:98:7e:00:b7:b5:91:b5:28:23:
         8a:5a:3f:49:3f:7c:ed:5b:e6:ab:75:d6:7d:4d:26:8a:3c:0f:
         1f:f7:39:2e:06:7e:cf:78:30:c9:90:7c:8e:90:9d:c3:ce:2c:
         45:9a:79:8b:72:14:82:ab:bd:e5:3d:5d:c0:61:9e:6e:17:72:
         32:cc:04:e4:3f:78:4d:f8:ba:3b:88:12:06:72:32:e9:4e:14:
         4b:a6:57:2e:9b:28:53:ca:dd:ab:7e:ff:9e:29:f6:b9:b2:fd:
         a1:90:15:81:49:b4:fb:7b:2c:33:ca:8e:f2:4a:a8:30:d1:97:
         05:6f:20:70:1d:e7:5f:ba:36:e9:28:09:93:22:ba:75:72:fb:
         0f:da:2d:c9:b4:6e:33:17:24:f1:92:36:39:4c:ef:15:f3:81:
         a8:e8:f3:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFzN7cM/YFB1J+CoiYFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBkOWMzYzY4OGI2MTFhMmI1Y2FhNGJhZTY4NmMzMDZmNDdhYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMUF5QBvazHLIMwFaulYnoJcOjGk
U2ST6xQqmBkX95ERTuy0L15GH5xyVSedJ28B+Ogm4OFtXr4fvxe2N83Q9uC3AyqR
wPr/Z4kVYPxArOxRIHUraZO/F0fwJ4IjvYJn16pQd4rxCpsWIOqVAXYsjJ0DpeWJ
p/aouGez/Ld4ZjOG8ltXzDbvk21/CFA4Ov1Fhly7B9lOVuCSqqpMgIEWd3L+8cJr
qMJ2mqh0bIJIoGvDhn7S2+zFaiI68roebEerC2u/5XZawrFI2Sf09EfyeJQiFlLS
tntlAJB7LgIlTI22ywWy+AaoqDLhtc3qlcaHbnpv83tuAdckFls5kZL2UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0NnDxoi2EaK1yqS65obDBvR6t1MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvelEyY1BHaUxZUm9yWEtwTHJtaHNNRzlIcTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemUMA0G
CSqGSIb3DQEBCwUAA4IBAQBAqzXrbrWlgnn3uggW8CJx6/bQ+imwr6Ha8/LnB+1m
uEvZa9/pqyA1tECY8DlZwAWRSf0Nro5Nw6LpxIR/nLuhv1qgRQRy77w74CwUC04E
KOwd9Bp59DSU2Ybz/C1pOyzbTXeYfgC3tZG1KCOKWj9JP3ztW+arddZ9TSaKPA8f
9zkuBn7PeDDJkHyOkJ3DzixFmnmLchSCq73lPV3AYZ5uF3IyzATkP3hN+Lo7iBIG
cjLpThRLplcumyhTyt2rfv+eKfa5sv2hkBWBSbT7eywzyo7ySqgw0ZcFbyBwHedf
ujbpKAmTIrp1cvsP2i3JtG4zFyTxkjY5TO8V84Go6PMT
-----END CERTIFICATE-----