This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wZGWQ74mOhne9-hKu-RBiEQmC8Q.roa
File:                     wZGWQ74mOhne9-hKu-RBiEQmC8Q.roa (raw, json)
Hash identifier:          7tdKGh5v3HCnv1ENDC6OIbmIjHOH/2sVkZYmdxu2SgQ=
Subject key identifier:   C1:91:96:43:BE:26:3A:19:DE:F7:E8:4A:BB:E4:41:88:44:26:0B:C4
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019B7AC7C4466C98869BA6C6EA6CAE96EAB0
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wZGWQ74mOhne9-hKu-RBiEQmC8Q.roa
Signing time:             Thu 01 Jan 2026 18:17:50 +0000
ROA not before:           Thu 01 Jan 2026 18:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20548
IP address blocks:        159.148.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:c4:46:6c:98:86:9b:a6:c6:ea:6c:ae:96:ea:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 18:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1919643be263a19def7e84abbe4418844260bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:da:72:94:95:81:a7:ad:d4:c1:2f:2e:d3:59:
                    c0:65:69:94:bd:eb:39:e3:d2:d4:76:2e:b2:a6:8e:
                    93:8a:ea:3f:e9:8a:e8:88:74:0a:7f:4b:1f:c7:ca:
                    a6:c9:1f:8f:67:39:7c:94:98:b1:53:b6:7b:4f:34:
                    30:e0:19:52:c6:7d:3c:fe:c2:d9:d3:de:38:21:72:
                    cf:a7:ce:3a:b6:91:b1:88:9a:8a:8a:2f:d5:bc:fc:
                    3f:a7:39:43:97:6b:05:da:55:03:5f:e4:bc:c7:10:
                    9d:74:db:4c:15:ad:6e:c0:4c:ab:b2:34:ed:76:98:
                    c8:b5:06:c7:82:04:5a:42:c2:1a:bd:20:d9:b3:31:
                    bd:cd:77:a8:fc:15:ba:43:ad:3d:e1:c8:d7:20:b2:
                    69:d3:d9:2c:a2:21:d9:99:ed:5f:ad:20:7c:2d:33:
                    ce:40:e8:02:8a:4a:c0:26:b9:8f:87:9c:e2:46:fd:
                    e3:33:20:f8:8e:d6:23:e0:35:9f:f3:ed:6f:49:15:
                    9d:a1:d9:a0:e0:0a:1b:ab:8b:e7:20:ef:ff:56:a2:
                    a8:db:72:aa:09:d7:58:25:01:9c:07:09:c0:96:0d:
                    d8:e7:c5:b4:44:58:b0:04:e1:bb:c7:e2:43:b1:de:
                    6b:e5:8b:90:da:90:7f:4f:e0:b2:52:d3:30:ef:86:
                    24:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:91:96:43:BE:26:3A:19:DE:F7:E8:4A:BB:E4:41:88:44:26:0B:C4
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wZGWQ74mOhne9-hKu-RBiEQmC8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:78:1e:da:dc:8e:8d:92:a3:80:29:cd:15:fd:16:72:41:b8:
         bc:e4:60:92:45:a8:7a:5a:0c:b9:50:ca:12:bc:18:9d:98:46:
         d6:29:9a:13:8e:c5:f1:53:0b:b3:41:a3:55:0f:a5:b5:ba:9b:
         ac:a0:ef:fe:94:5d:44:b3:f5:4b:6b:5a:d6:b6:5e:85:e3:a9:
         e7:52:9c:86:24:80:fe:71:ed:92:85:d2:7b:10:85:50:c6:76:
         59:a9:cf:64:22:60:b0:9a:9e:8a:21:86:68:94:3c:71:0b:2c:
         b6:52:8f:5e:ff:83:95:f8:8b:a0:05:08:d0:e2:25:4e:8d:5c:
         0c:e1:c5:4b:f5:49:0b:84:10:8e:ef:88:15:89:84:f7:ea:9a:
         c6:a4:52:27:db:ca:c0:1c:c3:86:e0:05:9e:29:3d:11:4a:4e:
         07:34:5c:95:44:76:d0:5b:40:03:73:93:95:c0:51:34:4a:c0:
         b7:8b:2f:ba:1c:45:b8:bd:64:32:62:77:d5:31:ff:29:4b:0b:
         79:c8:6d:0d:c6:c8:f0:28:d6:71:c2:62:51:cf:5b:fe:23:f4:
         3b:57:81:cf:e4:cc:ca:f7:f0:6c:5d:54:59:0b:88:28:fc:2d:
         0e:ef:6a:bc:9e:c4:68:27:1c:1a:e5:77:2a:c0:8f:67:58:ee:
         fa:9a:da:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x8RGbJiGm6bG6myuluqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMTAxMTgxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTkxOTY0M2JlMjYzYTE5ZGVmN2U4NGFiYmU0NDE4ODQ0MjYwYmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtpylJWBp63UwS8u01nAZWmUves5
49LUdi6ypo6Tiuo/6YroiHQKf0sfx8qmyR+PZzl8lJixU7Z7TzQw4BlSxn08/sLZ
0944IXLPp846tpGxiJqKii/VvPw/pzlDl2sF2lUDX+S8xxCddNtMFa1uwEyrsjTt
dpjItQbHggRaQsIavSDZszG9zXeo/BW6Q6094cjXILJp09ksoiHZme1frSB8LTPO
QOgCikrAJrmPh5ziRv3jMyD4jtYj4DWf8+1vSRWdodmg4Aobq4vnIO//VqKo23Kq
CddYJQGcBwnAlg3Y58W0RFiwBOG7x+JDsd5r5YuQ2pB/T+CyUtMw74YkNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGRlkO+JjoZ3vfoSrvkQYhEJgvEMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd1pHV1E3NG1PaG5lOS1oS3UtUkJpRVFtQzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5QXMA0G
CSqGSIb3DQEBCwUAA4IBAQC7eB7a3I6NkqOAKc0V/RZyQbi85GCSRah6Wgy5UMoS
vBidmEbWKZoTjsXxUwuzQaNVD6W1upusoO/+lF1Es/VLa1rWtl6F46nnUpyGJID+
ce2ShdJ7EIVQxnZZqc9kImCwmp6KIYZolDxxCyy2Uo9e/4OV+IugBQjQ4iVOjVwM
4cVL9UkLhBCO74gViYT36prGpFIn28rAHMOG4AWeKT0RSk4HNFyVRHbQW0ADc5OV
wFE0SsC3iy+6HEW4vWQyYnfVMf8pSwt5yG0NxsjwKNZxwmJRz1v+I/Q7V4HP5MzK
9/BsXVRZC4go/C0O72q8nsRoJxwa5XcqwI9nWO76mtoM
-----END CERTIFICATE-----