This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/ZhumnastnIToRU4Ujd74rA2H0TI.roa
File:                     ZhumnastnIToRU4Ujd74rA2H0TI.roa (raw, json)
Hash identifier:          hGm8nGCE9zZ7LDb9DfN19EP4tZp//5L2NO9ThIsADfs=
Subject key identifier:   66:1B:A6:9D:AB:2D:9C:84:E8:45:4E:14:8D:DE:F8:AC:0D:87:D1:32
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019AC29B67AF49F6612E22B81ED7ACFFA81D
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/ZhumnastnIToRU4Ujd74rA2H0TI.roa
Signing time:             Wed 26 Nov 2025 23:59:15 +0000
ROA not before:           Wed 26 Nov 2025 23:59:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203859
IP address blocks:        194.76.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c2:9b:67:af:49:f6:61:2e:22:b8:1e:d7:ac:ff:a8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Nov 26 23:59:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=661ba69dab2d9c84e8454e148ddef8ac0d87d132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d3:f8:08:5a:e4:22:29:4d:a2:c8:f4:9c:b3:
                    a5:d2:ab:14:b5:9f:3a:be:f9:23:9b:60:88:00:80:
                    74:75:31:83:47:5d:9d:10:9f:1f:92:9d:8c:45:d4:
                    42:f3:f3:db:e3:01:b0:b3:b5:6e:47:db:77:2c:db:
                    0b:6a:a6:1c:04:53:ba:ea:b3:e0:55:e6:7b:17:1f:
                    73:cf:fd:3f:58:95:de:b6:cd:d8:9b:e5:09:ef:0b:
                    f9:bd:cf:64:d1:1c:a5:9c:aa:96:6b:84:4c:3b:60:
                    7b:9b:52:dc:70:19:01:9d:48:5a:cd:b8:ad:e2:19:
                    75:c6:bb:93:6f:66:6e:5f:31:44:41:7f:18:85:85:
                    f4:8c:1d:65:29:e1:7f:36:34:17:d4:5d:2d:4a:95:
                    57:0d:5a:9f:32:52:d3:14:bb:0b:ba:f0:43:02:be:
                    54:ee:d5:74:88:76:c1:f3:ed:b6:b4:89:ea:b3:a8:
                    17:cb:72:1f:1a:5d:7a:eb:bb:e7:97:38:e1:f4:a1:
                    a3:46:ce:1c:00:d7:96:fc:3a:e1:71:2c:ba:58:9e:
                    1c:57:59:36:03:20:8f:81:cf:79:56:c4:9d:ab:80:
                    af:55:47:f3:89:31:aa:86:e1:f5:33:bb:5a:0a:52:
                    e2:a6:ee:04:fc:2e:13:7f:b5:f5:79:dc:34:70:04:
                    46:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1B:A6:9D:AB:2D:9C:84:E8:45:4E:14:8D:DE:F8:AC:0D:87:D1:32
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/ZhumnastnIToRU4Ujd74rA2H0TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:02:19:8f:8e:6c:79:fc:62:9e:b9:c5:35:c6:8a:d3:46:da:
         8a:6e:6f:7c:ab:61:7b:fb:f3:14:1c:6b:da:02:c0:68:a4:04:
         a4:de:31:80:ad:0e:9e:8c:d2:1f:f4:67:1b:ae:3c:4d:3c:0f:
         dc:a1:de:82:4a:06:64:d5:35:ff:18:4c:a0:ae:92:a5:64:62:
         d1:58:4d:2e:4f:40:28:0b:a4:37:1f:22:2d:a2:cb:66:4a:ce:
         26:50:8e:1f:c9:50:eb:42:4d:03:e9:25:15:3c:09:20:9a:db:
         a2:db:ec:08:60:80:a1:f6:6c:56:6b:b7:d3:7b:47:28:41:82:
         26:d2:3f:39:01:aa:d4:86:1f:c8:42:eb:af:d6:97:8a:2d:76:
         d5:5c:f3:31:1d:ee:3c:15:07:2b:cf:08:62:3d:17:ef:16:62:
         5f:8e:f5:a8:3e:76:3f:5d:35:2c:37:cf:d6:5f:2f:a4:db:b8:
         cf:23:90:e8:29:66:97:1a:55:00:bb:c5:cf:14:7a:6f:48:a2:
         bd:0b:6c:48:ad:d8:7a:9d:5d:b9:dd:4d:b8:2c:65:ab:91:bf:
         6e:2b:76:b7:1f:9d:5a:3c:da:58:bb:f2:3d:38:22:9a:c6:10:
         bf:f3:f4:49:50:70:88:87:20:4e:5a:57:59:e1:47:73:a6:c7:
         3d:ab:d3:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrCm2evSfZhLiK4Htes/6gdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUxMTI2MjM1OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFiYTY5ZGFiMmQ5Yzg0ZTg0NTRlMTQ4ZGRlZjhhYzBkODdkMTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytP4CFrkIilNosj0nLOl0qsUtZ86
vvkjm2CIAIB0dTGDR12dEJ8fkp2MRdRC8/Pb4wGws7VuR9t3LNsLaqYcBFO66rPg
VeZ7Fx9zz/0/WJXets3Ym+UJ7wv5vc9k0RylnKqWa4RMO2B7m1LccBkBnUhazbit
4hl1xruTb2ZuXzFEQX8YhYX0jB1lKeF/NjQX1F0tSpVXDVqfMlLTFLsLuvBDAr5U
7tV0iHbB8+22tInqs6gXy3IfGl1667vnlzjh9KGjRs4cANeW/DrhcSy6WJ4cV1k2
AyCPgc95VsSdq4CvVUfziTGqhuH1M7taClLipu4E/C4Tf7X1edw0cARGiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYbpp2rLZyE6EVOFI3e+KwNh9EyMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvWmh1bW5hc3RuSVRvUlU0VWpkNzRyQTJIMFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkxzMA0G
CSqGSIb3DQEBCwUAA4IBAQBFAhmPjmx5/GKeucU1xorTRtqKbm98q2F7+/MUHGva
AsBopASk3jGArQ6ejNIf9GcbrjxNPA/cod6CSgZk1TX/GEygrpKlZGLRWE0uT0Ao
C6Q3HyItostmSs4mUI4fyVDrQk0D6SUVPAkgmtui2+wIYICh9mxWa7fTe0coQYIm
0j85AarUhh/IQuuv1peKLXbVXPMxHe48FQcrzwhiPRfvFmJfjvWoPnY/XTUsN8/W
Xy+k27jPI5DoKWaXGlUAu8XPFHpvSKK9C2xIrdh6nV253U24LGWrkb9uK3a3H51a
PNpYu/I9OCKaxhC/8/RJUHCIhyBOWldZ4Udzpsc9q9N3
-----END CERTIFICATE-----