This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/ZKLNMt3VfAzRkdvHr5Xd6gL_UHI.roa
File:                     ZKLNMt3VfAzRkdvHr5Xd6gL_UHI.roa (raw, json)
Hash identifier:          MwQzyqB63sngmzcWgEGwpFF72y7jC9kNOl+3Zg+6fcs=
Subject key identifier:   64:A2:CD:32:DD:D5:7C:0C:D1:91:DB:C7:AF:95:DD:EA:02:FF:50:72
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       019B7E3888631DA361C7D7B843D4C053DE0E
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/ZKLNMt3VfAzRkdvHr5Xd6gL_UHI.roa
Signing time:             Fri 02 Jan 2026 10:19:52 +0000
ROA not before:           Fri 02 Jan 2026 10:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        185.114.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:88:63:1d:a3:61:c7:d7:b8:43:d4:c0:53:de:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  2 10:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64a2cd32ddd57c0cd191dbc7af95ddea02ff5072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:1c:b3:d3:57:d5:6a:c7:ca:d0:aa:0a:b0:8a:
                    79:96:ca:34:14:d8:06:c2:a5:f9:9d:da:5c:35:06:
                    fb:a5:5c:04:eb:97:6c:f3:6e:89:fd:70:6b:92:1f:
                    9b:e2:58:b9:27:4a:45:0f:39:0a:3d:2c:c1:71:dc:
                    b5:52:96:a6:18:85:54:d9:77:11:9c:8b:48:36:d5:
                    de:74:c1:eb:71:48:f8:91:75:60:65:a0:9d:3b:dd:
                    d0:71:6c:ad:70:32:1e:fe:69:a1:a7:23:40:b2:f2:
                    86:e5:ec:ca:f6:66:2e:9b:0e:49:3c:fe:c9:98:89:
                    b7:70:40:1f:79:3d:a6:02:c0:94:ab:64:34:88:cd:
                    3f:d9:8b:38:9d:ae:dc:d3:3f:79:35:50:38:56:99:
                    b2:82:f9:bf:a0:dc:b8:8e:0d:3a:f6:86:da:88:dd:
                    ec:d1:fb:b2:2d:06:fa:66:a4:b1:81:99:1f:be:52:
                    32:60:48:14:3a:cf:83:b2:63:ff:3b:fb:f4:9d:ab:
                    f6:02:02:94:1f:24:88:ad:c4:4e:a2:1c:18:2d:13:
                    74:a6:57:a2:e7:bb:70:5d:41:19:e4:f4:5d:6a:97:
                    3d:73:77:41:ff:1a:5b:75:81:78:1a:0d:d3:b1:ae:
                    70:83:92:3e:ce:ad:09:be:87:22:06:43:0b:10:ac:
                    b0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A2:CD:32:DD:D5:7C:0C:D1:91:DB:C7:AF:95:DD:EA:02:FF:50:72
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/ZKLNMt3VfAzRkdvHr5Xd6gL_UHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e6:18:15:1c:36:04:24:3d:3e:58:cc:3f:65:34:0b:9c:ae:
         43:3b:b1:dc:1d:0b:82:bd:fc:b1:d6:51:f2:56:54:13:44:26:
         af:17:8b:14:6f:eb:e9:ac:f0:ce:88:75:b9:8e:02:40:cc:88:
         fc:6f:25:2d:7b:00:08:ec:f0:06:73:4d:9e:68:1a:cf:dd:7b:
         33:3f:31:d4:ce:a7:da:66:33:12:d1:62:4a:9a:6c:58:f2:b3:
         33:05:4b:4c:c3:a1:9c:ce:94:f1:d0:93:75:6b:70:e1:b5:8f:
         3e:46:f0:3b:ee:ef:52:97:a5:48:02:e3:9d:0d:77:d5:09:4f:
         ad:b3:4a:13:cb:63:f9:af:7f:82:9e:8a:86:a7:e0:f2:b6:52:
         27:e2:f2:0b:4a:5d:0c:91:e9:f8:48:46:c8:97:64:24:3a:a8:
         94:29:7b:32:ec:16:6b:0f:4c:c0:71:77:de:2c:58:b6:1e:0d:
         08:b6:6e:52:48:f0:45:8b:61:2a:79:f4:a9:f3:57:74:86:93:
         7b:cc:09:de:d8:ae:b0:ad:88:89:22:87:ae:ec:28:5d:6a:47:
         bd:a4:52:82:0c:7a:dd:ef:c0:b3:0e:77:d6:4c:dc:26:f3:56:
         50:88:23:e9:c6:6a:d9:dc:1e:11:d4:bf:4f:c4:f3:7a:fc:01:
         9c:94:d5:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OIhjHaNhx9e4Q9TAU94OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjYwMTAyMTAxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGEyY2QzMmRkZDU3YzBjZDE5MWRiYzdhZjk1ZGRlYTAyZmY1MDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Byz01fVasfK0KoKsIp5lso0FNgG
wqX5ndpcNQb7pVwE65ds826J/XBrkh+b4li5J0pFDzkKPSzBcdy1UpamGIVU2XcR
nItINtXedMHrcUj4kXVgZaCdO93QcWytcDIe/mmhpyNAsvKG5ezK9mYumw5JPP7J
mIm3cEAfeT2mAsCUq2Q0iM0/2Ys4na7c0z95NVA4Vpmygvm/oNy4jg069obaiN3s
0fuyLQb6ZqSxgZkfvlIyYEgUOs+DsmP/O/v0nav2AgKUHySIrcROohwYLRN0plei
57twXUEZ5PRdapc9c3dB/xpbdYF4Gg3Tsa5wg5I+zq0JvociBkMLEKywUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSizTLd1XwM0ZHbx6+V3eoC/1ByMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvWktMTk10M1ZmQXpSa2R2SHI1WGQ2Z0xfVUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIiMA0G
CSqGSIb3DQEBCwUAA4IBAQBR5hgVHDYEJD0+WMw/ZTQLnK5DO7HcHQuCvfyx1lHy
VlQTRCavF4sUb+vprPDOiHW5jgJAzIj8byUtewAI7PAGc02eaBrP3XszPzHUzqfa
ZjMS0WJKmmxY8rMzBUtMw6GczpTx0JN1a3DhtY8+RvA77u9Sl6VIAuOdDXfVCU+t
s0oTy2P5r3+CnoqGp+DytlIn4vILSl0Mken4SEbIl2QkOqiUKXsy7BZrD0zAcXfe
LFi2Hg0Itm5SSPBFi2EqefSp81d0hpN7zAne2K6wrYiJIoeu7Chdake9pFKCDHrd
78CzDnfWTNwm81ZQiCPpxmrZ3B4R1L9PxPN6/AGclNXd
-----END CERTIFICATE-----