This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/ZlgR9Wr6dRwYYKCu_QgGesPkRUo.roa
File:                     ZlgR9Wr6dRwYYKCu_QgGesPkRUo.roa (raw, json)
Hash identifier:          F/KTa7KhD4sbza9rvdpPEqF/Bd5rYWcbJdnRE9lkwd4=
Subject key identifier:   66:58:11:F5:6A:FA:75:1C:18:60:A0:AE:FD:08:06:7A:C3:E4:45:4A
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED1CDA78CB97912C8B565C9B76DA9D
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/ZlgR9Wr6dRwYYKCu_QgGesPkRUo.roa
Signing time:             Thu 01 Jan 2026 14:19:01 +0000
ROA not before:           Thu 01 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199648
IP address blocks:        194.181.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1c:da:78:cb:97:91:2c:8b:56:5c:9b:76:da:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=665811f56afa751c1860a0aefd08067ac3e4454a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ca:66:a8:41:bc:0f:d2:4b:38:57:18:4d:7a:
                    93:b0:10:6b:af:74:5d:2b:33:02:1a:72:1f:c8:af:
                    70:87:11:40:61:5a:48:a6:8f:29:5f:42:d6:b9:1c:
                    93:9a:bf:23:d0:78:63:a3:a4:3c:51:6e:86:23:e8:
                    c0:bb:b7:74:54:4c:fd:c5:48:41:79:f0:42:97:65:
                    c0:93:a2:f2:11:a9:86:e5:95:d2:a9:64:19:8e:ec:
                    11:28:33:35:e3:a4:08:aa:fb:c6:bd:92:8d:dc:4b:
                    c2:24:5a:0e:6b:3c:41:63:65:6e:87:64:38:4e:75:
                    0b:47:2b:52:d4:34:86:f6:fe:ab:79:a8:e7:ff:36:
                    3d:b7:80:69:01:10:cc:cd:9c:b8:2e:bf:73:16:23:
                    e4:e7:3f:0e:cb:49:ce:2d:65:ee:c2:bb:17:18:f2:
                    3e:73:9e:64:53:96:f0:16:d7:c4:46:8e:fa:0f:39:
                    c2:5d:62:fd:31:ab:8a:a3:5d:50:a1:00:e5:b7:7f:
                    fd:91:28:c3:42:aa:57:4f:9d:1a:9d:5d:9a:ca:23:
                    ef:bb:98:4a:27:c0:2d:36:f7:a6:44:20:5b:48:6b:
                    1a:cf:17:5a:aa:ad:79:98:0d:47:97:72:d8:fa:06:
                    34:5b:d6:00:90:15:55:ac:40:ff:4c:e3:a3:d2:dc:
                    dd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:58:11:F5:6A:FA:75:1C:18:60:A0:AE:FD:08:06:7A:C3:E4:45:4A
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/ZlgR9Wr6dRwYYKCu_QgGesPkRUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.181.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:47:8d:95:10:a5:8c:58:c2:44:53:64:11:bd:48:a6:89:9e:
         99:51:86:79:8e:ac:02:d2:37:d1:25:01:40:85:ca:e2:c7:46:
         90:de:69:31:fc:22:54:93:af:c8:64:6e:9b:46:fa:35:aa:5b:
         a1:f6:29:82:c1:7b:ab:44:93:71:7c:09:4c:f6:f0:58:04:9d:
         d0:a5:0b:11:34:06:10:65:a6:1b:f6:34:93:55:f6:72:bd:dc:
         f2:5b:78:4d:48:3e:c3:5c:c1:cd:51:dc:d7:3f:c1:d5:5c:9f:
         9f:0e:66:ca:75:be:2b:d4:2c:5c:dd:44:76:f7:2a:41:d5:4f:
         fd:a4:63:d6:a6:54:cb:fc:b6:c6:52:6d:cd:a4:cb:f6:9e:69:
         18:0b:1f:d0:c1:1b:1a:c4:9e:46:89:d5:4e:35:c4:dd:d2:f1:
         00:d3:e9:f7:98:fd:41:c1:ce:63:ae:ad:3f:6c:31:ec:23:f6:
         ac:1e:f2:dc:46:49:8e:0f:dc:1e:ec:4f:0f:ce:ff:ac:ba:e2:
         fc:98:a7:c0:49:53:2b:09:21:93:fb:ec:ae:08:a9:98:fe:53:
         5e:2b:2d:48:f8:20:f3:3b:47:c1:3e:51:f1:9e:f4:ba:f0:60:
         31:37:2f:9f:e7:ac:3d:2b:4d:19:fd:03:24:8f:ca:c6:ab:8c:
         34:2c:c6:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RzaeMuXkSyLVlybdtqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjU4MTFmNTZhZmE3NTFjMTg2MGEwYWVmZDA4MDY3YWMzZTQ0NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcpmqEG8D9JLOFcYTXqTsBBrr3Rd
KzMCGnIfyK9whxFAYVpIpo8pX0LWuRyTmr8j0Hhjo6Q8UW6GI+jAu7d0VEz9xUhB
efBCl2XAk6LyEamG5ZXSqWQZjuwRKDM146QIqvvGvZKN3EvCJFoOazxBY2Vuh2Q4
TnULRytS1DSG9v6reajn/zY9t4BpARDMzZy4Lr9zFiPk5z8Oy0nOLWXuwrsXGPI+
c55kU5bwFtfERo76DznCXWL9MauKo11QoQDlt3/9kSjDQqpXT50anV2ayiPvu5hK
J8AtNvemRCBbSGsazxdaqq15mA1Hl3LY+gY0W9YAkBVVrED/TOOj0tzdKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZYEfVq+nUcGGCgrv0IBnrD5EVKMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvWmxnUjlXcjZkUndZWUtDdV9RZ0dlc1BrUlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrWxMA0G
CSqGSIb3DQEBCwUAA4IBAQAtR42VEKWMWMJEU2QRvUimiZ6ZUYZ5jqwC0jfRJQFA
hcrix0aQ3mkx/CJUk6/IZG6bRvo1qluh9imCwXurRJNxfAlM9vBYBJ3QpQsRNAYQ
ZaYb9jSTVfZyvdzyW3hNSD7DXMHNUdzXP8HVXJ+fDmbKdb4r1Cxc3UR29ypB1U/9
pGPWplTL/LbGUm3NpMv2nmkYCx/QwRsaxJ5GidVONcTd0vEA0+n3mP1Bwc5jrq0/
bDHsI/asHvLcRkmOD9we7E8Pzv+suuL8mKfASVMrCSGT++yuCKmY/lNeKy1I+CDz
O0fBPlHxnvS68GAxNy+f56w9K00Z/QMkj8rGq4w0LMbL
-----END CERTIFICATE-----