This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/zVLW9HFt-3z2M7Ja19rIMJwG2_Y.roa
File:                     zVLW9HFt-3z2M7Ja19rIMJwG2_Y.roa (raw, json)
Hash identifier:          /CaIYvptsHDUu9JqgaUmQ5T95opFTVpgVggOdpKaM0o=
Subject key identifier:   CD:52:D6:F4:71:6D:FB:7C:F6:33:B2:5A:D7:DA:C8:30:9C:06:DB:F6
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       019B76EAE9B7B1FBE89596DDE8DDEC9049AC
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/zVLW9HFt-3z2M7Ja19rIMJwG2_Y.roa
Signing time:             Thu 01 Jan 2026 00:17:45 +0000
ROA not before:           Thu 01 Jan 2026 00:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58238
IP address blocks:        89.188.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:e9:b7:b1:fb:e8:95:96:dd:e8:dd:ec:90:49:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 00:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd52d6f4716dfb7cf633b25ad7dac8309c06dbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d8:a9:86:ad:0b:c7:3e:8a:a8:f4:26:4b:df:
                    ff:11:09:6c:5e:2c:d3:1d:49:78:74:7b:bf:56:ee:
                    fc:80:e2:70:9d:60:3b:a4:39:55:a7:45:43:8a:47:
                    1a:ee:97:88:9c:1c:f9:86:8b:ae:44:e6:6d:5b:75:
                    f3:bd:e9:e9:10:cf:c5:8a:c0:54:c2:80:80:5a:77:
                    e5:bb:53:34:54:7b:31:a6:6a:75:e0:7d:6c:3d:3d:
                    d2:3d:c2:ac:6d:18:e4:2c:82:ef:3d:b5:5b:67:c6:
                    e8:42:36:63:f1:36:1b:cd:c0:de:cd:c6:33:c5:e3:
                    dd:6b:d6:92:24:b4:b6:66:6a:c0:03:04:03:ff:91:
                    e4:33:99:4f:5d:45:49:78:3d:a8:c4:2e:0e:6d:71:
                    62:6c:1b:c2:cf:05:44:7e:de:22:da:6d:ea:bd:e0:
                    6c:3e:ff:65:f6:7d:62:84:7a:61:03:de:96:a6:c6:
                    7e:94:d0:dd:8c:9b:c2:0f:c1:4c:70:f4:0d:31:26:
                    eb:68:a5:fe:c4:8d:fb:e5:8b:1c:1c:b0:6f:b8:58:
                    66:f2:c2:48:f2:b0:56:cc:3b:e2:5d:3d:1f:c6:3c:
                    40:fd:6f:c5:a6:16:5f:87:93:2a:d5:53:74:b2:0c:
                    db:61:c0:b1:22:89:0a:bf:b1:38:66:14:25:b8:89:
                    66:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:52:D6:F4:71:6D:FB:7C:F6:33:B2:5A:D7:DA:C8:30:9C:06:DB:F6
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/zVLW9HFt-3z2M7Ja19rIMJwG2_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.188.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:07:3e:07:f8:a6:9a:66:a4:81:d8:c1:e9:53:80:db:61:4d:
         c3:59:79:c5:3c:7e:24:91:8d:5b:dd:d5:50:a0:fa:ca:50:fd:
         a2:c9:ed:d3:4a:27:73:4c:0d:b9:4d:49:e8:ae:50:b8:a3:56:
         df:25:ea:7e:30:b5:e7:95:e7:a5:7b:36:59:73:4a:ad:1a:44:
         a1:bb:83:0b:af:93:d7:db:98:26:55:4f:d8:ad:a3:0e:ac:c9:
         a8:d5:49:c2:f4:5c:31:4f:91:bf:d2:c2:85:1e:cf:58:ca:bf:
         8e:d1:c1:c8:94:8b:28:52:5e:ec:64:6b:96:7d:22:bb:73:fe:
         94:f2:46:ab:68:1c:e9:c6:5e:bb:b1:6e:6d:2a:b3:df:45:62:
         bd:13:5e:1b:f9:db:71:0f:7f:6a:f7:fc:65:e4:eb:c0:77:b0:
         08:3e:bb:67:d5:2e:10:bd:a9:59:13:8c:50:9e:cc:42:cc:c9:
         08:5d:ca:eb:e3:84:fc:e9:66:40:50:8c:01:ae:a0:3a:e0:ad:
         71:46:b5:a6:4f:50:68:3f:9a:d3:0b:0f:0b:71:63:e7:df:c2:
         a9:db:36:98:e3:20:79:62:10:15:61:14:d1:75:1d:4e:94:83:
         a7:f0:21:e7:40:aa:22:a1:f6:3e:cc:14:c6:97:8d:cb:7c:a2:
         69:50:3d:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26um3sfvolZbd6N3skEmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjYwMTAxMDAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDUyZDZmNDcxNmRmYjdjZjYzM2IyNWFkN2RhYzgzMDljMDZkYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdiphq0Lxz6KqPQmS9//EQlsXizT
HUl4dHu/Vu78gOJwnWA7pDlVp0VDikca7peInBz5houuROZtW3XzvenpEM/FisBU
woCAWnflu1M0VHsxpmp14H1sPT3SPcKsbRjkLILvPbVbZ8boQjZj8TYbzcDezcYz
xePda9aSJLS2ZmrAAwQD/5HkM5lPXUVJeD2oxC4ObXFibBvCzwVEft4i2m3qveBs
Pv9l9n1ihHphA96WpsZ+lNDdjJvCD8FMcPQNMSbraKX+xI375YscHLBvuFhm8sJI
8rBWzDviXT0fxjxA/W/FphZfh5Mq1VN0sgzbYcCxIokKv7E4ZhQluIlmywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1S1vRxbft89jOyWtfayDCcBtv2MB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvelZMVzlIRnQtM3oyTTdKYTE5cklNSndHMl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbymMA0G
CSqGSIb3DQEBCwUAA4IBAQB+Bz4H+KaaZqSB2MHpU4DbYU3DWXnFPH4kkY1b3dVQ
oPrKUP2iye3TSidzTA25TUnorlC4o1bfJep+MLXnleelezZZc0qtGkShu4MLr5PX
25gmVU/YraMOrMmo1UnC9FwxT5G/0sKFHs9Yyr+O0cHIlIsoUl7sZGuWfSK7c/6U
8karaBzpxl67sW5tKrPfRWK9E14b+dtxD39q9/xl5OvAd7AIPrtn1S4QvalZE4xQ
nsxCzMkIXcrr44T86WZAUIwBrqA64K1xRrWmT1BoP5rTCw8LcWPn38Kp2zaY4yB5
YhAVYRTRdR1OlIOn8CHnQKoiofY+zBTGl43LfKJpUD1H
-----END CERTIFICATE-----