This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ZTRYP_xNQ-xHfjwU3V1iHE8I5Sk.roa
File:                     ZTRYP_xNQ-xHfjwU3V1iHE8I5Sk.roa (raw, json)
Hash identifier:          82wNZlZVa9PTuuaZD0iq9g3BjS5GghQ+K3v6FuHGgcA=
Subject key identifier:   65:34:58:3F:FC:4D:43:EC:47:7E:3C:14:DD:5D:62:1C:4F:08:E5:29
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       019B7D5C99B006FD131F444D451D98482D8A
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ZTRYP_xNQ-xHfjwU3V1iHE8I5Sk.roa
Signing time:             Fri 02 Jan 2026 06:19:39 +0000
ROA not before:           Fri 02 Jan 2026 06:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        185.148.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:99:b0:06:fd:13:1f:44:4d:45:1d:98:48:2d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 06:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6534583ffc4d43ec477e3c14dd5d621c4f08e529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0f:ae:22:36:b9:db:dd:54:45:e7:3a:30:f2:
                    2e:0b:e5:9e:c6:97:86:c9:60:0d:dc:dc:ca:fb:47:
                    82:24:58:6d:ea:35:39:10:75:ab:72:10:83:f2:de:
                    5a:23:3c:2b:0e:48:a5:f5:7f:75:00:e1:e0:b2:fd:
                    c3:e3:d6:ad:1b:ab:ef:8f:cb:6c:b4:17:8e:e6:2c:
                    6a:96:17:f1:29:ea:2c:43:34:b5:dd:f1:91:87:89:
                    af:3b:06:74:f0:79:f3:4a:66:97:db:c4:61:fc:fc:
                    8d:41:e2:f1:8a:79:56:c5:a0:60:95:73:f7:a7:4b:
                    20:33:28:05:9b:2b:46:63:ec:96:91:be:53:1c:97:
                    a8:a4:aa:4b:3e:14:d1:95:a5:9f:e7:83:51:98:cb:
                    e0:21:7f:74:e9:44:45:3b:5c:f7:df:be:c5:f8:7f:
                    18:47:20:30:5b:8d:77:10:40:5a:f0:e5:03:ef:9d:
                    49:1a:be:4e:c7:cd:08:06:0e:82:db:ae:72:f2:51:
                    6d:74:b5:90:48:6a:2d:41:9c:f5:f5:18:f3:0e:bc:
                    a0:fa:9b:5d:79:7e:36:1c:de:c4:62:64:cf:35:30:
                    3e:f0:19:6d:45:ff:79:7d:48:c3:29:20:c1:f9:63:
                    b7:c5:1a:2d:46:93:99:01:19:af:e4:2f:08:bc:67:
                    11:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:34:58:3F:FC:4D:43:EC:47:7E:3C:14:DD:5D:62:1C:4F:08:E5:29
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ZTRYP_xNQ-xHfjwU3V1iHE8I5Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:bf:b2:bf:8e:10:96:1a:de:02:2e:ff:0e:2d:82:db:da:5d:
         65:d7:36:d4:8d:32:b1:f4:81:be:ea:50:d9:c0:10:33:50:66:
         bf:45:b9:fc:9a:23:6c:46:86:f1:34:8e:cd:93:79:4c:bd:58:
         15:f5:de:9e:3a:f9:02:50:05:bf:e1:09:f6:f6:73:09:b5:a6:
         af:15:b5:68:b8:f2:78:a1:14:13:20:aa:32:cb:03:37:b8:01:
         eb:27:fd:92:9d:a3:4d:51:f6:e5:6a:aa:9c:2a:d6:ca:2f:74:
         0c:64:6c:b4:41:24:3b:8e:40:02:6d:86:46:07:97:01:55:b8:
         c6:00:55:b4:8d:71:ca:f5:87:4b:0a:f6:cf:ed:30:ea:33:71:
         df:29:b6:61:d3:c1:85:71:22:71:f8:a0:14:a2:c1:f9:fd:73:
         45:55:6e:02:5a:db:6a:12:26:82:12:45:31:1d:14:d1:eb:b1:
         48:f8:84:4e:bd:5b:ed:71:83:e4:4a:c4:aa:76:17:8a:2c:6e:
         0d:b8:06:a9:c4:34:dc:6e:ca:1e:60:95:08:17:e7:fe:95:72:
         c6:6a:d5:bd:97:fa:e3:ab:bb:c9:fc:2a:13:4d:07:67:44:8a:
         89:f8:5e:91:a5:b3:6b:e5:79:af:0f:35:62:39:24:76:14:40:
         91:60:9d:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XJmwBv0TH0RNRR2YSC2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjYwMTAyMDYxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM0NTgzZmZjNGQ0M2VjNDc3ZTNjMTRkZDVkNjIxYzRmMDhlNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ+uIja5291URec6MPIuC+WexpeG
yWAN3NzK+0eCJFht6jU5EHWrchCD8t5aIzwrDkil9X91AOHgsv3D49atG6vvj8ts
tBeO5ixqlhfxKeosQzS13fGRh4mvOwZ08HnzSmaX28Rh/PyNQeLxinlWxaBglXP3
p0sgMygFmytGY+yWkb5THJeopKpLPhTRlaWf54NRmMvgIX906URFO1z3377F+H8Y
RyAwW413EEBa8OUD751JGr5Ox80IBg6C265y8lFtdLWQSGotQZz19RjzDryg+ptd
eX42HN7EYmTPNTA+8BltRf95fUjDKSDB+WO3xRotRpOZARmv5C8IvGcR7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGU0WD/8TUPsR348FN1dYhxPCOUpMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvWlRSWVBfeE5RLXhIZmp3VTNWMWlIRThJNVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZRHMA0G
CSqGSIb3DQEBCwUAA4IBAQBdv7K/jhCWGt4CLv8OLYLb2l1l1zbUjTKx9IG+6lDZ
wBAzUGa/Rbn8miNsRobxNI7Nk3lMvVgV9d6eOvkCUAW/4Qn29nMJtaavFbVouPJ4
oRQTIKoyywM3uAHrJ/2SnaNNUfblaqqcKtbKL3QMZGy0QSQ7jkACbYZGB5cBVbjG
AFW0jXHK9YdLCvbP7TDqM3HfKbZh08GFcSJx+KAUosH5/XNFVW4CWttqEiaCEkUx
HRTR67FI+IROvVvtcYPkSsSqdheKLG4NuAapxDTcbsoeYJUIF+f+lXLGatW9l/rj
q7vJ/CoTTQdnRIqJ+F6RpbNr5XmvDzViOSR2FECRYJ0d
-----END CERTIFICATE-----