This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZUCYrGiIF_teln7wfPwILWcB1xg.roa
File:                     ZUCYrGiIF_teln7wfPwILWcB1xg.roa (raw, json)
Hash identifier:          +KD1y3dB573/G6JDWwPog50S4zv7eY2gU8Yrl2WkPZg=
Subject key identifier:   65:40:98:AC:68:88:17:FB:5E:96:7E:F0:7C:FC:08:2D:67:01:D7:18
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E396F8F9FEC90DE360665B05F50CF1A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZUCYrGiIF_teln7wfPwILWcB1xg.roa
Signing time:             Fri 02 Jan 2026 10:20:51 +0000
ROA not before:           Fri 02 Jan 2026 10:20:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215599
IP address blocks:        2a0c:b641:b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:6f:8f:9f:ec:90:de:36:06:65:b0:5f:50:cf:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=654098ac688817fb5e967ef07cfc082d6701d718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4a:1e:16:61:ea:13:03:d1:9b:75:12:fd:f8:
                    2e:a7:6e:38:e1:bc:2e:6c:49:e9:36:5d:14:22:87:
                    cd:66:b5:3d:97:44:64:0e:c9:c0:fe:3c:98:cd:e9:
                    c8:32:7a:52:77:6a:80:b8:5d:73:20:c6:54:1b:98:
                    0c:33:f0:37:a6:4e:33:a9:9a:09:4f:7f:57:14:d7:
                    35:71:56:51:00:74:3c:ea:ab:fe:a2:98:5f:84:b5:
                    84:30:43:97:92:fd:ac:10:7e:f4:67:57:0e:57:63:
                    6c:78:29:25:a6:65:ba:8a:ff:16:7c:51:db:15:73:
                    1c:55:77:2d:f7:0d:17:30:b4:f5:7d:f8:5e:38:19:
                    ce:0d:64:5b:4b:18:1a:68:37:35:e6:4c:16:48:5e:
                    31:64:0b:1b:78:01:6d:b6:11:56:f0:73:b0:6b:0d:
                    98:31:6e:17:5a:29:0e:f6:09:7f:d5:87:71:04:d5:
                    6f:9d:e0:96:ec:40:84:f8:d6:01:49:c5:2a:98:f6:
                    25:f1:d0:26:9f:93:2c:19:25:e6:e8:65:7c:a2:1b:
                    24:13:ed:00:82:e4:2c:af:d0:40:bc:b7:51:a7:c2:
                    1f:a2:9b:65:15:0a:c5:3b:bc:9d:82:e5:f2:a8:3e:
                    09:2d:b2:90:78:9a:33:92:0e:3b:7e:8a:72:e2:23:
                    49:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:40:98:AC:68:88:17:FB:5E:96:7E:F0:7C:FC:08:2D:67:01:D7:18
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZUCYrGiIF_teln7wfPwILWcB1xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:f0:67:fe:54:20:61:0f:37:00:77:3c:88:77:e2:ac:9c:77:
         3b:16:e6:a4:50:6d:e3:bd:47:76:e4:23:e8:d1:f3:dd:9e:0c:
         50:7e:6e:5d:a0:46:9c:fa:dd:e0:b5:86:6c:23:6e:d8:2d:0a:
         03:b1:2f:19:c8:34:72:d5:6e:cf:33:0e:12:cc:99:33:82:63:
         e0:59:10:b9:2d:3d:bb:90:9f:3b:6d:49:10:cf:88:d1:7b:fe:
         1b:88:aa:b9:90:b8:c8:a4:3f:04:65:f4:58:66:59:20:fb:50:
         f4:11:5e:a2:49:db:fc:fd:47:8d:cd:db:a6:17:3d:19:06:27:
         ff:5e:cc:c5:00:29:b3:93:4c:e1:ae:5a:b1:29:c4:6d:42:d6:
         b7:73:72:a9:28:59:f6:74:b3:9a:bd:b9:d4:1c:5c:fb:b1:db:
         3b:72:1d:93:12:a8:09:eb:f1:20:d3:15:ff:7a:8c:d9:d1:aa:
         9e:90:6a:ac:73:5d:0f:82:f3:a8:de:e7:6a:df:c1:75:16:c7:
         35:1f:67:58:1f:17:39:e2:d1:dc:cf:5d:49:9e:3a:6d:ee:3f:
         d3:df:ff:29:ce:ed:d0:cf:9a:2c:70:6b:37:85:1c:a3:81:44:
         b6:39:cf:48:b8:41:18:c5:d9:a5:2c:a4:cc:ad:e8:89:7c:b7:
         f8:0d:0b:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OW+Pn+yQ3jYGZbBfUM8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQwOThhYzY4ODgxN2ZiNWU5NjdlZjA3Y2ZjMDgyZDY3MDFkNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0oeFmHqEwPRm3US/fgup2444bwu
bEnpNl0UIofNZrU9l0RkDsnA/jyYzenIMnpSd2qAuF1zIMZUG5gMM/A3pk4zqZoJ
T39XFNc1cVZRAHQ86qv+ophfhLWEMEOXkv2sEH70Z1cOV2NseCklpmW6iv8WfFHb
FXMcVXct9w0XMLT1ffheOBnODWRbSxgaaDc15kwWSF4xZAsbeAFtthFW8HOwaw2Y
MW4XWikO9gl/1YdxBNVvneCW7ECE+NYBScUqmPYl8dAmn5MsGSXm6GV8ohskE+0A
guQsr9BAvLdRp8IfoptlFQrFO7ydguXyqD4JLbKQeJozkg47fopy4iNJZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGVAmKxoiBf7XpZ+8Hz8CC1nAdcYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWlVDWXJHaUlGX3RlbG43d2ZQd0lMV2NCMXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQCw
MA0GCSqGSIb3DQEBCwUAA4IBAQBr8Gf+VCBhDzcAdzyId+KsnHc7FuakUG3jvUd2
5CPo0fPdngxQfm5doEac+t3gtYZsI27YLQoDsS8ZyDRy1W7PMw4SzJkzgmPgWRC5
LT27kJ87bUkQz4jRe/4biKq5kLjIpD8EZfRYZlkg+1D0EV6iSdv8/UeNzdumFz0Z
Bif/XszFACmzk0zhrlqxKcRtQta3c3KpKFn2dLOavbnUHFz7sds7ch2TEqgJ6/Eg
0xX/eozZ0aqekGqsc10PgvOo3udq38F1Fsc1H2dYHxc54tHcz11Jnjpt7j/T3/8p
zu3Qz5oscGs3hRyjgUS2Oc9IuEEYxdmlLKTMreiJfLf4DQuE
-----END CERTIFICATE-----