This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZZCxHTWIqnETPpMk7skndGgGJyM.roa
File:                     ZZCxHTWIqnETPpMk7skndGgGJyM.roa (raw, json)
Hash identifier:          6q9FBAV4o0HNk1XNc4xdmt0b2N0vb0pZM1owU4IJCrQ=
Subject key identifier:   65:90:B1:1D:35:88:AA:71:13:3E:93:24:EE:C9:27:74:68:06:27:23
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E3948490ED4F9D3AF96C064162E147F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZZCxHTWIqnETPpMk7skndGgGJyM.roa
Signing time:             Fri 02 Jan 2026 10:20:41 +0000
ROA not before:           Fri 02 Jan 2026 10:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209466
IP address blocks:        2a0c:b641:a0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:48:49:0e:d4:f9:d3:af:96:c0:64:16:2e:14:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6590b11d3588aa71133e9324eec9277468062723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:46:bb:8d:75:b7:a4:f5:5e:7a:5c:34:c4:32:
                    ae:9c:1f:fb:88:d5:bb:cf:8c:4f:0f:db:97:bd:57:
                    c4:bb:32:bf:b8:5b:dc:ee:49:df:0f:8d:b0:b6:ab:
                    03:f7:e7:f6:74:df:65:05:da:d1:e3:01:8b:8c:d8:
                    9e:31:eb:81:86:71:f4:84:2d:6e:3f:78:c9:e5:b1:
                    2f:53:c9:c9:84:55:05:06:13:c1:d2:45:73:1a:27:
                    90:4b:c0:f2:56:6e:90:c3:d0:a7:bb:42:6e:7b:69:
                    e8:83:04:04:6a:62:88:34:16:47:8f:bd:37:0e:eb:
                    ee:a5:05:a9:41:8a:c4:8b:f1:05:b0:1d:bb:64:f9:
                    0b:1b:33:7c:bb:44:98:da:2a:48:7b:74:3b:99:c5:
                    ed:d2:f6:3f:03:b4:28:c4:4c:60:d4:51:7b:d5:73:
                    51:54:04:ea:6c:b0:77:58:db:35:e7:5a:ed:74:c3:
                    68:b9:55:01:f1:d4:e5:89:41:90:2c:f3:6e:54:1d:
                    00:9a:24:04:2d:99:12:8f:0f:5f:12:97:50:c9:9c:
                    f0:e7:f3:1c:34:44:21:b2:de:a3:6b:0b:0b:cb:ed:
                    01:0b:af:e5:18:a8:84:cf:2f:ec:c1:02:56:54:09:
                    b6:f5:87:66:1f:0c:a9:4b:5d:b4:4d:64:39:c4:83:
                    a5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:90:B1:1D:35:88:AA:71:13:3E:93:24:EE:C9:27:74:68:06:27:23
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZZCxHTWIqnETPpMk7skndGgGJyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:1a:72:ed:07:f6:11:dd:47:2a:0b:b0:27:c3:e7:7f:72:d0:
         bb:89:cf:62:ba:b8:83:d3:de:a6:8f:a7:b7:77:21:20:15:4d:
         dd:ea:2b:32:b7:42:ff:5d:66:69:67:0e:fd:4d:14:8e:f6:03:
         6f:2b:73:5f:f0:e5:b4:9c:94:61:27:49:15:ec:16:e5:81:28:
         02:80:4d:aa:e1:1a:a9:41:de:12:a6:c5:0e:44:9c:8b:7f:7f:
         80:04:41:76:5e:fa:4a:12:ff:e2:44:0c:9c:86:69:68:19:c5:
         d6:b6:7e:4b:82:b2:5e:c1:96:0f:97:6d:93:bf:b5:57:77:ed:
         ed:ff:e5:07:27:69:79:1e:44:c6:bb:99:a0:6a:e1:9c:c5:62:
         a5:6c:43:e6:c6:f4:1c:d4:67:66:29:01:66:13:10:b5:2d:52:
         2a:68:a0:fd:93:f0:50:25:10:c8:bd:b2:4b:11:fa:7a:24:92:
         e4:38:de:b8:e1:67:dd:60:cd:dd:d0:ce:8d:6e:5a:dc:ab:8a:
         82:e3:68:dc:41:4c:09:6e:2b:67:db:c3:77:21:07:c0:2f:c7:
         4a:73:90:94:2b:25:34:cf:78:54:6c:72:e6:4e:e3:66:f5:29:
         12:31:8d:c5:4b:4c:fe:f3:7f:41:98:dc:4a:99:e5:64:f2:15:
         86:b1:02:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OUhJDtT506+WwGQWLhR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTkwYjExZDM1ODhhYTcxMTMzZTkzMjRlZWM5Mjc3NDY4MDYyNzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUa7jXW3pPVeelw0xDKunB/7iNW7
z4xPD9uXvVfEuzK/uFvc7knfD42wtqsD9+f2dN9lBdrR4wGLjNieMeuBhnH0hC1u
P3jJ5bEvU8nJhFUFBhPB0kVzGieQS8DyVm6Qw9Cnu0Jue2nogwQEamKINBZHj703
DuvupQWpQYrEi/EFsB27ZPkLGzN8u0SY2ipIe3Q7mcXt0vY/A7QoxExg1FF71XNR
VATqbLB3WNs151rtdMNouVUB8dTliUGQLPNuVB0AmiQELZkSjw9fEpdQyZzw5/Mc
NEQhst6jawsLy+0BC6/lGKiEzy/swQJWVAm29YdmHwypS120TWQ5xIOlBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGWQsR01iKpxEz6TJO7JJ3RoBicjMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWlpDeEhUV0lxbkVUUHBNazdza25kR2dHSnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBMGnLtB/YR3UcqC7Anw+d/ctC7ic9iuriD096m
j6e3dyEgFU3d6isyt0L/XWZpZw79TRSO9gNvK3Nf8OW0nJRhJ0kV7BblgSgCgE2q
4RqpQd4SpsUORJyLf3+ABEF2XvpKEv/iRAychmloGcXWtn5LgrJewZYPl22Tv7VX
d+3t/+UHJ2l5HkTGu5mgauGcxWKlbEPmxvQc1GdmKQFmExC1LVIqaKD9k/BQJRDI
vbJLEfp6JJLkON644WfdYM3d0M6Nblrcq4qC42jcQUwJbitn28N3IQfAL8dKc5CU
KyU0z3hUbHLmTuNm9SkSMY3FS0z+839BmNxKmeVk8hWGsQL9
-----END CERTIFICATE-----