This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Zn2F_GITaJUFXYczVsLI2VOyKdU.roa
File:                     Zn2F_GITaJUFXYczVsLI2VOyKdU.roa (raw, json)
Hash identifier:          CEg2vq6S7OzyDS7MVIrVNzF15tpZ2z6WrwU8c/VyAWA=
Subject key identifier:   66:7D:85:FC:62:13:68:95:05:5D:87:33:56:C2:C8:D9:53:B2:29:D5
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019B79ED11C18D2D05A39757A158B4D1430C
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Zn2F_GITaJUFXYczVsLI2VOyKdU.roa
Signing time:             Thu 01 Jan 2026 14:18:58 +0000
ROA not before:           Thu 01 Jan 2026 14:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393942
IP address blocks:        86.110.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:11:c1:8d:2d:05:a3:97:57:a1:58:b4:d1:43:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Jan  1 14:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=667d85fc62136895055d873356c2c8d953b229d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:af:10:80:4d:13:07:09:e0:85:5d:2f:af:
                    55:93:e8:f0:c4:26:5c:91:c2:ee:79:0b:d3:83:be:
                    1f:be:23:6f:0b:b6:e1:8e:60:d2:78:b6:79:ef:e3:
                    61:9b:35:95:5e:4f:79:ab:30:17:11:c4:63:75:c0:
                    a4:37:d1:64:0d:56:30:15:52:23:19:69:44:84:e7:
                    95:5b:ee:b2:20:2c:7a:91:8a:56:fe:fd:dc:47:13:
                    3e:d9:ef:26:0a:9d:f0:11:a2:db:80:4b:a1:2e:f5:
                    11:4d:91:4e:3b:5d:ce:1b:9c:d1:a0:d6:0e:72:b2:
                    02:52:3a:10:94:78:5f:71:81:10:ec:8c:eb:c7:01:
                    81:b8:ff:a6:16:1b:95:c0:24:28:02:ed:a2:9f:b6:
                    33:18:8c:78:41:59:81:1d:d1:0a:a8:d5:0a:c9:20:
                    ca:df:ee:24:36:31:67:c5:c1:a7:11:da:99:f9:d7:
                    c9:cd:e1:d3:df:5c:0c:86:6b:e4:b1:4c:af:a1:2b:
                    e3:1d:60:d7:95:b7:7a:a5:7a:68:45:17:8b:9b:f8:
                    08:8c:64:4e:68:d3:a8:27:1b:15:be:77:52:22:56:
                    f8:ae:a4:2a:c3:ab:a1:88:7c:d5:ad:64:37:a2:4d:
                    f5:c3:cd:9f:d8:4d:f4:66:6f:8a:10:e5:71:91:cc:
                    f4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7D:85:FC:62:13:68:95:05:5D:87:33:56:C2:C8:D9:53:B2:29:D5
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/Zn2F_GITaJUFXYczVsLI2VOyKdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:31:4b:e2:5f:69:17:81:14:dc:6d:91:f3:83:41:c7:bd:7b:
         28:7a:3b:ed:d3:57:5b:f9:5e:48:d2:b5:bc:4d:0d:cf:94:eb:
         5c:f0:bb:29:c3:f2:85:f9:32:64:d5:40:de:0c:6e:ef:76:e2:
         42:35:b4:c0:8f:d7:b4:7c:e2:6c:00:43:b9:8a:0c:66:bc:7d:
         9c:96:a8:d3:0f:f2:91:0a:76:11:fc:7e:43:8c:52:60:44:a4:
         85:64:fb:98:39:a5:66:da:7a:73:82:64:9d:63:2f:cd:d8:ae:
         76:5d:0b:0e:fb:74:08:f9:35:07:82:ce:e6:27:2f:10:06:6b:
         cd:48:17:21:a9:7c:f4:00:5d:78:7e:12:f5:b3:f4:4b:b5:f0:
         bb:dc:0c:09:ff:6f:f9:87:c5:d4:0d:db:98:87:47:b2:b4:da:
         3b:2e:4f:87:70:d5:46:50:13:02:87:d2:b8:fe:3b:40:85:8e:
         94:34:81:41:c5:ef:ee:72:b3:7e:8f:e9:b4:e5:f3:17:ea:10:
         3d:8f:7b:77:7b:0c:4a:e2:c8:90:3a:80:99:ef:7d:25:56:e2:
         8e:83:91:af:d4:e9:a8:7d:00:7e:d2:b7:a0:0c:08:49:46:b9:
         17:18:e2:0d:55:e2:c4:b8:38:8e:4d:df:c1:86:47:ca:17:0b:
         f5:4f:28:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RHBjS0Fo5dXoVi00UMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMTAxMTQxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdkODVmYzYyMTM2ODk1MDU1ZDg3MzM1NmMyYzhkOTUzYjIyOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXCvEIBNEwcJ4IVdL69Vk+jwxCZc
kcLueQvTg74fviNvC7bhjmDSeLZ57+NhmzWVXk95qzAXEcRjdcCkN9FkDVYwFVIj
GWlEhOeVW+6yICx6kYpW/v3cRxM+2e8mCp3wEaLbgEuhLvURTZFOO13OG5zRoNYO
crICUjoQlHhfcYEQ7IzrxwGBuP+mFhuVwCQoAu2in7YzGIx4QVmBHdEKqNUKySDK
3+4kNjFnxcGnEdqZ+dfJzeHT31wMhmvksUyvoSvjHWDXlbd6pXpoRReLm/gIjGRO
aNOoJxsVvndSIlb4rqQqw6uhiHzVrWQ3ok31w82f2E30Zm+KEOVxkcz0cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ9hfxiE2iVBV2HM1bCyNlTsinVMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvWm4yRl9HSVRhSlVGWFljelZzTEkyVk95S2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4vMA0G
CSqGSIb3DQEBCwUAA4IBAQCPMUviX2kXgRTcbZHzg0HHvXsoejvt01db+V5I0rW8
TQ3PlOtc8Lspw/KF+TJk1UDeDG7vduJCNbTAj9e0fOJsAEO5igxmvH2clqjTD/KR
CnYR/H5DjFJgRKSFZPuYOaVm2npzgmSdYy/N2K52XQsO+3QI+TUHgs7mJy8QBmvN
SBchqXz0AF14fhL1s/RLtfC73AwJ/2/5h8XUDduYh0eytNo7Lk+HcNVGUBMCh9K4
/jtAhY6UNIFBxe/ucrN+j+m05fMX6hA9j3t3ewxK4siQOoCZ730lVuKOg5Gv1Omo
fQB+0regDAhJRrkXGOINVeLEuDiOTd/BhkfKFwv1TygY
-----END CERTIFICATE-----