This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/zt1e9hXqnKC7GTDcsl5TmahbR14.roa
File:                     zt1e9hXqnKC7GTDcsl5TmahbR14.roa (raw, json)
Hash identifier:          cMjId05GIC2DoYaxGvqZ9tQQexKxYbYtbXXHMb77nW0=
Subject key identifier:   CE:DD:5E:F6:15:EA:9C:A0:BB:19:30:DC:B2:5E:53:99:A8:5B:47:5E
Certificate issuer:       /CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
Certificate serial:       019B7C11E290A4A6CBD966EFEE64FB741FF5
Authority key identifier: BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/zt1e9hXqnKC7GTDcsl5TmahbR14.roa
Signing time:             Fri 02 Jan 2026 00:18:25 +0000
ROA not before:           Fri 02 Jan 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398343
IP address blocks:        45.149.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:e2:90:a4:a6:cb:d9:66:ef:ee:64:fb:74:1f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
        Validity
            Not Before: Jan  2 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cedd5ef615ea9ca0bb1930dcb25e5399a85b475e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2d:a9:31:5e:aa:ae:22:a6:2d:96:2d:d7:8f:
                    a1:f6:88:0d:8e:65:6b:d2:6f:bd:4f:60:60:26:15:
                    d0:32:b0:e7:9b:fd:38:f3:e8:db:a6:be:fc:39:39:
                    8a:27:a6:78:a7:a6:58:b2:47:d2:0f:bc:cd:bd:0c:
                    55:37:94:40:e3:a0:2b:b3:7c:5d:01:30:43:06:fb:
                    f5:f6:ca:93:11:10:05:d5:6c:d0:ca:c5:d3:4f:c5:
                    7d:74:8e:e8:5f:40:19:93:6f:03:67:d1:91:c5:78:
                    04:d7:66:be:8a:46:8d:9b:cb:cb:fd:f1:4a:ae:7c:
                    b2:05:d4:c1:8d:6c:5c:fe:44:bb:49:7b:a8:ca:fb:
                    4f:55:07:ec:1a:12:77:21:3b:23:66:30:d5:c6:d4:
                    73:4c:22:44:64:11:3c:07:a8:bd:b7:40:8e:38:a6:
                    9e:c2:0e:96:01:dd:78:31:8b:47:49:cf:a9:bd:8d:
                    0a:6b:ca:c6:74:69:5e:e8:57:66:ba:96:9a:12:59:
                    62:45:89:9f:5e:e3:ba:1e:20:73:17:f6:51:13:e4:
                    5e:49:90:cc:33:1c:06:e3:ac:5b:68:e1:15:fc:74:
                    2e:29:ce:ec:64:50:bf:81:4c:2d:e7:61:f9:e7:7a:
                    4d:02:12:9d:f7:50:5e:61:bc:6d:06:39:bd:03:23:
                    38:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DD:5E:F6:15:EA:9C:A0:BB:19:30:DC:B2:5E:53:99:A8:5B:47:5E
            X509v3 Authority Key Identifier:
                keyid:BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/zt1e9hXqnKC7GTDcsl5TmahbR14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:6e:c3:16:29:2c:c8:54:93:ab:49:f1:d6:4d:04:27:16:75:
         1b:48:e0:2f:73:11:eb:24:e5:41:3c:ba:95:a7:bc:08:13:67:
         06:91:7e:b7:21:bb:2f:c6:21:98:4d:b4:e7:e2:bf:14:85:7b:
         09:ff:ce:2f:54:ac:fc:24:39:9f:75:c9:85:15:22:3c:e0:35:
         70:83:94:f5:11:2b:a2:77:de:af:2b:d9:0a:53:0b:a2:a6:80:
         b8:d7:e0:5c:a0:61:3f:9d:21:e7:4e:27:3a:a7:97:02:d9:3e:
         c6:36:db:4b:a1:8d:34:71:8f:91:1b:f4:5e:e1:7b:e3:c5:e7:
         1c:2f:58:29:4f:c8:0c:47:e8:98:ae:ff:78:96:e8:91:1e:95:
         d5:23:c8:84:c9:00:27:77:48:4c:4a:7d:3a:92:26:5f:56:85:
         97:2a:dc:d0:5f:b0:23:07:04:75:cc:b6:c1:3a:f7:7c:81:4e:
         d3:1f:ad:cd:3f:e0:b4:68:40:99:74:73:5f:e6:24:0e:e8:f4:
         56:c2:fd:34:79:fc:fe:d2:15:8f:fc:3d:12:c4:3f:25:8d:63:
         f2:5b:4b:45:e6:91:58:7a:20:27:21:cc:c1:31:88:8c:19:3f:
         d9:5f:41:01:d5:18:b0:6e:0f:55:22:2e:12:fa:24:5f:56:13:
         c0:41:ae:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EeKQpKbL2Wbv7mT7dB/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDgxY2E5MGNjNTIyNDU4NmFmZWJhYjFjNzhiMTc5MDI2
OGQ1YzEwHhcNMjYwMTAyMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRkNWVmNjE1ZWE5Y2EwYmIxOTMwZGNiMjVlNTM5OWE4NWI0NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0y2pMV6qriKmLZYt14+h9ogNjmVr
0m+9T2BgJhXQMrDnm/048+jbpr78OTmKJ6Z4p6ZYskfSD7zNvQxVN5RA46Ars3xd
ATBDBvv19sqTERAF1WzQysXTT8V9dI7oX0AZk28DZ9GRxXgE12a+ikaNm8vL/fFK
rnyyBdTBjWxc/kS7SXuoyvtPVQfsGhJ3ITsjZjDVxtRzTCJEZBE8B6i9t0COOKae
wg6WAd14MYtHSc+pvY0Ka8rGdGle6FdmupaaElliRYmfXuO6HiBzF/ZRE+ReSZDM
MxwG46xbaOEV/HQuKc7sZFC/gUwt52H553pNAhKd91BeYbxtBjm9AyM46QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7dXvYV6pyguxkw3LJeU5moW0deMB8GA1UdIwQY
MBaAFL/YHKkMxSJFhq/rqxx4sXkCaNXBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2Zjct
ODRhZGNiZjVhYzU1LzEvenQxZTloWHFuS0M3R1REY3NsNVRtYWhiUjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2ZjctODRhZGNiZjVhYzU1
LzEvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZXaMA0G
CSqGSIb3DQEBCwUAA4IBAQCLbsMWKSzIVJOrSfHWTQQnFnUbSOAvcxHrJOVBPLqV
p7wIE2cGkX63IbsvxiGYTbTn4r8UhXsJ/84vVKz8JDmfdcmFFSI84DVwg5T1ESui
d96vK9kKUwuipoC41+BcoGE/nSHnTic6p5cC2T7GNttLoY00cY+RG/Re4Xvjxecc
L1gpT8gMR+iYrv94luiRHpXVI8iEyQAnd0hMSn06kiZfVoWXKtzQX7AjBwR1zLbB
Ovd8gU7TH63NP+C0aECZdHNf5iQO6PRWwv00efz+0hWP/D0SxD8ljWPyW0tF5pFY
eiAnIczBMYiMGT/ZX0EB1Riwbg9VIi4S+iRfVhPAQa4v
-----END CERTIFICATE-----