This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Zv3FIbxrHUDa_eVep4PasKjQU6o.roa
File:                     Zv3FIbxrHUDa_eVep4PasKjQU6o.roa (raw, json)
Hash identifier:          JKEF8YhZitQIVgkT+7vZT9WWbZK9Q/6ak4c105Exh3Q=
Subject key identifier:   66:FD:C5:21:BC:6B:1D:40:DA:FD:E5:5E:A7:83:DA:B0:A8:D0:53:AA
Certificate issuer:       /CN=42fe55e6288a1b4702f9ebe7f8c6060b6cfbb1bc
Certificate serial:       019B7DCA96C2A6CF2868F62DD4F398847244
Authority key identifier: 42:FE:55:E6:28:8A:1B:47:02:F9:EB:E7:F8:C6:06:0B:6C:FB:B1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Zv3FIbxrHUDa_eVep4PasKjQU6o.roa
Signing time:             Fri 02 Jan 2026 08:19:47 +0000
ROA not before:           Fri 02 Jan 2026 08:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15703
IP address blocks:        194.50.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:96:c2:a6:cf:28:68:f6:2d:d4:f3:98:84:72:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42fe55e6288a1b4702f9ebe7f8c6060b6cfbb1bc
        Validity
            Not Before: Jan  2 08:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66fdc521bc6b1d40dafde55ea783dab0a8d053aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b3:1f:2e:00:30:f5:2e:96:18:cb:f4:fb:49:
                    75:3e:b3:cb:e4:28:f1:e0:91:f1:04:21:e6:b1:9f:
                    29:f9:f3:18:40:9f:53:cf:ce:e0:a0:39:04:71:b6:
                    8d:2b:d2:09:6b:5a:65:84:02:18:64:15:1e:d5:e3:
                    c1:9b:11:2e:91:a7:dc:e8:b2:6a:65:e2:25:3e:77:
                    e8:c5:69:d4:90:b7:0e:4d:69:2b:69:64:43:05:83:
                    6e:5f:41:4d:9c:48:24:3b:e9:2a:dc:93:70:20:d6:
                    d5:92:43:91:d9:a5:b6:fb:70:1a:e0:b5:0d:53:a3:
                    dd:94:32:02:75:cb:de:70:6f:02:99:9d:db:eb:04:
                    93:70:2d:7e:56:3f:78:32:57:42:0d:b1:c4:3c:72:
                    be:8e:12:e1:9f:9b:b1:9a:1b:15:f8:5a:4d:10:fa:
                    29:ed:42:d5:77:38:b1:ed:a7:c4:32:e3:93:ad:10:
                    b5:b7:b0:2e:d9:99:46:34:98:1e:e7:74:f1:44:b7:
                    dd:59:d2:ba:6d:02:21:ef:2f:2f:32:7a:fa:65:73:
                    ff:e6:c3:d4:20:72:fb:56:8d:5b:61:ad:e0:3d:df:
                    4a:d1:47:33:af:58:d7:c3:00:35:36:0c:cc:08:56:
                    22:d2:05:33:17:a0:fe:16:7b:1d:4d:67:bd:d8:38:
                    52:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FD:C5:21:BC:6B:1D:40:DA:FD:E5:5E:A7:83:DA:B0:A8:D0:53:AA
            X509v3 Authority Key Identifier:
                keyid:42:FE:55:E6:28:8A:1B:47:02:F9:EB:E7:F8:C6:06:0B:6C:FB:B1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Zv3FIbxrHUDa_eVep4PasKjQU6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3f:12:0d:9d:94:20:0d:4c:cf:8f:28:ee:ca:18:48:34:93:
         ff:5a:bd:ea:17:63:33:ea:e3:19:87:2f:ad:80:e3:f0:44:8e:
         ac:b9:41:b8:71:73:68:c9:c6:72:b6:5f:32:f4:fb:fe:4f:72:
         71:28:aa:dd:8d:3d:de:f9:fc:e6:e0:81:52:90:59:25:7f:a7:
         37:a8:20:21:d6:e6:43:18:57:df:c7:6d:73:68:9b:b1:cf:c3:
         b9:38:7f:18:e2:98:ce:a2:10:9d:e3:8d:ba:22:70:00:34:d5:
         0e:cf:a4:24:fe:41:ec:55:55:3d:0b:4b:69:60:51:38:05:6d:
         8d:02:f9:31:99:b5:31:4c:48:dd:13:07:3a:87:98:be:65:84:
         42:d3:32:8d:75:af:25:cb:aa:40:1a:3b:60:81:11:f1:ec:c3:
         6f:c8:4d:e6:5a:46:34:4b:59:58:85:2e:48:1c:47:4c:5a:b1:
         0a:6c:c6:9f:78:2b:02:a4:5f:54:0a:d3:27:30:29:af:43:2d:
         57:a8:8b:bf:cb:3d:86:18:a7:95:97:69:6b:98:fc:76:b5:d9:
         b8:c2:d6:02:21:52:97:5e:37:59:89:e0:4a:34:e4:58:93:8b:
         1c:a1:cc:26:8d:aa:a7:80:91:40:99:ec:d5:ae:cc:0b:98:44:
         2f:f8:e0:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ypbCps8oaPYt1POYhHJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZmU1NWU2Mjg4YTFiNDcwMmY5ZWJlN2Y4YzYwNjBiNmNm
YmIxYmMwHhcNMjYwMTAyMDgxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZkYzUyMWJjNmIxZDQwZGFmZGU1NWVhNzgzZGFiMGE4ZDA1M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rMfLgAw9S6WGMv0+0l1PrPL5Cjx
4JHxBCHmsZ8p+fMYQJ9Tz87goDkEcbaNK9IJa1plhAIYZBUe1ePBmxEukafc6LJq
ZeIlPnfoxWnUkLcOTWkraWRDBYNuX0FNnEgkO+kq3JNwINbVkkOR2aW2+3Aa4LUN
U6PdlDICdcvecG8CmZ3b6wSTcC1+Vj94MldCDbHEPHK+jhLhn5uxmhsV+FpNEPop
7ULVdzix7afEMuOTrRC1t7Au2ZlGNJge53TxRLfdWdK6bQIh7y8vMnr6ZXP/5sPU
IHL7Vo1bYa3gPd9K0Uczr1jXwwA1NgzMCFYi0gUzF6D+FnsdTWe92DhSNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGb9xSG8ax1A2v3lXqeD2rCo0FOqMB8GA1UdIwQY
MBaAFEL+VeYoihtHAvnr5/jGBgts+7G8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXY1VjVpaUtHMGNDLWV2bi1NWUdDMno3c2J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84MTQxZGQtNDQ5Yi00ZDFmLTgxMWEt
ZDYxOTBjY2Y3ODU3LzEvWnYzRklieHJIVURhX2VWZXA0UGFzS2pRVTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84MTQxZGQtNDQ5Yi00ZDFmLTgxMWEtZDYxOTBjY2Y3ODU3
LzEvUXY1VjVpaUtHMGNDLWV2bi1NWUdDMno3c2J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJwMA0G
CSqGSIb3DQEBCwUAA4IBAQABPxINnZQgDUzPjyjuyhhINJP/Wr3qF2Mz6uMZhy+t
gOPwRI6suUG4cXNoycZytl8y9Pv+T3JxKKrdjT3e+fzm4IFSkFklf6c3qCAh1uZD
GFffx21zaJuxz8O5OH8Y4pjOohCd4426InAANNUOz6Qk/kHsVVU9C0tpYFE4BW2N
AvkxmbUxTEjdEwc6h5i+ZYRC0zKNda8ly6pAGjtggRHx7MNvyE3mWkY0S1lYhS5I
HEdMWrEKbMafeCsCpF9UCtMnMCmvQy1XqIu/yz2GGKeVl2lrmPx2tdm4wtYCIVKX
XjdZieBKNORYk4scocwmjaqngJFAmezVrswLmEQv+OBM
-----END CERTIFICATE-----