This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Zw5WYMZLpFX4Ksnc0ifaTvkcsXY.roa
File:                     Zw5WYMZLpFX4Ksnc0ifaTvkcsXY.roa (raw, json)
Hash identifier:          C18fBB7Cy74JOp9p1wDCXKCvqBCj8z0bWarhgimOnzk=
Subject key identifier:   67:0E:56:60:C6:4B:A4:55:F8:2A:C9:DC:D2:27:DA:4E:F9:1C:B1:76
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       019B7CECB8179CE700AA18581C66F3DD708A
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Zw5WYMZLpFX4Ksnc0ifaTvkcsXY.roa
Signing time:             Fri 02 Jan 2026 04:17:26 +0000
ROA not before:           Fri 02 Jan 2026 04:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:b8:17:9c:e7:00:aa:18:58:1c:66:f3:dd:70:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Jan  2 04:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=670e5660c64ba455f82ac9dcd227da4ef91cb176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e2:13:69:3f:95:e0:dd:8d:83:e3:c2:ef:c8:
                    c7:bc:a4:cf:16:d4:4e:c6:24:13:ec:b9:81:74:72:
                    a7:70:44:ff:c0:a8:95:c8:8c:18:40:47:51:cf:34:
                    a0:31:40:72:90:58:e9:2d:0d:76:5f:fe:a1:75:8f:
                    08:f5:ae:f9:70:76:18:8e:08:54:14:42:be:e3:04:
                    68:9d:7f:22:ae:0c:5c:52:c1:29:bd:04:06:c3:27:
                    e1:f4:13:54:46:40:9e:d6:b0:61:0d:bc:18:07:9d:
                    35:17:85:96:31:b6:f5:fa:15:1f:25:20:cc:50:e5:
                    96:fe:0d:6d:c5:c8:32:ea:57:50:79:20:4f:7b:b6:
                    41:c2:cf:de:cd:f8:a7:44:52:03:41:5a:f0:10:f5:
                    4b:27:7b:01:14:01:7f:e9:42:be:f4:c9:44:dc:4c:
                    33:97:8f:f3:0e:a1:f6:82:cf:2c:4e:b2:3e:7a:fc:
                    5b:4b:01:9c:4a:8a:6e:6a:c7:6d:e7:13:5c:28:4f:
                    fc:91:bf:89:2f:03:32:c7:fc:87:73:f2:58:ce:c2:
                    fa:23:83:f6:cd:fb:16:e8:03:b6:d5:82:b7:6e:da:
                    d9:d5:d6:bb:39:09:5e:a2:bc:8c:bf:27:fe:43:87:
                    c2:22:4a:01:8e:0b:86:d6:e7:92:65:1c:03:de:48:
                    10:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:0E:56:60:C6:4B:A4:55:F8:2A:C9:DC:D2:27:DA:4E:F9:1C:B1:76
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Zw5WYMZLpFX4Ksnc0ifaTvkcsXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:5b:2a:b4:59:bf:15:aa:5f:2b:90:d4:12:6c:a7:9c:47:4d:
         42:46:b9:48:cd:02:7b:0e:39:05:7a:aa:1a:be:d4:79:91:cb:
         a5:67:bb:3b:57:f9:bf:dc:8e:b3:19:f0:ca:a7:e9:b1:1a:d1:
         bf:e8:2e:8f:5e:08:68:90:13:3d:f4:27:32:03:72:92:61:c2:
         16:24:2f:fb:66:91:3f:a9:fb:1d:b1:e4:27:2f:99:85:25:a3:
         3e:17:29:6e:b8:18:d7:42:5e:0e:2d:ec:61:b7:bb:01:a4:d8:
         35:b1:99:39:e2:d9:fd:01:53:96:8b:14:26:2b:50:b9:0a:89:
         06:1f:e4:6a:d9:f9:e9:11:fa:f4:ff:44:7c:2c:0a:f6:58:d2:
         b2:08:b4:ef:6c:a0:33:06:32:e2:b3:d2:50:3c:b4:d9:c8:ea:
         8c:6c:ff:85:11:3e:63:dd:23:7a:ed:54:6d:f3:17:0c:a1:79:
         2b:2b:b3:c8:31:84:06:fc:30:e6:f5:85:3b:ea:d8:f2:31:1f:
         3c:48:1f:92:bb:d7:1b:29:77:c9:ab:63:50:83:de:f4:24:c3:
         99:54:61:cf:5e:54:d3:27:b8:fe:32:61:a9:50:09:1c:aa:82:
         80:33:4a:d4:38:9b:8f:c9:7a:16:bb:be:df:06:98:e0:e5:16:
         50:b1:a8:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87LgXnOcAqhhYHGbz3XCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjYwMTAyMDQxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzBlNTY2MGM2NGJhNDU1ZjgyYWM5ZGNkMjI3ZGE0ZWY5MWNiMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+ITaT+V4N2Ng+PC78jHvKTPFtRO
xiQT7LmBdHKncET/wKiVyIwYQEdRzzSgMUBykFjpLQ12X/6hdY8I9a75cHYYjghU
FEK+4wRonX8irgxcUsEpvQQGwyfh9BNURkCe1rBhDbwYB501F4WWMbb1+hUfJSDM
UOWW/g1txcgy6ldQeSBPe7ZBws/ezfinRFIDQVrwEPVLJ3sBFAF/6UK+9MlE3Ewz
l4/zDqH2gs8sTrI+evxbSwGcSopuasdt5xNcKE/8kb+JLwMyx/yHc/JYzsL6I4P2
zfsW6AO21YK3btrZ1da7OQleoryMvyf+Q4fCIkoBjguG1ueSZRwD3kgQ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcOVmDGS6RV+CrJ3NIn2k75HLF2MB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvWnc1V1lNWkxwRlg0S3NuYzBpZmFUdmtjc1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUlMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Wyq0Wb8Vql8rkNQSbKecR01CRrlIzQJ7DjkFeqoa
vtR5kculZ7s7V/m/3I6zGfDKp+mxGtG/6C6PXghokBM99CcyA3KSYcIWJC/7ZpE/
qfsdseQnL5mFJaM+FyluuBjXQl4OLexht7sBpNg1sZk54tn9AVOWixQmK1C5CokG
H+Rq2fnpEfr0/0R8LAr2WNKyCLTvbKAzBjLis9JQPLTZyOqMbP+FET5j3SN67VRt
8xcMoXkrK7PIMYQG/DDm9YU76tjyMR88SB+Su9cbKXfJq2NQg970JMOZVGHPXlTT
J7j+MmGpUAkcqoKAM0rUOJuPyXoWu77fBpjg5RZQsaga
-----END CERTIFICATE-----