This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/zfs_Uz06QkpM0ToVYsTQNdoRfrs.roa
File:                     zfs_Uz06QkpM0ToVYsTQNdoRfrs.roa (raw, json)
Hash identifier:          RWyAVM8btMkofu3TRGj+ZweTKQDjuf13tsN6/dBIOgY=
Subject key identifier:   CD:FB:3F:53:3D:3A:42:4A:4C:D1:3A:15:62:C4:D0:35:DA:11:7E:BB
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B360AA23646BE0F9FF8DBE869E91229
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/zfs_Uz06QkpM0ToVYsTQNdoRfrs.roa
Signing time:             Thu 01 Jan 2026 20:18:17 +0000
ROA not before:           Thu 01 Jan 2026 20:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57724
IP address blocks:        217.114.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:0a:a2:36:46:be:0f:9f:f8:db:e8:69:e9:12:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdfb3f533d3a424a4cd13a1562c4d035da117ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:51:52:82:01:8f:1a:fa:3a:7a:c0:59:0d:ee:
                    8b:67:92:a0:bd:58:32:4c:98:c0:0f:ad:2b:ef:ef:
                    56:7b:ad:31:da:2f:c3:cc:3a:24:fb:1d:61:52:aa:
                    9e:00:3c:84:04:d9:f4:94:d3:96:f2:3e:86:6d:8e:
                    12:4e:8b:15:ae:67:f9:7e:12:14:d3:09:48:e6:b4:
                    5b:c3:fb:6a:8d:da:fc:e7:50:1c:59:99:b7:29:1e:
                    eb:49:62:2f:e4:7c:f5:33:1a:60:c8:62:65:aa:25:
                    0c:7c:80:ff:05:2b:45:83:91:6a:97:c4:96:0e:31:
                    33:e5:65:d5:c2:9a:fc:cd:27:7b:26:ab:e5:fe:a8:
                    a4:ab:f1:fd:3b:25:fe:ac:72:30:13:ac:7c:68:1a:
                    db:5b:c3:56:6f:d4:b1:e0:29:5a:5a:ce:ba:58:8f:
                    c1:92:f3:c0:a2:56:b7:33:01:83:59:51:3a:cf:04:
                    68:2f:b3:f7:4b:0b:67:49:53:7b:02:a0:40:f5:c0:
                    8e:66:00:e9:41:1e:a4:2e:cd:44:45:c6:e2:75:e2:
                    b9:7b:d0:ae:5c:cf:92:f1:93:55:4d:06:87:e6:21:
                    84:08:b9:d1:3d:03:d4:12:f5:2b:80:58:52:86:0a:
                    74:7f:bd:f0:81:d1:af:80:30:fa:9a:21:1a:91:39:
                    ad:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FB:3F:53:3D:3A:42:4A:4C:D1:3A:15:62:C4:D0:35:DA:11:7E:BB
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/zfs_Uz06QkpM0ToVYsTQNdoRfrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:73:b9:61:5c:51:a3:2d:ca:f4:3c:83:83:ad:52:1a:24:a5:
         b3:8d:da:fb:4a:bf:83:08:3e:8b:f4:68:4a:94:d8:76:fb:4a:
         63:0e:c3:b5:06:39:8c:53:a1:46:13:61:2d:e9:29:1f:7f:c2:
         84:ae:55:41:05:8d:6e:89:52:86:cd:2b:d5:c9:57:45:66:3e:
         67:60:38:c2:42:9d:e3:a0:0f:e5:c9:77:5d:84:16:5d:38:02:
         07:f7:6f:95:eb:db:fe:e9:d4:bd:af:d0:9c:59:6a:1e:8c:79:
         d9:d4:1c:10:11:1c:dc:fe:46:55:af:65:cb:4f:69:36:38:b9:
         dc:f4:47:db:f2:4b:ca:72:7b:0e:ab:6f:67:4f:f7:68:08:7e:
         51:f9:26:bb:b2:8f:67:5f:43:5c:0c:6a:c2:7e:2f:fe:ae:b5:
         da:a2:29:19:a5:2d:2a:75:6f:93:42:98:61:60:70:dd:fc:10:
         38:44:f5:fe:6b:7c:98:5d:f5:52:48:85:90:21:d7:bd:8a:8f:
         12:b7:c5:52:9b:3c:41:31:3b:bf:74:e9:56:ef:16:80:77:d8:
         b4:44:58:b2:f2:11:99:01:44:88:2f:76:23:55:9c:b9:19:c3:
         bd:53:cb:3b:dc:cf:b8:b9:bc:06:67:5a:1d:ca:f3:f8:fa:ef:
         79:af:19:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NgqiNka+D5/42+hp6RIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZiM2Y1MzNkM2E0MjRhNGNkMTNhMTU2MmM0ZDAzNWRhMTE3ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlFSggGPGvo6esBZDe6LZ5KgvVgy
TJjAD60r7+9We60x2i/DzDok+x1hUqqeADyEBNn0lNOW8j6GbY4STosVrmf5fhIU
0wlI5rRbw/tqjdr851AcWZm3KR7rSWIv5Hz1MxpgyGJlqiUMfID/BStFg5Fql8SW
DjEz5WXVwpr8zSd7Jqvl/qikq/H9OyX+rHIwE6x8aBrbW8NWb9Sx4ClaWs66WI/B
kvPAola3MwGDWVE6zwRoL7P3SwtnSVN7AqBA9cCOZgDpQR6kLs1ERcbideK5e9Cu
XM+S8ZNVTQaH5iGECLnRPQPUEvUrgFhShgp0f73wgdGvgDD6miEakTmtXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM37P1M9OkJKTNE6FWLE0DXaEX67MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvemZzX1V6MDZRa3BNMFRvVllzVFFOZG9SZnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XIqMA0G
CSqGSIb3DQEBCwUAA4IBAQCec7lhXFGjLcr0PIODrVIaJKWzjdr7Sr+DCD6L9GhK
lNh2+0pjDsO1BjmMU6FGE2Et6Skff8KErlVBBY1uiVKGzSvVyVdFZj5nYDjCQp3j
oA/lyXddhBZdOAIH92+V69v+6dS9r9CcWWoejHnZ1BwQERzc/kZVr2XLT2k2OLnc
9Efb8kvKcnsOq29nT/doCH5R+Sa7so9nX0NcDGrCfi/+rrXaoikZpS0qdW+TQphh
YHDd/BA4RPX+a3yYXfVSSIWQIde9io8St8VSmzxBMTu/dOlW7xaAd9i0RFiy8hGZ
AUSIL3YjVZy5GcO9U8s73M+4ubwGZ1odyvP4+u95rxkG
-----END CERTIFICATE-----