This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rZMYhtOv904G0zZamirGztIHGVQ.roa
File:                     rZMYhtOv904G0zZamirGztIHGVQ.roa (raw, json)
Hash identifier:          y1iwKVPzT1gpIzzEXHPkyhZF2ryXBF1cDl+SIGGXLOg=
Subject key identifier:   AD:93:18:86:D3:AF:F7:4E:06:D3:36:5A:9A:2A:C6:CE:D2:07:19:54
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B797ED451E505CC6C8682835508B581BF
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rZMYhtOv904G0zZamirGztIHGVQ.roa
Signing time:             Thu 01 Jan 2026 12:18:33 +0000
ROA not before:           Thu 01 Jan 2026 12:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        178.253.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:d4:51:e5:05:cc:6c:86:82:83:55:08:b5:81:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 12:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad931886d3aff74e06d3365a9a2ac6ced2071954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0d:bb:b4:f3:26:24:f6:84:7c:07:9d:9e:50:
                    5c:fd:0d:1b:c1:86:16:0d:a6:98:7d:d3:16:68:4b:
                    9c:cd:d9:33:60:ab:40:9b:d5:45:3a:b6:80:5f:97:
                    0e:df:f7:c9:59:b6:7f:10:a0:4c:c9:9b:75:4d:92:
                    19:c1:5e:15:a0:b8:4a:6a:d4:50:38:59:a9:54:cb:
                    ed:35:a1:d6:db:c4:0c:89:47:66:76:ef:57:2f:91:
                    06:fb:1d:c1:83:ed:11:e7:d7:b5:80:0b:c1:88:ad:
                    dc:77:88:b2:d0:0d:b0:f3:bc:54:41:41:13:b2:49:
                    c4:b0:ee:ac:cf:7f:15:d5:45:70:a2:39:2a:69:6b:
                    d9:69:d4:57:ab:11:5a:ac:c9:7e:a8:59:10:7a:c3:
                    b7:8e:2c:4d:c7:c3:a8:9c:cc:57:93:7f:29:91:f7:
                    b5:68:38:c7:5e:85:11:06:24:f3:72:03:e9:5c:23:
                    1b:3f:33:87:2a:d8:5c:a9:ae:64:6f:19:84:08:4f:
                    44:55:ab:db:68:01:19:47:71:42:72:d7:b7:f6:e7:
                    80:0f:a0:66:ab:58:22:a8:78:3d:47:0c:25:1e:86:
                    bc:18:55:82:ca:90:76:3e:5a:54:dc:d5:41:ed:af:
                    69:71:bb:a1:cf:22:36:3d:84:1b:d8:b2:fb:ed:02:
                    78:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:93:18:86:D3:AF:F7:4E:06:D3:36:5A:9A:2A:C6:CE:D2:07:19:54
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rZMYhtOv904G0zZamirGztIHGVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a4:54:bc:0b:42:38:54:82:61:db:85:8d:12:4a:a5:61:bc:
         23:2c:3e:87:12:9e:4d:fa:c8:77:f6:a7:13:ce:4b:82:86:52:
         fb:00:ac:86:90:14:c1:04:ec:62:98:59:21:f8:54:c1:e1:50:
         8d:a3:5e:9d:7a:9d:d9:6b:18:1a:b1:70:4f:c1:5b:04:40:e4:
         b4:b6:cb:aa:65:bf:75:85:2e:53:0e:44:5f:0a:f5:fe:d1:b3:
         a2:ce:7a:8b:f8:45:6c:20:93:9a:fc:c0:5e:c9:fc:ba:c0:da:
         4f:ce:ae:19:57:d1:98:1b:09:f2:95:f9:47:c1:fa:cb:a1:31:
         09:59:1c:5c:38:87:3b:5d:10:c7:31:c1:bf:af:9b:58:11:45:
         00:e7:e7:aa:5e:9d:76:66:59:9c:10:eb:95:01:2b:bc:df:30:
         8f:11:b5:51:34:ac:8d:f1:2f:e6:3f:4b:2b:de:a3:34:a3:ea:
         fe:0f:83:54:c9:52:0e:28:24:9f:47:bd:fd:ac:a1:09:eb:b6:
         5b:4a:62:86:d0:44:88:6b:0f:7a:38:a1:32:11:74:90:db:81:
         f9:bd:b6:33:64:a1:75:17:e4:e8:c2:26:ff:a4:54:5c:c9:bd:
         c2:bc:96:ea:2b:de:c4:77:ff:5b:3a:7d:3f:83:f5:2d:6f:92:
         42:a6:f9:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftRR5QXMbIaCg1UItYG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTAxMTIxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDkzMTg4NmQzYWZmNzRlMDZkMzM2NWE5YTJhYzZjZWQyMDcxOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ27tPMmJPaEfAednlBc/Q0bwYYW
DaaYfdMWaEuczdkzYKtAm9VFOraAX5cO3/fJWbZ/EKBMyZt1TZIZwV4VoLhKatRQ
OFmpVMvtNaHW28QMiUdmdu9XL5EG+x3Bg+0R59e1gAvBiK3cd4iy0A2w87xUQUET
sknEsO6sz38V1UVwojkqaWvZadRXqxFarMl+qFkQesO3jixNx8OonMxXk38pkfe1
aDjHXoURBiTzcgPpXCMbPzOHKthcqa5kbxmECE9EVavbaAEZR3FCcte39ueAD6Bm
q1giqHg9RwwlHoa8GFWCypB2PlpU3NVB7a9pcbuhzyI2PYQb2LL77QJ4qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2TGIbTr/dOBtM2Wpoqxs7SBxlUMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvclpNWWh0T3Y5MDRHMHpaYW1pckd6dElIR1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3NMA0G
CSqGSIb3DQEBCwUAA4IBAQBOpFS8C0I4VIJh24WNEkqlYbwjLD6HEp5N+sh39qcT
zkuChlL7AKyGkBTBBOximFkh+FTB4VCNo16dep3ZaxgasXBPwVsEQOS0tsuqZb91
hS5TDkRfCvX+0bOiznqL+EVsIJOa/MBeyfy6wNpPzq4ZV9GYGwnylflHwfrLoTEJ
WRxcOIc7XRDHMcG/r5tYEUUA5+eqXp12ZlmcEOuVASu83zCPEbVRNKyN8S/mP0sr
3qM0o+r+D4NUyVIOKCSfR739rKEJ67ZbSmKG0ESIaw96OKEyEXSQ24H5vbYzZKF1
F+Towib/pFRcyb3CvJbqK97Ed/9bOn0/g/Utb5JCpvmE
-----END CERTIFICATE-----