This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/ZoxHWr59OftqgFBaS0g_ihcCxHI.roa
File:                     ZoxHWr59OftqgFBaS0g_ihcCxHI.roa (raw, json)
Hash identifier:          WqLRsE9et1dy1xG/u+4z6Ef9e0vz4XBOuKvh8sShkIY=
Subject key identifier:   66:8C:47:5A:BE:7D:39:FB:6A:80:50:5A:4B:48:3F:8A:17:02:C4:72
Certificate issuer:       /CN=209faf93524bb80774ffce9341f495a8fb318f10
Certificate serial:       019B79ECEDF3B8D0E58F99080FB25B5984AC
Authority key identifier: 20:9F:AF:93:52:4B:B8:07:74:FF:CE:93:41:F4:95:A8:FB:31:8F:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IJ-vk1JLuAd0_86TQfSVqPsxjxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/ZoxHWr59OftqgFBaS0g_ihcCxHI.roa
Signing time:             Thu 01 Jan 2026 14:18:49 +0000
ROA not before:           Thu 01 Jan 2026 14:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202220
IP address blocks:        109.207.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/IJ-vk1JLuAd0_86TQfSVqPsxjxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/IJ-vk1JLuAd0_86TQfSVqPsxjxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IJ-vk1JLuAd0_86TQfSVqPsxjxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ed:f3:b8:d0:e5:8f:99:08:0f:b2:5b:59:84:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=209faf93524bb80774ffce9341f495a8fb318f10
        Validity
            Not Before: Jan  1 14:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=668c475abe7d39fb6a80505a4b483f8a1702c472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fb:02:41:d5:1e:a3:e3:73:cd:46:b3:0a:de:
                    21:42:23:b1:f0:05:7e:a2:6e:ce:1d:c2:78:0a:c4:
                    c8:31:05:09:06:49:95:67:52:41:0b:4b:01:c9:bd:
                    e1:e8:bc:5e:5f:06:ee:c7:e2:c1:b4:63:cb:21:24:
                    ac:b5:82:da:dc:6a:0c:70:ff:dc:6d:06:8a:7a:be:
                    8f:6f:82:0f:e4:c7:f4:9f:e3:a6:47:13:67:98:61:
                    b4:4d:d7:8f:62:1b:64:15:57:cc:7f:92:47:99:01:
                    10:20:fb:88:db:5f:88:05:1d:c1:87:45:cc:0b:c5:
                    55:e9:9d:5a:38:87:a3:57:11:c6:4d:de:ec:5f:af:
                    11:86:eb:9b:51:4a:4a:d5:79:50:a9:84:3c:0f:36:
                    f5:9c:05:2f:71:ff:61:77:b5:2c:b5:12:da:51:13:
                    6f:28:1b:ba:18:e2:5d:93:f9:93:31:02:c5:ee:f2:
                    01:2f:e1:12:c2:6c:e0:2d:a4:3f:80:da:bb:36:12:
                    6a:1f:79:e2:15:1d:68:15:1f:e6:cc:ad:66:45:f9:
                    94:ab:e2:11:79:78:ec:c7:dc:f7:2c:60:a2:8a:83:
                    19:fd:e7:9e:ff:9b:fb:a2:07:78:08:3b:c1:6b:2e:
                    6d:ee:84:7f:62:2e:05:ef:42:b3:7a:84:b5:1c:f2:
                    6b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8C:47:5A:BE:7D:39:FB:6A:80:50:5A:4B:48:3F:8A:17:02:C4:72
            X509v3 Authority Key Identifier:
                keyid:20:9F:AF:93:52:4B:B8:07:74:FF:CE:93:41:F4:95:A8:FB:31:8F:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IJ-vk1JLuAd0_86TQfSVqPsxjxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/ZoxHWr59OftqgFBaS0g_ihcCxHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/5a2cbd-3b26-4586-8a6e-d164dde5351f/1/IJ-vk1JLuAd0_86TQfSVqPsxjxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:bd:93:e8:79:78:2c:e0:81:28:61:65:dd:92:e9:f0:83:dc:
         01:fc:92:ee:6c:1e:23:b1:34:35:af:1d:a6:ee:8f:5c:31:26:
         e3:0e:c5:ed:6f:d4:61:4a:37:51:9b:6f:00:e8:48:35:83:48:
         53:49:00:7a:0a:ea:a8:9e:6f:21:2c:c2:a0:b8:e7:43:3e:58:
         2b:81:7a:4d:2b:f5:29:68:12:bd:50:54:87:f1:3b:74:66:ba:
         48:f0:59:25:da:83:c4:f0:0c:0d:14:09:11:3a:e6:0c:1f:2e:
         6d:de:92:21:d7:77:b7:9d:d8:d5:6d:11:49:66:e4:46:e2:98:
         28:e4:c1:00:89:48:0f:4b:f3:85:49:2b:3a:87:37:e1:7e:c8:
         cb:a8:10:0f:e4:07:fe:02:32:94:c8:7c:ec:61:cb:c6:c1:70:
         57:f3:82:47:ae:6d:a3:c7:28:09:aa:cb:13:cc:57:ae:6b:3d:
         71:ee:5d:53:ec:74:b3:10:dc:8a:b7:83:ac:f7:25:22:28:93:
         18:09:90:e6:41:94:79:92:bd:3d:51:11:51:e2:95:e2:3d:b8:
         ba:0c:07:a5:f9:32:93:61:0e:c0:b9:d9:21:34:4d:39:ef:a5:
         28:29:6c:36:24:4b:42:26:c3:ab:2a:89:14:41:97:db:65:28:
         f3:ba:ec:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57O3zuNDlj5kID7JbWYSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwOWZhZjkzNTI0YmI4MDc3NGZmY2U5MzQxZjQ5NWE4ZmIz
MThmMTAwHhcNMjYwMTAxMTQxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhjNDc1YWJlN2QzOWZiNmE4MDUwNWE0YjQ4M2Y4YTE3MDJjNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPsCQdUeo+NzzUazCt4hQiOx8AV+
om7OHcJ4CsTIMQUJBkmVZ1JBC0sByb3h6LxeXwbux+LBtGPLISSstYLa3GoMcP/c
bQaKer6Pb4IP5Mf0n+OmRxNnmGG0TdePYhtkFVfMf5JHmQEQIPuI21+IBR3Bh0XM
C8VV6Z1aOIejVxHGTd7sX68RhuubUUpK1XlQqYQ8Dzb1nAUvcf9hd7UstRLaURNv
KBu6GOJdk/mTMQLF7vIBL+ESwmzgLaQ/gNq7NhJqH3niFR1oFR/mzK1mRfmUq+IR
eXjsx9z3LGCiioMZ/eee/5v7ogd4CDvBay5t7oR/Yi4F70KzeoS1HPJrVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaMR1q+fTn7aoBQWktIP4oXAsRyMB8GA1UdIwQY
MBaAFCCfr5NSS7gHdP/Ok0H0laj7MY8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUotdmsxSkx1QWQwXzg2VFFmU1ZxUHN4anhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS81YTJjYmQtM2IyNi00NTg2LThhNmUt
ZDE2NGRkZTUzNTFmLzEvWm94SFdyNTlPZnRxZ0ZCYVMwZ19paGNDeEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS81YTJjYmQtM2IyNi00NTg2LThhNmUtZDE2NGRkZTUzNTFm
LzEvSUotdmsxSkx1QWQwXzg2VFFmU1ZxUHN4anhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc9lMA0G
CSqGSIb3DQEBCwUAA4IBAQAUvZPoeXgs4IEoYWXdkunwg9wB/JLubB4jsTQ1rx2m
7o9cMSbjDsXtb9RhSjdRm28A6Eg1g0hTSQB6Cuqonm8hLMKguOdDPlgrgXpNK/Up
aBK9UFSH8Tt0ZrpI8Fkl2oPE8AwNFAkROuYMHy5t3pIh13e3ndjVbRFJZuRG4pgo
5MEAiUgPS/OFSSs6hzfhfsjLqBAP5Af+AjKUyHzsYcvGwXBX84JHrm2jxygJqssT
zFeuaz1x7l1T7HSzENyKt4Os9yUiKJMYCZDmQZR5kr09URFR4pXiPbi6DAel+TKT
YQ7AudkhNE0576UoKWw2JEtCJsOrKokUQZfbZSjzuuzx
-----END CERTIFICATE-----