This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/zHZaUGL1PgevIY9huCaPmQ1rgRA.roa
File:                     zHZaUGL1PgevIY9huCaPmQ1rgRA.roa (raw, json)
Hash identifier:          ncKaZ+bqsMAHSDw8fyhXbISTNBW6FE6m6Rhkmp7c75o=
Subject key identifier:   CC:76:5A:50:62:F5:3E:07:AF:21:8F:61:B8:26:8F:99:0D:6B:81:10
Certificate issuer:       /CN=5afd8667cce95be0ae96058c4550d7088035312f
Certificate serial:       019B7FF137814CE96BF28F23DA7E906F22F6
Authority key identifier: 5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/zHZaUGL1PgevIY9huCaPmQ1rgRA.roa
Signing time:             Fri 02 Jan 2026 18:21:13 +0000
ROA not before:           Fri 02 Jan 2026 18:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212406
IP address blocks:        195.246.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:37:81:4c:e9:6b:f2:8f:23:da:7e:90:6f:22:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afd8667cce95be0ae96058c4550d7088035312f
        Validity
            Not Before: Jan  2 18:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc765a5062f53e07af218f61b8268f990d6b8110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b2:bd:c2:c2:30:8c:b1:24:af:8d:b4:3a:2a:
                    cd:9e:3c:e8:be:9f:9a:7f:b2:0d:df:8c:42:98:04:
                    bb:73:8c:3e:26:25:f8:ee:9e:ad:98:b9:0f:23:87:
                    1a:92:4f:81:77:da:09:48:94:50:81:2e:b2:f1:ae:
                    9a:85:ed:80:f2:c9:ed:8a:53:38:5d:31:9c:7f:08:
                    42:7b:a0:47:93:f5:5b:01:c0:46:d6:17:bd:6f:b5:
                    9c:2d:5b:c3:e2:03:45:ef:58:6e:96:b6:9f:a3:1f:
                    33:86:92:41:a1:f4:a5:a1:37:fe:3d:e5:62:c4:0a:
                    d7:09:81:84:2a:8b:22:83:d9:e9:06:23:47:8b:c1:
                    1b:9c:78:db:50:75:62:02:1c:b6:95:be:18:ae:06:
                    40:fc:da:c2:28:3f:1e:8f:ee:99:28:ae:7d:12:25:
                    4e:41:02:1d:64:e7:c5:d7:9a:f1:5a:b1:5f:f3:4e:
                    9b:5f:41:5b:cc:20:42:3c:12:b3:57:06:68:c9:16:
                    3b:4c:31:fd:7d:94:92:d4:0e:62:15:c0:cf:2b:e7:
                    8f:0f:3a:10:6c:66:60:30:5d:87:e8:e2:3e:c3:d3:
                    31:8f:69:bd:a9:cf:fb:cb:b2:67:b3:a2:f9:e8:13:
                    08:96:4f:d5:62:95:ae:07:9f:c0:0b:62:82:8b:9e:
                    57:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:76:5A:50:62:F5:3E:07:AF:21:8F:61:B8:26:8F:99:0D:6B:81:10
            X509v3 Authority Key Identifier:
                keyid:5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/zHZaUGL1PgevIY9huCaPmQ1rgRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:0e:10:b2:8b:fa:d0:68:89:7f:28:c4:60:3d:d1:0a:01:38:
         a7:db:ec:ee:04:57:5d:ae:1e:7c:dc:ae:c7:f3:69:c9:6b:d3:
         d7:d0:61:5c:a1:ad:43:d5:11:ce:78:91:9d:a8:78:b8:0a:a7:
         4f:48:c8:81:48:4b:70:08:94:0b:0f:60:05:bb:86:fa:20:68:
         de:cd:74:d3:9a:f9:fc:25:b3:6f:6a:f3:a2:80:4f:bb:68:11:
         c7:f5:41:81:98:a0:f0:d8:3d:e1:46:24:36:06:df:e8:54:da:
         e0:7c:9c:23:62:44:26:fd:64:90:07:e4:f7:2c:c9:51:1c:09:
         e1:e4:99:a6:81:96:d6:e3:5d:ab:c9:39:63:72:39:aa:0b:2a:
         1b:99:c4:2b:ee:59:9d:31:ce:c3:fa:4f:22:56:81:ac:51:e5:
         86:55:6b:9f:58:48:1e:9f:23:fa:84:e8:ae:cf:76:04:88:89:
         3d:f7:fe:4e:cf:e6:3a:cf:eb:e7:7f:51:4a:bb:0b:f8:e1:ce:
         e8:5a:d3:92:69:e9:b8:4d:6d:60:c0:0d:64:05:c9:a5:5d:59:
         20:d7:c1:70:38:ff:cc:38:0c:10:f1:0d:d9:7f:14:2c:18:c3:
         b4:82:ad:80:5f:46:82:44:d0:54:ed:e6:28:d3:ce:87:b4:73:
         0c:3a:3c:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8TeBTOlr8o8j2n6QbyL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmQ4NjY3Y2NlOTViZTBhZTk2MDU4YzQ1NTBkNzA4ODAz
NTMxMmYwHhcNMjYwMTAyMTgyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzc2NWE1MDYyZjUzZTA3YWYyMThmNjFiODI2OGY5OTBkNmI4MTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrK9wsIwjLEkr420OirNnjzovp+a
f7IN34xCmAS7c4w+JiX47p6tmLkPI4cakk+Bd9oJSJRQgS6y8a6ahe2A8sntilM4
XTGcfwhCe6BHk/VbAcBG1he9b7WcLVvD4gNF71hulrafox8zhpJBofSloTf+PeVi
xArXCYGEKosig9npBiNHi8EbnHjbUHViAhy2lb4YrgZA/NrCKD8ej+6ZKK59EiVO
QQIdZOfF15rxWrFf806bX0FbzCBCPBKzVwZoyRY7TDH9fZSS1A5iFcDPK+ePDzoQ
bGZgMF2H6OI+w9Mxj2m9qc/7y7Jns6L56BMIlk/VYpWuB5/AC2KCi55XcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMx2WlBi9T4HryGPYbgmj5kNa4EQMB8GA1UdIwQY
MBaAFFr9hmfM6VvgrpYFjEVQ1wiANTEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYt
MjQ5YWM3NzNjMjgyLzEvekhaYVVHTDFQZ2V2SVk5aHVDYVBtUTFyZ1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYtMjQ5YWM3NzNjMjgy
LzEvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/ZjMA0G
CSqGSIb3DQEBCwUAA4IBAQAsDhCyi/rQaIl/KMRgPdEKATin2+zuBFddrh583K7H
82nJa9PX0GFcoa1D1RHOeJGdqHi4CqdPSMiBSEtwCJQLD2AFu4b6IGjezXTTmvn8
JbNvavOigE+7aBHH9UGBmKDw2D3hRiQ2Bt/oVNrgfJwjYkQm/WSQB+T3LMlRHAnh
5JmmgZbW412ryTljcjmqCyobmcQr7lmdMc7D+k8iVoGsUeWGVWufWEgenyP6hOiu
z3YEiIk99/5Oz+Y6z+vnf1FKuwv44c7oWtOSaem4TW1gwA1kBcmlXVkg18FwOP/M
OAwQ8Q3ZfxQsGMO0gq2AX0aCRNBU7eYo086HtHMMOjwx
-----END CERTIFICATE-----