This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/zHv_4yLb29OZEPsryzQwrsubCmY.roa
File:                     zHv_4yLb29OZEPsryzQwrsubCmY.roa (raw, json)
Hash identifier:          bf6GHsA4iW8nNCo3qaxOx39ntbWsQ60VlVEmI5fRZwc=
Subject key identifier:   CC:7B:FF:E3:22:DB:DB:D3:99:10:FB:2B:CB:34:30:AE:CB:9B:0A:66
Certificate issuer:       /CN=6b7d1f1e877c12798274e01334554f899f38eac1
Certificate serial:       019B7834A92B6B9D55AD9A04CEC442301CEC
Authority key identifier: 6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/zHv_4yLb29OZEPsryzQwrsubCmY.roa
Signing time:             Thu 01 Jan 2026 06:17:55 +0000
ROA not before:           Thu 01 Jan 2026 06:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53856
IP address blocks:        194.145.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:a9:2b:6b:9d:55:ad:9a:04:ce:c4:42:30:1c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7d1f1e877c12798274e01334554f899f38eac1
        Validity
            Not Before: Jan  1 06:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc7bffe322dbdbd39910fb2bcb3430aecb9b0a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4d:46:23:05:15:c1:f7:03:6a:22:af:51:77:
                    99:67:b5:26:27:21:9b:b5:ab:70:eb:97:c2:38:71:
                    84:e3:94:d7:53:48:c9:8d:16:80:07:13:52:ae:83:
                    b1:b4:dd:02:6f:af:aa:40:ee:3b:9a:6f:e0:9a:4d:
                    d9:43:ab:bb:f1:c0:4c:b8:97:d2:6c:b9:a7:ca:2f:
                    6b:60:10:61:03:5f:c1:96:5a:19:56:bf:dd:8f:2a:
                    e3:97:6c:fa:3f:c4:5d:29:8e:4d:ea:92:1d:e2:ff:
                    29:f2:0e:6b:29:f0:ae:28:d4:ab:17:7e:d7:b6:56:
                    13:eb:de:ab:4a:af:b8:5c:12:db:f3:e7:c4:6c:cb:
                    50:46:83:c8:91:9f:27:b8:39:5c:92:e3:a3:15:b4:
                    50:23:c9:c5:2a:97:5c:11:a0:23:3c:f2:45:c3:f4:
                    35:08:26:4b:32:2f:16:44:b3:ed:2a:20:29:b2:85:
                    96:61:56:aa:ab:85:77:11:10:eb:fb:a2:86:97:42:
                    33:c6:c9:3d:a7:d5:c3:ec:24:6b:d2:21:81:48:77:
                    ba:a4:b6:f7:7a:7c:04:54:99:48:80:95:7c:1b:47:
                    b9:26:09:e1:30:21:7f:dd:a4:33:fe:f1:11:81:be:
                    40:2f:73:6b:ed:ce:04:0c:9d:ed:cf:bf:d4:dc:af:
                    26:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7B:FF:E3:22:DB:DB:D3:99:10:FB:2B:CB:34:30:AE:CB:9B:0A:66
            X509v3 Authority Key Identifier:
                keyid:6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/zHv_4yLb29OZEPsryzQwrsubCmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:74:4e:2b:fe:c1:58:4f:5e:fb:2b:47:f1:32:07:77:29:8f:
         54:46:c5:a6:d2:10:d9:0d:9d:37:74:b7:38:a1:f7:8e:b1:6f:
         8a:db:2f:01:cb:ca:77:69:ae:ba:6d:ef:97:ef:e5:14:dc:4a:
         b4:f5:81:59:20:55:4c:81:30:e9:c0:09:91:8f:3d:f3:6f:d3:
         0f:c5:7f:55:2e:2b:c2:1e:e6:dd:2c:d0:d2:bf:4b:8b:b9:8e:
         e9:1f:cb:28:70:c7:ef:78:0a:73:65:7c:a8:b5:72:79:86:9b:
         82:c8:76:88:16:c0:7a:f5:ab:87:1a:5b:b2:24:a4:77:b4:9e:
         d7:11:81:b4:3f:22:28:9c:03:05:f0:ac:1e:79:5b:6d:49:b9:
         2c:9e:b2:d9:b6:19:84:52:5e:b6:68:0d:d8:14:74:78:51:f2:
         dc:65:c0:a4:11:a6:31:a8:97:84:c7:b1:76:33:93:8d:52:11:
         d4:c0:68:89:69:b2:54:4a:52:e7:33:b2:42:eb:c6:cc:b9:2a:
         9a:06:46:62:1b:e3:2a:69:b1:e6:df:d7:a1:88:b6:b8:ba:65:
         5f:74:02:4f:0f:77:43:13:ce:14:2e:6f:e9:ab:90:be:f2:1f:
         dd:b2:a6:32:2d:48:67:cb:3c:4f:12:ec:8d:c9:53:4d:51:28:
         e8:76:87:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NKkra51VrZoEzsRCMBzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2QxZjFlODc3YzEyNzk4Mjc0ZTAxMzM0NTU0Zjg5OWYz
OGVhYzEwHhcNMjYwMTAxMDYxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzdiZmZlMzIyZGJkYmQzOTkxMGZiMmJjYjM0MzBhZWNiOWIwYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE1GIwUVwfcDaiKvUXeZZ7UmJyGb
tatw65fCOHGE45TXU0jJjRaABxNSroOxtN0Cb6+qQO47mm/gmk3ZQ6u78cBMuJfS
bLmnyi9rYBBhA1/BlloZVr/djyrjl2z6P8RdKY5N6pId4v8p8g5rKfCuKNSrF37X
tlYT696rSq+4XBLb8+fEbMtQRoPIkZ8nuDlckuOjFbRQI8nFKpdcEaAjPPJFw/Q1
CCZLMi8WRLPtKiApsoWWYVaqq4V3ERDr+6KGl0Izxsk9p9XD7CRr0iGBSHe6pLb3
enwEVJlIgJV8G0e5JgnhMCF/3aQz/vERgb5AL3Nr7c4EDJ3tz7/U3K8mFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMx7/+Mi29vTmRD7K8s0MK7LmwpmMB8GA1UdIwQY
MBaAFGt9Hx6HfBJ5gnTgEzRVT4mfOOrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUt
MmZhZDlhMmZjM2VmLzEvekh2XzR5TGIyOU9aRVBzcnl6UXdyc3ViQ21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUtMmZhZDlhMmZjM2Vm
LzEvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpF1MA0G
CSqGSIb3DQEBCwUAA4IBAQBBdE4r/sFYT177K0fxMgd3KY9URsWm0hDZDZ03dLc4
ofeOsW+K2y8By8p3aa66be+X7+UU3Eq09YFZIFVMgTDpwAmRjz3zb9MPxX9VLivC
HubdLNDSv0uLuY7pH8socMfveApzZXyotXJ5hpuCyHaIFsB69auHGluyJKR3tJ7X
EYG0PyIonAMF8KweeVttSbksnrLZthmEUl62aA3YFHR4UfLcZcCkEaYxqJeEx7F2
M5ONUhHUwGiJabJUSlLnM7JC68bMuSqaBkZiG+MqabHm39ehiLa4umVfdAJPD3dD
E84ULm/pq5C+8h/dsqYyLUhnyzxPEuyNyVNNUSjodofd
-----END CERTIFICATE-----