This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/zkEDbiGN36tLEUPTADK7tT6KZy4.roa
File:                     zkEDbiGN36tLEUPTADK7tT6KZy4.roa (raw, json)
Hash identifier:          heFMDQ/ngRlQqjUHbU5e/JEcSh3lbS47ak2zBoYzTAk=
Subject key identifier:   CE:41:03:6E:21:8D:DF:AB:4B:11:43:D3:00:32:BB:B5:3E:8A:67:2E
Certificate issuer:       /CN=29085fc534c13e0882e260a895f3cf0c5543ef08
Certificate serial:       019B7C80C3753D3E4FA98B5739398FD6638A
Authority key identifier: 29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/zkEDbiGN36tLEUPTADK7tT6KZy4.roa
Signing time:             Fri 02 Jan 2026 02:19:31 +0000
ROA not before:           Fri 02 Jan 2026 02:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.187.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:c3:75:3d:3e:4f:a9:8b:57:39:39:8f:d6:63:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29085fc534c13e0882e260a895f3cf0c5543ef08
        Validity
            Not Before: Jan  2 02:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce41036e218ddfab4b1143d30032bbb53e8a672e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e8:81:07:fa:ef:57:84:58:76:6a:a1:d6:13:
                    5d:c8:d9:2f:4d:61:25:1a:c7:20:aa:6b:ef:3f:91:
                    ef:e3:11:3e:cc:34:c1:7c:f0:f8:f5:55:6c:82:e9:
                    e4:f7:ab:63:c6:1b:3a:1c:99:e6:ff:c3:fe:40:1e:
                    42:01:d2:63:99:20:51:c2:84:76:b9:70:55:d6:3e:
                    d6:71:40:fd:40:35:07:20:06:92:6e:8a:9b:9f:ba:
                    c7:45:57:f5:ed:71:f3:c0:4b:b6:ef:7a:b0:b4:de:
                    7f:bf:37:00:1c:4f:eb:76:b0:70:26:56:03:01:5b:
                    c2:2f:80:8f:4e:d4:42:07:56:40:c8:35:7b:fb:f1:
                    ea:69:3e:db:39:3a:dc:76:ba:ab:92:de:5b:fd:a2:
                    e1:0b:a7:59:e4:3a:63:68:14:5d:2d:06:c2:29:08:
                    86:b7:12:6e:24:9f:7e:f0:1a:5d:b8:ff:4f:c9:41:
                    91:24:63:9f:cd:ee:3f:bb:0c:38:51:8f:6d:7c:c8:
                    aa:4a:6c:9c:2d:cc:76:a8:87:05:f7:97:fa:ea:08:
                    47:6d:fe:05:b6:b0:17:a4:d0:e9:03:0d:d7:72:fd:
                    b9:c6:ac:5b:d2:42:8c:88:e0:0f:8d:8b:9e:f5:a6:
                    6b:54:20:a2:94:39:ab:d9:ec:27:e9:0f:c6:7b:14:
                    02:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:41:03:6E:21:8D:DF:AB:4B:11:43:D3:00:32:BB:B5:3E:8A:67:2E
            X509v3 Authority Key Identifier:
                keyid:29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/zkEDbiGN36tLEUPTADK7tT6KZy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:3a:1c:90:55:0d:af:f3:f6:15:cc:4d:6e:c2:91:5c:a1:54:
         36:2c:65:43:a4:7f:ef:b9:76:36:71:e5:41:cb:59:a1:a6:ba:
         ee:08:9f:bd:2f:cc:84:65:5c:48:25:41:fd:35:16:4e:2f:e8:
         fb:67:2f:fe:9f:6f:6e:c8:bb:85:1a:e6:30:ae:f5:ae:44:f1:
         e2:4b:2b:bb:d6:12:66:72:77:48:58:3c:e3:dd:1a:7a:f7:ff:
         39:89:af:46:44:ea:55:12:00:be:8a:9a:33:84:81:2f:71:24:
         36:c6:c7:60:15:d8:3a:a0:50:8f:71:1a:76:a6:96:bc:d6:bc:
         6f:8b:d7:16:e8:0a:52:1a:e6:3f:08:b1:dc:d4:80:83:20:8f:
         2c:64:47:52:d7:25:7f:87:c9:41:c9:09:1b:ff:27:dc:03:35:
         b7:f5:79:41:67:fd:51:ea:51:1d:2a:ff:bd:36:f2:7b:a7:6c:
         fa:d9:54:fa:45:82:23:ad:c8:bd:e4:a7:ba:da:ae:42:d9:1e:
         41:86:a4:6a:be:0a:b6:11:3b:37:42:2b:45:b8:ad:14:e9:b5:
         0a:9f:36:c6:25:b5:d6:4a:6f:1a:f5:a9:9f:36:1d:e8:86:df:
         26:92:2a:f7:05:64:04:85:e6:d3:23:66:6a:e7:7b:38:1c:b2:
         11:0d:9f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gMN1PT5PqYtXOTmP1mOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDg1ZmM1MzRjMTNlMDg4MmUyNjBhODk1ZjNjZjBjNTU0
M2VmMDgwHhcNMjYwMTAyMDIxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQxMDM2ZTIxOGRkZmFiNGIxMTQzZDMwMDMyYmJiNTNlOGE2NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuiBB/rvV4RYdmqh1hNdyNkvTWEl
GscgqmvvP5Hv4xE+zDTBfPD49VVsgunk96tjxhs6HJnm/8P+QB5CAdJjmSBRwoR2
uXBV1j7WcUD9QDUHIAaSboqbn7rHRVf17XHzwEu273qwtN5/vzcAHE/rdrBwJlYD
AVvCL4CPTtRCB1ZAyDV7+/HqaT7bOTrcdrqrkt5b/aLhC6dZ5DpjaBRdLQbCKQiG
txJuJJ9+8BpduP9PyUGRJGOfze4/uww4UY9tfMiqSmycLcx2qIcF95f66ghHbf4F
trAXpNDpAw3Xcv25xqxb0kKMiOAPjYue9aZrVCCilDmr2ewn6Q/GexQCAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5BA24hjd+rSxFD0wAyu7U+imcuMB8GA1UdIwQY
MBaAFCkIX8U0wT4IguJgqJXzzwxVQ+8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWIt
YzMyOTcxMjllNGQzLzEvemtFRGJpR04zNnRMRVVQVEFESzd0VDZLWnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWItYzMyOTcxMjllNGQz
LzEvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubs8MA0G
CSqGSIb3DQEBCwUAA4IBAQCtOhyQVQ2v8/YVzE1uwpFcoVQ2LGVDpH/vuXY2ceVB
y1mhprruCJ+9L8yEZVxIJUH9NRZOL+j7Zy/+n29uyLuFGuYwrvWuRPHiSyu71hJm
cndIWDzj3Rp69/85ia9GROpVEgC+ipozhIEvcSQ2xsdgFdg6oFCPcRp2ppa81rxv
i9cW6ApSGuY/CLHc1ICDII8sZEdS1yV/h8lByQkb/yfcAzW39XlBZ/1R6lEdKv+9
NvJ7p2z62VT6RYIjrci95Ke62q5C2R5BhqRqvgq2ETs3QitFuK0U6bUKnzbGJbXW
Sm8a9amfNh3oht8mkir3BWQEhebTI2Zq53s4HLIRDZ8C
-----END CERTIFICATE-----