This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/ZN4yF-e-6U6siCtfTnv-FW1OUx0.roa
File:                     ZN4yF-e-6U6siCtfTnv-FW1OUx0.roa (raw, json)
Hash identifier:          I9BYHq4fiuWBb+LO42h3XEWS7qzon5TJhCXafUyINuk=
Subject key identifier:   64:DE:32:17:E7:BE:E9:4E:AC:88:2B:5F:4E:7B:FE:15:6D:4E:53:1D
Certificate issuer:       /CN=04a4ae7471c8f3621d53256d75f110b748997898
Certificate serial:       019B7F84A81E46C85729D35F2EBAC1638CF1
Authority key identifier: 04:A4:AE:74:71:C8:F3:62:1D:53:25:6D:75:F1:10:B7:48:99:78:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/ZN4yF-e-6U6siCtfTnv-FW1OUx0.roa
Signing time:             Fri 02 Jan 2026 16:22:38 +0000
ROA not before:           Fri 02 Jan 2026 16:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208721
IP address blocks:        45.14.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:a8:1e:46:c8:57:29:d3:5f:2e:ba:c1:63:8c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a4ae7471c8f3621d53256d75f110b748997898
        Validity
            Not Before: Jan  2 16:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64de3217e7bee94eac882b5f4e7bfe156d4e531d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c5:1d:01:25:fd:a9:62:6f:1f:4b:70:a1:95:
                    e1:cf:d7:e1:70:ad:c2:89:b2:d8:d4:01:d0:6c:0a:
                    c9:8d:c6:de:74:25:15:55:4e:20:b4:5d:fd:e6:b7:
                    9d:c3:54:f4:44:29:b0:8a:0e:f3:43:24:9e:cf:65:
                    6b:f0:4d:81:0b:a7:4f:27:12:25:2b:4a:d0:56:b1:
                    73:f8:1f:b0:f6:e8:80:ef:04:fd:10:bd:9b:84:ea:
                    73:6d:80:68:bb:7e:2a:38:3c:81:33:df:5c:11:2d:
                    40:f3:a0:ba:3c:41:91:8d:64:c5:45:4d:bc:d0:2c:
                    f8:17:16:56:7f:19:26:fe:04:17:7d:35:11:1e:36:
                    b5:6d:de:53:a9:be:58:3a:78:9a:97:4e:2b:f5:c2:
                    8b:13:2d:74:31:69:df:a1:30:32:9f:fe:59:db:8b:
                    06:1f:38:2e:38:62:d2:29:be:34:bd:27:92:c2:cc:
                    4e:9d:d2:bd:6d:e1:b1:36:72:01:a9:fd:e0:54:c3:
                    b3:97:b2:f6:d5:26:b1:b7:c3:01:d6:8d:00:3d:ae:
                    9c:b7:6a:93:af:1d:6f:9d:b0:ab:b7:1e:96:19:d6:
                    31:56:a8:22:86:a4:a6:86:5a:64:6b:75:ee:cb:9f:
                    02:2c:67:a3:fd:d4:d0:5a:4f:61:02:e7:44:8a:83:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DE:32:17:E7:BE:E9:4E:AC:88:2B:5F:4E:7B:FE:15:6D:4E:53:1D
            X509v3 Authority Key Identifier:
                keyid:04:A4:AE:74:71:C8:F3:62:1D:53:25:6D:75:F1:10:B7:48:99:78:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/ZN4yF-e-6U6siCtfTnv-FW1OUx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:34:32:45:88:3c:75:18:73:2f:7d:8f:aa:d5:60:1b:f3:56:
         fd:6a:79:99:a8:0b:3a:85:77:10:9f:c5:8c:14:0e:7e:3a:b5:
         cb:ae:ee:fb:f1:fb:94:52:9f:ac:d5:cb:de:35:d5:e2:9b:c2:
         50:46:85:be:a3:f7:d8:71:65:3f:05:e9:98:fe:fc:89:be:27:
         c2:13:20:35:7e:86:01:e1:2d:f0:94:5a:b5:34:8c:92:b7:3f:
         ee:c1:51:4f:5a:7a:61:4a:1e:33:2e:c7:5b:63:b8:e2:0f:0a:
         f2:81:6b:01:c6:1c:f4:b3:20:95:54:26:9c:ee:79:5f:0a:5a:
         81:df:7e:a2:1f:4a:1d:68:a5:2c:9a:52:79:2f:a5:2c:97:53:
         5f:a5:c9:4f:fc:f7:bd:99:28:94:6a:88:42:db:4a:99:ae:22:
         6d:0a:e9:24:3f:62:ee:60:bd:fa:5c:59:db:14:16:bc:45:e5:
         79:6e:91:ff:06:7f:23:9e:e8:27:e3:72:b6:7c:18:95:88:27:
         20:68:9c:4f:db:e0:74:3f:ca:df:07:34:6a:2b:df:f9:4f:5a:
         fd:7c:ca:66:2e:c8:bf:12:bb:45:c6:5f:a1:e9:a7:e4:51:8b:
         40:5c:c5:97:d3:5d:8f:ac:d1:fe:51:71:14:06:df:da:a2:05:
         3b:eb:bb:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hKgeRshXKdNfLrrBY4zxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTRhZTc0NzFjOGYzNjIxZDUzMjU2ZDc1ZjExMGI3NDg5
OTc4OTgwHhcNMjYwMTAyMTYyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRlMzIxN2U3YmVlOTRlYWM4ODJiNWY0ZTdiZmUxNTZkNGU1MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8UdASX9qWJvH0twoZXhz9fhcK3C
ibLY1AHQbArJjcbedCUVVU4gtF395redw1T0RCmwig7zQySez2Vr8E2BC6dPJxIl
K0rQVrFz+B+w9uiA7wT9EL2bhOpzbYBou34qODyBM99cES1A86C6PEGRjWTFRU28
0Cz4FxZWfxkm/gQXfTURHja1bd5Tqb5YOnial04r9cKLEy10MWnfoTAyn/5Z24sG
HzguOGLSKb40vSeSwsxOndK9beGxNnIBqf3gVMOzl7L21Saxt8MB1o0APa6ct2qT
rx1vnbCrtx6WGdYxVqgihqSmhlpka3Xuy58CLGej/dTQWk9hAudEioOjlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTeMhfnvulOrIgrX057/hVtTlMdMB8GA1UdIwQY
MBaAFASkrnRxyPNiHVMlbXXxELdImXiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktTdWRISEk4MklkVXlWdGRmRVF0MGlaZUpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mM2JhNWUtODk4Yy00ZmU5LWJkODgt
M2MzNjczZDQ0OTA1LzEvWk40eUYtZS02VTZzaUN0ZlRudi1GVzFPVXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mM2JhNWUtODk4Yy00ZmU5LWJkODgtM2MzNjczZDQ0OTA1
LzEvQktTdWRISEk4MklkVXlWdGRmRVF0MGlaZUpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ50MA0G
CSqGSIb3DQEBCwUAA4IBAQCTNDJFiDx1GHMvfY+q1WAb81b9anmZqAs6hXcQn8WM
FA5+OrXLru778fuUUp+s1cveNdXim8JQRoW+o/fYcWU/BemY/vyJvifCEyA1foYB
4S3wlFq1NIyStz/uwVFPWnphSh4zLsdbY7jiDwrygWsBxhz0syCVVCac7nlfClqB
336iH0odaKUsmlJ5L6Usl1NfpclP/Pe9mSiUaohC20qZriJtCukkP2LuYL36XFnb
FBa8ReV5bpH/Bn8jnugn43K2fBiViCcgaJxP2+B0P8rfBzRqK9/5T1r9fMpmLsi/
ErtFxl+h6afkUYtAXMWX012PrNH+UXEUBt/aogU767u3
-----END CERTIFICATE-----