This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/rz3WoPqGui6kz8uexMDSkDV-nM4.roa
File:                     rz3WoPqGui6kz8uexMDSkDV-nM4.roa (raw, json)
Hash identifier:          KxkWcXhCgpvZEzmrBaZNOG4SOGTTNmcegmhijqx+bwg=
Subject key identifier:   AF:3D:D6:A0:FA:86:BA:2E:A4:CF:CB:9E:C4:C0:D2:90:35:7E:9C:CE
Certificate issuer:       /CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
Certificate serial:       019B797E01745856F2E56A70553410E91FDB
Authority key identifier: 59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/rz3WoPqGui6kz8uexMDSkDV-nM4.roa
Signing time:             Thu 01 Jan 2026 12:17:39 +0000
ROA not before:           Thu 01 Jan 2026 12:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        89.207.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:01:74:58:56:f2:e5:6a:70:55:34:10:e9:1f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
        Validity
            Not Before: Jan  1 12:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af3dd6a0fa86ba2ea4cfcb9ec4c0d290357e9cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:76:0d:f1:81:cb:18:8a:18:ff:40:38:8c:8b:
                    12:ff:c4:ab:f9:16:d5:92:52:cd:d1:c9:40:86:3d:
                    df:f4:ca:3d:87:36:8b:df:50:d2:a8:00:e8:2d:d1:
                    c0:1b:9b:2b:9d:ec:2f:14:06:35:0a:54:e9:5e:ba:
                    69:b9:0e:bf:55:1f:37:a0:77:37:d8:ee:db:21:3d:
                    28:18:ae:63:1e:aa:c4:da:46:9a:36:4d:dc:f5:06:
                    17:7f:a8:30:e0:3a:2e:15:7e:38:e9:2b:d9:0a:7c:
                    70:bb:8c:a2:db:74:9f:23:88:4d:14:87:7b:a1:46:
                    fe:8f:ab:20:ce:65:e3:b0:bb:4b:7b:99:6f:23:4c:
                    dc:45:7e:4e:43:f2:6d:67:dd:89:cd:ba:78:95:aa:
                    9c:9b:ab:5d:52:b9:ea:73:f6:76:4f:42:15:19:b8:
                    de:d4:2d:75:a7:bc:c8:13:70:31:3b:53:4f:ac:9f:
                    ee:a2:c9:12:a9:75:05:20:58:f0:30:e8:30:0b:78:
                    7c:df:1b:80:c4:18:fc:f4:ed:d5:9a:84:16:62:d9:
                    9b:f7:cf:e2:d3:97:0e:8e:1c:d6:1a:80:a1:cf:2d:
                    80:81:62:f4:99:93:72:eb:0e:ad:f9:21:25:23:4d:
                    19:8f:bf:9c:51:bb:82:b5:af:1c:db:a6:b7:c1:fa:
                    d8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3D:D6:A0:FA:86:BA:2E:A4:CF:CB:9E:C4:C0:D2:90:35:7E:9C:CE
            X509v3 Authority Key Identifier:
                keyid:59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/rz3WoPqGui6kz8uexMDSkDV-nM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:2e:81:8c:28:3c:3a:6e:3b:33:e4:8d:a6:7e:ba:cd:44:05:
         31:22:a9:c1:69:95:a4:3d:d9:4f:1f:b3:42:5e:c2:ea:37:d0:
         d1:cc:31:53:6e:48:10:4a:a4:6e:53:7f:91:15:06:1d:ee:16:
         8f:8f:00:38:06:aa:78:71:59:9d:63:9b:7e:a9:3b:ba:c1:27:
         06:1d:23:78:0e:ba:24:e7:54:51:e3:f5:c2:c7:a3:d9:7b:ec:
         25:69:5a:0b:6a:6e:5b:b0:a1:04:12:b5:84:3c:a1:32:c3:54:
         74:51:dd:50:16:e7:04:03:b6:a1:09:06:d7:c5:d2:8f:29:20:
         28:db:15:e5:60:78:94:a4:72:e9:9c:f4:bd:95:ba:63:50:93:
         a6:6a:aa:64:cf:d5:7a:d6:b9:b9:d5:72:ac:f3:fe:d6:d0:b8:
         33:77:47:ba:0f:a3:cb:1e:49:ed:16:30:35:4e:df:a4:b9:a4:
         76:33:cd:c5:bd:4a:79:8d:32:97:30:5e:80:d2:26:c5:97:3a:
         83:cf:31:5e:b3:2d:5a:04:f2:92:c7:0c:2d:93:74:09:1a:17:
         de:80:1e:e4:7e:fb:41:2e:b4:6b:3a:f6:1a:93:b4:b1:3c:05:
         54:ff:5f:87:f0:0b:9b:ee:39:cd:18:61:95:f5:e7:70:ed:c9:
         21:f9:72:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgF0WFby5WpwVTQQ6R/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YzNjYzk5ODk5MzczYzg1OTc0ZjAxYzljZDdhYTA1N2Fi
OTdmYWIwHhcNMjYwMTAxMTIxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNkZDZhMGZhODZiYTJlYTRjZmNiOWVjNGMwZDI5MDM1N2U5Y2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3YN8YHLGIoY/0A4jIsS/8Sr+RbV
klLN0clAhj3f9Mo9hzaL31DSqADoLdHAG5srnewvFAY1ClTpXrppuQ6/VR83oHc3
2O7bIT0oGK5jHqrE2kaaNk3c9QYXf6gw4DouFX446SvZCnxwu4yi23SfI4hNFId7
oUb+j6sgzmXjsLtLe5lvI0zcRX5OQ/JtZ92Jzbp4laqcm6tdUrnqc/Z2T0IVGbje
1C11p7zIE3AxO1NPrJ/uoskSqXUFIFjwMOgwC3h83xuAxBj89O3VmoQWYtmb98/i
05cOjhzWGoChzy2AgWL0mZNy6w6t+SElI00Zj7+cUbuCta8c26a3wfrYBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK891qD6hroupM/LnsTA0pA1fpzOMB8GA1UdIwQY
MBaAFFnDzJmJk3PIWXTwHJzXqgV6uX+rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMt
MWE1ZWI1MDg4NWFlLzEvcnozV29QcUd1aTZrejh1ZXhNRFNrRFYtbk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMtMWE1ZWI1MDg4NWFl
LzEvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWc8oMA0G
CSqGSIb3DQEBCwUAA4IBAQB3LoGMKDw6bjsz5I2mfrrNRAUxIqnBaZWkPdlPH7NC
XsLqN9DRzDFTbkgQSqRuU3+RFQYd7haPjwA4Bqp4cVmdY5t+qTu6wScGHSN4Drok
51RR4/XCx6PZe+wlaVoLam5bsKEEErWEPKEyw1R0Ud1QFucEA7ahCQbXxdKPKSAo
2xXlYHiUpHLpnPS9lbpjUJOmaqpkz9V61rm51XKs8/7W0Lgzd0e6D6PLHkntFjA1
Tt+kuaR2M83FvUp5jTKXMF6A0ibFlzqDzzFesy1aBPKSxwwtk3QJGhfegB7kfvtB
LrRrOvYak7SxPAVU/1+H8Aub7jnNGGGV9edw7ckh+XKJ
-----END CERTIFICATE-----