This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Zhzqk3LskN0Kf4nbJWeJDLKhJKw.roa
File:                     Zhzqk3LskN0Kf4nbJWeJDLKhJKw.roa (raw, json)
Hash identifier:          gcquEydkwevN+N6ZW4LR5oPkoEGEaxJOj/EbFdxI6h0=
Subject key identifier:   66:1C:EA:93:72:EC:90:DD:0A:7F:89:DB:25:67:89:0C:B2:A1:24:AC
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C80B0F059EDABC04B7C1F4237E7F973
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Zhzqk3LskN0Kf4nbJWeJDLKhJKw.roa
Signing time:             Fri 02 Jan 2026 02:19:27 +0000
ROA not before:           Fri 02 Jan 2026 02:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        88.216.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:b0:f0:59:ed:ab:c0:4b:7c:1f:42:37:e7:f9:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=661cea9372ec90dd0a7f89db2567890cb2a124ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bf:c5:f8:d8:63:b8:b4:cf:db:ba:ed:50:08:
                    2e:ea:61:9e:17:98:2f:a6:43:55:9e:a8:82:e4:65:
                    44:cb:60:62:3f:71:49:f7:e8:2c:49:dd:66:87:28:
                    bf:ba:63:5d:f2:61:c0:ee:21:88:46:8e:98:36:5b:
                    c7:6e:e8:ff:d4:11:de:c1:bf:cd:55:55:dc:7f:2b:
                    d4:23:f2:9a:2b:a4:4e:0a:73:f3:30:c5:86:0f:14:
                    50:85:40:0c:10:49:43:72:5b:9a:80:d3:33:04:de:
                    be:1b:99:d9:d5:f4:14:a0:62:5d:6f:65:ed:a9:59:
                    54:2b:f5:b2:a5:ef:b0:be:67:f7:e4:24:e3:2c:8f:
                    da:30:35:3c:6a:2c:d5:79:bc:f0:ef:7f:84:7f:7a:
                    aa:62:65:b0:be:ef:62:18:47:85:dd:44:03:50:6f:
                    15:7d:dc:cd:51:40:5c:54:11:f0:94:93:28:db:a5:
                    83:79:f1:5a:5f:90:ed:f7:2e:e8:29:7d:d2:bb:9e:
                    6d:0a:c8:df:a7:85:63:2a:1c:a7:1b:30:83:7c:f7:
                    65:82:fa:7f:c4:ad:02:08:f3:2d:83:64:6c:ed:50:
                    cc:66:26:34:4d:7d:61:01:ee:c5:08:24:a5:a0:29:
                    73:28:eb:72:19:ae:85:89:3e:01:e6:40:c8:ca:f4:
                    c3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1C:EA:93:72:EC:90:DD:0A:7F:89:DB:25:67:89:0C:B2:A1:24:AC
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Zhzqk3LskN0Kf4nbJWeJDLKhJKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:92:9e:6d:53:5c:a7:3e:83:05:6f:dd:dc:5f:40:8b:36:c0:
         f8:ab:7b:3e:3c:01:bb:e3:c9:11:94:df:a3:90:38:4f:60:c5:
         77:b2:83:43:95:84:32:12:83:c0:d9:d6:b8:4c:17:91:3e:21:
         a4:1f:e9:2c:1f:d0:9c:67:57:d9:cf:ba:b2:70:47:2c:fc:92:
         b3:33:71:1e:9d:c7:96:78:8d:c1:0f:d0:3c:87:c9:8c:67:43:
         8b:d2:12:14:10:2c:45:d2:9b:75:be:46:33:db:fa:5d:70:1f:
         17:85:b8:e0:f8:76:6a:ba:ab:f1:70:19:83:e2:6e:25:39:b5:
         12:c8:3e:b3:5d:84:e2:1b:c0:ec:23:8a:9f:2a:e7:60:36:a6:
         07:ad:2e:ac:70:2d:63:69:33:c9:21:0a:e0:21:1b:49:cf:49:
         31:89:11:22:56:73:7e:f0:45:13:f6:b7:c4:79:63:a9:e2:22:
         a4:a9:6d:cf:16:95:e1:5b:70:f4:03:7c:1e:bb:dd:f0:f5:bd:
         83:a6:62:68:ed:b2:e2:5b:c9:23:9e:5c:da:42:a3:de:9a:24:
         46:3a:23:28:80:bb:c3:e8:92:ad:cd:cc:ad:cc:63:3c:a9:93:
         c3:a5:e8:9a:8e:37:cd:63:16:52:7a:a6:67:80:65:54:30:3c:
         e2:d2:5b:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gLDwWe2rwEt8H0I35/lzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFjZWE5MzcyZWM5MGRkMGE3Zjg5ZGIyNTY3ODkwY2IyYTEyNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL/F+NhjuLTP27rtUAgu6mGeF5gv
pkNVnqiC5GVEy2BiP3FJ9+gsSd1mhyi/umNd8mHA7iGIRo6YNlvHbuj/1BHewb/N
VVXcfyvUI/KaK6ROCnPzMMWGDxRQhUAMEElDcluagNMzBN6+G5nZ1fQUoGJdb2Xt
qVlUK/Wype+wvmf35CTjLI/aMDU8aizVebzw73+Ef3qqYmWwvu9iGEeF3UQDUG8V
fdzNUUBcVBHwlJMo26WDefFaX5Dt9y7oKX3Su55tCsjfp4VjKhynGzCDfPdlgvp/
xK0CCPMtg2Rs7VDMZiY0TX1hAe7FCCSloClzKOtyGa6FiT4B5kDIyvTDyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYc6pNy7JDdCn+J2yVniQyyoSSsMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWmh6cWszTHNrTjBLZjRuYkpXZUpETEtoSkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNhCMA0G
CSqGSIb3DQEBCwUAA4IBAQAKkp5tU1ynPoMFb93cX0CLNsD4q3s+PAG748kRlN+j
kDhPYMV3soNDlYQyEoPA2da4TBeRPiGkH+ksH9CcZ1fZz7qycEcs/JKzM3EenceW
eI3BD9A8h8mMZ0OL0hIUECxF0pt1vkYz2/pdcB8Xhbjg+HZquqvxcBmD4m4lObUS
yD6zXYTiG8DsI4qfKudgNqYHrS6scC1jaTPJIQrgIRtJz0kxiREiVnN+8EUT9rfE
eWOp4iKkqW3PFpXhW3D0A3weu93w9b2DpmJo7bLiW8kjnlzaQqPemiRGOiMogLvD
6JKtzcytzGM8qZPDpeiajjfNYxZSeqZngGVUMDzi0lsT
-----END CERTIFICATE-----