This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/z5F-NpHTklKVWAn6D5A0JTxkXS0.roa
File:                     z5F-NpHTklKVWAn6D5A0JTxkXS0.roa (raw, json)
Hash identifier:          sWSxz0HZQ0kSW1+UlQBYZDH3NEvjZZ8BJExjY5FUj2k=
Subject key identifier:   CF:91:7E:36:91:D3:92:52:95:58:09:FA:0F:90:34:25:3C:64:5D:2D
Certificate issuer:       /CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
Certificate serial:       019B7CED75B90AAFAA3D8E7A533A0F6A3838
Authority key identifier: 2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/z5F-NpHTklKVWAn6D5A0JTxkXS0.roa
Signing time:             Fri 02 Jan 2026 04:18:15 +0000
ROA not before:           Fri 02 Jan 2026 04:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        194.174.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 22:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:75:b9:0a:af:aa:3d:8e:7a:53:3a:0f:6a:38:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
        Validity
            Not Before: Jan  2 04:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf917e3691d39252955809fa0f9034253c645d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:90:78:d8:f4:86:05:e7:ef:cc:e8:45:2b:58:
                    db:95:32:52:0b:57:7d:6b:fa:e1:27:65:19:d7:79:
                    82:8b:cd:5a:d4:43:36:41:10:7c:ab:c6:62:19:b4:
                    b0:71:c8:74:c4:d8:70:6c:a4:0b:a6:3d:58:da:cf:
                    98:69:17:83:40:d7:b2:6e:02:d3:85:46:16:d9:91:
                    a6:4d:4d:a3:2a:eb:d0:37:17:c9:5b:a4:9e:ed:56:
                    eb:51:29:be:e5:d1:df:70:9a:02:04:6a:6a:f1:77:
                    c6:7f:ca:59:ed:9f:db:be:a3:2c:d9:7d:06:86:7a:
                    79:fd:9e:85:6e:74:c6:9a:50:7f:6d:9e:ac:f0:a6:
                    3a:a6:54:9b:5a:3a:22:a8:f1:78:2a:aa:76:b6:bf:
                    63:10:4a:45:76:a2:1c:78:4b:14:fd:4d:20:8d:9b:
                    05:1b:6f:43:b3:e0:b4:0f:2d:22:c8:51:80:10:3c:
                    a5:80:ed:75:f4:12:34:fe:40:65:6f:50:5b:d6:63:
                    6f:77:86:a9:f3:2f:35:ab:6b:79:52:43:72:e6:14:
                    72:34:76:47:6a:81:46:63:b5:cd:42:00:53:41:ce:
                    37:05:e7:fc:79:08:d1:53:a5:0c:a6:ed:0d:f3:48:
                    91:a3:bf:b4:de:30:ec:d1:9b:7c:40:ba:aa:8f:3f:
                    df:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:91:7E:36:91:D3:92:52:95:58:09:FA:0F:90:34:25:3C:64:5D:2D
            X509v3 Authority Key Identifier:
                keyid:2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/z5F-NpHTklKVWAn6D5A0JTxkXS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.174.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:9d:62:07:36:c2:06:04:46:38:15:3a:7a:d7:06:44:b2:c5:
         f6:0b:cf:9e:61:4e:fd:54:8f:d3:28:3c:f6:28:ac:cb:09:9f:
         f3:24:d2:cb:b0:76:46:f9:ae:fd:1d:ec:05:77:4f:cb:42:a8:
         cf:b7:58:95:61:7f:d3:d5:5b:21:f4:d6:56:c0:4c:4c:46:cb:
         a5:30:e6:5f:d4:b8:14:83:93:8a:d5:ba:35:c0:2b:91:78:b5:
         42:3b:81:f9:32:66:40:03:bd:f8:76:7b:0e:42:9d:e2:4b:f2:
         cf:c1:bc:f5:0d:d2:7f:80:77:8f:97:dd:2b:97:87:39:51:9c:
         59:93:98:40:3c:9d:d7:05:27:32:7a:55:6b:8f:e5:44:f2:a2:
         ee:8f:1a:f3:2f:20:f1:75:c4:24:b0:8a:1a:3b:39:84:99:8e:
         aa:51:10:ae:51:97:8c:b6:80:87:03:a8:d1:54:1e:ec:9c:94:
         e2:62:c7:25:67:27:bb:33:58:74:89:61:b8:fc:d2:01:d6:e3:
         94:ba:17:d8:10:c3:2d:a6:72:2b:1f:d0:b2:b7:f9:df:b1:bb:
         70:98:e2:63:d6:ba:04:ed:bc:bf:c0:a5:54:f9:34:ad:d8:8e:
         0d:40:fd:d1:a9:62:ce:a2:f4:a7:24:43:a7:03:6c:8e:3b:b8:
         36:b3:a4:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87XW5Cq+qPY56UzoPajg4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNThiNmJlOWM2YzAzM2IzYjEyNmYyNzdkMDJiYzA1NDQ5
OWZjZmIwHhcNMjYwMTAyMDQxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjkxN2UzNjkxZDM5MjUyOTU1ODA5ZmEwZjkwMzQyNTNjNjQ1ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5B42PSGBefvzOhFK1jblTJSC1d9
a/rhJ2UZ13mCi81a1EM2QRB8q8ZiGbSwcch0xNhwbKQLpj1Y2s+YaReDQNeybgLT
hUYW2ZGmTU2jKuvQNxfJW6Se7VbrUSm+5dHfcJoCBGpq8XfGf8pZ7Z/bvqMs2X0G
hnp5/Z6FbnTGmlB/bZ6s8KY6plSbWjoiqPF4Kqp2tr9jEEpFdqIceEsU/U0gjZsF
G29Ds+C0Dy0iyFGAEDylgO119BI0/kBlb1Bb1mNvd4ap8y81q2t5UkNy5hRyNHZH
aoFGY7XNQgBTQc43Bef8eQjRU6UMpu0N80iRo7+03jDs0Zt8QLqqjz/f4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+RfjaR05JSlVgJ+g+QNCU8ZF0tMB8GA1UdIwQY
MBaAFC1Ytr6cbAM7OxJvJ30CvAVEmfz7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2Mt
Y2I4NmRiMzUwOTMxLzEvejVGLU5wSFRrbEtWV0FuNkQ1QTBKVHhrWFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2MtY2I4NmRiMzUwOTMx
LzEvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwq4LMA0G
CSqGSIb3DQEBCwUAA4IBAQDAnWIHNsIGBEY4FTp61wZEssX2C8+eYU79VI/TKDz2
KKzLCZ/zJNLLsHZG+a79HewFd0/LQqjPt1iVYX/T1Vsh9NZWwExMRsulMOZf1LgU
g5OK1bo1wCuReLVCO4H5MmZAA734dnsOQp3iS/LPwbz1DdJ/gHePl90rl4c5UZxZ
k5hAPJ3XBScyelVrj+VE8qLujxrzLyDxdcQksIoaOzmEmY6qURCuUZeMtoCHA6jR
VB7snJTiYsclZye7M1h0iWG4/NIB1uOUuhfYEMMtpnIrH9Cyt/nfsbtwmOJj1roE
7by/wKVU+TSt2I4NQP3RqWLOovSnJEOnA2yOO7g2s6RA
-----END CERTIFICATE-----