This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/ZSUWbthBvo_6Zw6kb1ckbu5J7oc.roa
File:                     ZSUWbthBvo_6Zw6kb1ckbu5J7oc.roa (raw, json)
Hash identifier:          ZaGSqNYJnPVTZ9+srIwf9B+6TSy2n8Z/jE8FtxeWX2g=
Subject key identifier:   65:25:16:6E:D8:41:BE:8F:FA:67:0E:A4:6F:57:24:6E:EE:49:EE:87
Certificate issuer:       /CN=407bc1dc2e11d491b9b85e08d01c222f9776c3cc
Certificate serial:       019B7C12E437C718088BABB136476641A462
Authority key identifier: 40:7B:C1:DC:2E:11:D4:91:B9:B8:5E:08:D0:1C:22:2F:97:76:C3:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/ZSUWbthBvo_6Zw6kb1ckbu5J7oc.roa
Signing time:             Fri 02 Jan 2026 00:19:31 +0000
ROA not before:           Fri 02 Jan 2026 00:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        91.198.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:e4:37:c7:18:08:8b:ab:b1:36:47:66:41:a4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407bc1dc2e11d491b9b85e08d01c222f9776c3cc
        Validity
            Not Before: Jan  2 00:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6525166ed841be8ffa670ea46f57246eee49ee87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9c:1d:95:c1:c1:d0:e8:03:77:37:c7:90:2f:
                    48:f5:e0:1a:65:88:f8:85:86:ee:8e:7b:e7:15:d1:
                    e3:09:b9:fa:48:dd:6d:fb:2e:fa:aa:86:64:25:34:
                    fd:f6:e7:3d:24:90:13:11:ec:19:ab:56:cd:50:f4:
                    8d:64:fe:25:81:5a:30:e1:37:89:ef:f2:4d:8b:1b:
                    ed:b2:d5:97:8e:ff:22:a5:3f:31:bd:30:63:69:d5:
                    27:5d:54:4a:4e:1a:67:5b:d9:41:f1:d2:42:fd:e1:
                    15:1b:52:ae:dd:92:12:f6:b8:73:02:a7:51:96:8d:
                    50:6e:d6:23:2e:c5:1e:f2:53:85:3f:3e:44:60:d3:
                    30:a9:1d:89:fa:a6:6e:e8:f1:27:65:f2:69:c2:6e:
                    71:bd:c0:94:ef:04:41:de:13:2d:8b:48:a1:7d:6d:
                    a3:68:2c:e2:3d:76:1d:fe:20:b5:96:a7:97:5b:7c:
                    52:41:9c:ca:94:14:32:cc:98:bf:5a:93:51:f0:30:
                    6f:98:b8:fc:c3:38:e7:2f:fc:cf:ee:4f:34:8f:f0:
                    ce:76:21:72:98:76:01:6a:dd:03:0d:97:c2:80:31:
                    a4:5c:90:d4:87:c9:0a:b3:95:cc:c8:fc:11:b0:b5:
                    e6:ff:d1:35:e6:5c:a9:2f:b0:6f:f3:49:8f:7a:c6:
                    4f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:25:16:6E:D8:41:BE:8F:FA:67:0E:A4:6F:57:24:6E:EE:49:EE:87
            X509v3 Authority Key Identifier:
                keyid:40:7B:C1:DC:2E:11:D4:91:B9:B8:5E:08:D0:1C:22:2F:97:76:C3:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHvB3C4R1JG5uF4I0BwiL5d2w8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/ZSUWbthBvo_6Zw6kb1ckbu5J7oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f10bc7-7c9e-4d98-8d7b-7af0a15f40b5/1/QHvB3C4R1JG5uF4I0BwiL5d2w8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:a0:53:0c:03:c5:98:da:43:f8:01:6b:a2:51:52:54:b0:65:
         88:8f:44:d3:48:36:3d:47:b6:70:ce:1e:39:97:86:9d:fd:82:
         9b:20:72:49:e0:43:48:34:a9:7c:75:5c:7f:dd:12:cc:f0:d5:
         2e:ce:d7:43:23:87:ee:2c:4a:f9:74:ae:11:64:a6:11:fb:32:
         de:b8:c0:71:cd:19:fc:22:1c:de:f7:a4:7f:98:57:17:5b:fa:
         1e:fd:10:2b:32:be:5d:0b:bb:22:0f:36:93:84:b4:1e:56:1a:
         38:51:dc:53:60:06:2a:b5:e8:5a:2f:6f:bc:26:35:ae:5c:f1:
         81:52:a7:1d:45:02:56:24:69:2e:6b:a7:77:a8:de:c1:b1:1a:
         4d:5c:16:27:e0:5f:2f:a8:40:07:ac:e1:2f:62:9e:30:9e:93:
         18:4b:8e:0d:98:ce:d8:ec:b9:65:e7:60:51:b7:ed:a3:c5:9e:
         f6:54:c2:bd:6b:9c:9e:ed:2a:7f:56:20:47:dc:e0:7b:1c:e7:
         09:04:d7:1e:f3:b7:b0:2b:2a:14:62:55:f7:09:f2:98:cb:ab:
         02:f8:13:c4:26:e4:7e:13:e5:24:ea:d4:83:b8:45:f6:46:f5:
         65:d2:88:4f:10:a0:35:c2:38:a6:9f:cc:d4:23:7f:c5:f9:be:
         93:ad:6b:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EuQ3xxgIi6uxNkdmQaRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2JjMWRjMmUxMWQ0OTFiOWI4NWUwOGQwMWMyMjJmOTc3
NmMzY2MwHhcNMjYwMTAyMDAxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI1MTY2ZWQ4NDFiZThmZmE2NzBlYTQ2ZjU3MjQ2ZWVlNDllZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZwdlcHB0OgDdzfHkC9I9eAaZYj4
hYbujnvnFdHjCbn6SN1t+y76qoZkJTT99uc9JJATEewZq1bNUPSNZP4lgVow4TeJ
7/JNixvtstWXjv8ipT8xvTBjadUnXVRKThpnW9lB8dJC/eEVG1Ku3ZIS9rhzAqdR
lo1QbtYjLsUe8lOFPz5EYNMwqR2J+qZu6PEnZfJpwm5xvcCU7wRB3hMti0ihfW2j
aCziPXYd/iC1lqeXW3xSQZzKlBQyzJi/WpNR8DBvmLj8wzjnL/zP7k80j/DOdiFy
mHYBat0DDZfCgDGkXJDUh8kKs5XMyPwRsLXm/9E15lypL7Bv80mPesZP8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUlFm7YQb6P+mcOpG9XJG7uSe6HMB8GA1UdIwQY
MBaAFEB7wdwuEdSRubheCNAcIi+XdsPMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh2QjNDNFIxSkc1dUY0STBCd2lMNWQydzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mMTBiYzctN2M5ZS00ZDk4LThkN2It
N2FmMGExNWY0MGI1LzEvWlNVV2J0aEJ2b182Wnc2a2IxY2tidTVKN29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mMTBiYzctN2M5ZS00ZDk4LThkN2ItN2FmMGExNWY0MGI1
LzEvUUh2QjNDNFIxSkc1dUY0STBCd2lMNWQydzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bFMA0G
CSqGSIb3DQEBCwUAA4IBAQBdoFMMA8WY2kP4AWuiUVJUsGWIj0TTSDY9R7Zwzh45
l4ad/YKbIHJJ4ENINKl8dVx/3RLM8NUuztdDI4fuLEr5dK4RZKYR+zLeuMBxzRn8
Ihze96R/mFcXW/oe/RArMr5dC7siDzaThLQeVho4UdxTYAYqtehaL2+8JjWuXPGB
UqcdRQJWJGkua6d3qN7BsRpNXBYn4F8vqEAHrOEvYp4wnpMYS44NmM7Y7Lll52BR
t+2jxZ72VMK9a5ye7Sp/ViBH3OB7HOcJBNce87ewKyoUYlX3CfKYy6sC+BPEJuR+
E+Uk6tSDuEX2RvVl0ohPEKA1wjimn8zUI3/F+b6TrWvs
-----END CERTIFICATE-----