This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KZNZ0vhVzAt8xRDz11jJQSbmReo.roa
File:                     KZNZ0vhVzAt8xRDz11jJQSbmReo.roa (raw, json)
Hash identifier:          XRQ/DFNpFkq7IaVQcfwZibCPLVVCCmcslB39faqv0sg=
Subject key identifier:   29:93:59:D2:F8:55:CC:0B:7C:C5:10:F3:D7:58:C9:41:26:E6:45:EA
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C2B3D24085F77BFFC98EA9FE5A8FF3534
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KZNZ0vhVzAt8xRDz11jJQSbmReo.roa
Signing time:             Thu 05 Feb 2026 00:39:13 +0000
ROA not before:           Thu 05 Feb 2026 00:39:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208690
IP address blocks:        2a06:9801:26::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Feb 2026 19:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2b:3d:24:08:5f:77:bf:fc:98:ea:9f:e5:a8:ff:35:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb  5 00:39:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=299359d2f855cc0b7cc510f3d758c94126e645ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f6:b5:dc:93:eb:66:cc:21:fd:14:7c:cd:0b:
                    6c:d1:77:d3:48:4f:16:49:0f:18:48:fc:f7:47:bc:
                    6f:33:26:c9:fb:a5:71:fe:bc:b9:03:e3:7c:d0:3a:
                    81:4e:53:f2:07:2e:08:47:df:a9:93:81:00:39:ef:
                    3c:a8:64:71:90:7c:9b:02:4f:29:93:1d:60:0d:d9:
                    81:f3:8d:c8:5c:65:9e:4f:2e:c6:09:17:95:fb:5f:
                    88:e2:4b:a2:f0:b3:bb:d7:f8:cf:e9:24:4a:a1:19:
                    60:3c:cc:d0:99:cb:e4:66:cb:7c:8a:8a:c0:65:5d:
                    19:37:23:e5:3a:d6:af:41:b8:41:98:e7:e2:38:ff:
                    a8:10:71:cf:5d:bc:08:b1:32:59:7f:ab:a9:2f:20:
                    8d:90:6a:0b:83:f2:d3:a4:dc:79:e7:58:69:f3:06:
                    35:23:8c:0e:05:64:e8:6f:4c:db:73:25:06:f6:8f:
                    e7:02:64:a5:6e:18:66:65:05:ad:e0:a0:8a:42:61:
                    0a:95:ed:c9:dc:56:75:77:4e:63:f7:65:81:53:da:
                    0d:58:9c:e4:2d:59:8f:81:15:91:c2:c3:0e:38:33:
                    81:cf:09:85:2c:5a:66:62:6b:1f:92:98:13:4c:8e:
                    bf:e0:99:ca:fb:71:70:c1:99:55:89:b3:be:94:f0:
                    9a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:93:59:D2:F8:55:CC:0B:7C:C5:10:F3:D7:58:C9:41:26:E6:45:EA
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KZNZ0vhVzAt8xRDz11jJQSbmReo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:26::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:06:3d:d5:2a:19:c0:bf:db:81:f2:0c:0f:a8:63:71:22:fe:
         27:78:b9:a1:e7:f5:74:52:f3:8f:fa:a6:f8:c1:0d:ae:5e:ee:
         bb:07:c3:5a:90:6e:54:d0:32:42:fc:38:f0:4e:0d:17:e7:20:
         01:60:fe:1b:66:c2:be:94:d5:24:ed:20:0d:42:76:fe:bc:97:
         36:cf:87:dc:2c:cf:2a:fe:07:6a:bf:f9:da:a3:1c:5f:a2:f6:
         5f:33:d9:e4:99:2b:15:3c:93:2f:a1:12:7d:37:cb:56:be:ad:
         5e:56:3d:2e:32:71:7f:9a:d9:98:f9:6b:c5:71:8c:4c:56:83:
         17:35:22:c6:9c:a6:ac:5c:9e:52:a5:6e:a2:b2:cc:e1:ff:61:
         b2:12:2b:8e:42:46:24:3f:21:be:dc:10:e3:f4:2d:f0:d6:04:
         63:60:49:cb:b3:3e:a8:dc:a2:71:9f:75:f5:25:09:f1:01:68:
         29:59:6a:78:e6:c5:99:d9:59:37:e1:93:a3:1d:6c:26:b0:1b:
         e8:e8:c0:6c:e7:89:63:1a:92:32:66:0a:d7:19:45:2a:b0:33:
         30:47:84:00:c4:0a:02:e9:a5:9d:a5:64:af:62:3a:3c:3b:fe:
         87:4a:51:cb:9c:d7:5f:a8:bf:75:b2:25:de:8e:93:c9:bf:d9:
         30:5d:93:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwrPSQIX3e//Jjqn+Wo/zU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjA1MDAzOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTkzNTlkMmY4NTVjYzBiN2NjNTEwZjNkNzU4Yzk0MTI2ZTY0NWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfa13JPrZswh/RR8zQts0XfTSE8W
SQ8YSPz3R7xvMybJ+6Vx/ry5A+N80DqBTlPyBy4IR9+pk4EAOe88qGRxkHybAk8p
kx1gDdmB843IXGWeTy7GCReV+1+I4kui8LO71/jP6SRKoRlgPMzQmcvkZst8iorA
ZV0ZNyPlOtavQbhBmOfiOP+oEHHPXbwIsTJZf6upLyCNkGoLg/LTpNx551hp8wY1
I4wOBWTob0zbcyUG9o/nAmSlbhhmZQWt4KCKQmEKle3J3FZ1d05j92WBU9oNWJzk
LVmPgRWRwsMOODOBzwmFLFpmYmsfkpgTTI6/4JnK+3FwwZlVibO+lPCazwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCmTWdL4VcwLfMUQ89dYyUEm5kXqMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvS1pOWjB2aFZ6QXQ4eFJEejExakpRU2JtUmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAm
MA0GCSqGSIb3DQEBCwUAA4IBAQA9Bj3VKhnAv9uB8gwPqGNxIv4neLmh5/V0UvOP
+qb4wQ2uXu67B8NakG5U0DJC/DjwTg0X5yABYP4bZsK+lNUk7SANQnb+vJc2z4fc
LM8q/gdqv/naoxxfovZfM9nkmSsVPJMvoRJ9N8tWvq1eVj0uMnF/mtmY+WvFcYxM
VoMXNSLGnKasXJ5SpW6isszh/2GyEiuOQkYkPyG+3BDj9C3w1gRjYEnLsz6o3KJx
n3X1JQnxAWgpWWp45sWZ2Vk34ZOjHWwmsBvo6MBs54ljGpIyZgrXGUUqsDMwR4QA
xAoC6aWdpWSvYjo8O/6HSlHLnNdfqL91siXejpPJv9kwXZMc
-----END CERTIFICATE-----