This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/zSrZfDynMxjHsni65bw3lNFxjdo.roa
File:                     zSrZfDynMxjHsni65bw3lNFxjdo.roa (raw, json)
Hash identifier:          B3r/Ky/6d0oUxMT1wJmgm/sCz+cdvAcj1deLNp7FbDQ=
Subject key identifier:   CD:2A:D9:7C:3C:A7:33:18:C7:B2:78:BA:E5:BC:37:94:D1:71:8D:DA
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019C08A2C3062FD8159C43364F0EC142A7BC
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/zSrZfDynMxjHsni65bw3lNFxjdo.roa
Signing time:             Thu 29 Jan 2026 07:23:30 +0000
ROA not before:           Thu 29 Jan 2026 07:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215762
IP address blocks:        193.3.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 30 Jan 2026 20:45:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:08:a2:c3:06:2f:d8:15:9c:43:36:4f:0e:c1:42:a7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan 29 07:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd2ad97c3ca73318c7b278bae5bc3794d1718dda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:50:54:90:38:5c:3a:4c:42:b1:d7:70:9f:84:
                    dc:04:bd:bd:55:e0:09:43:cf:1d:a3:9b:94:08:02:
                    27:47:c6:68:d2:4b:84:94:3d:a1:59:60:9b:4a:92:
                    ba:97:d2:30:b5:c1:a2:62:19:51:de:5d:b4:b9:1f:
                    4a:57:93:e0:31:72:e6:ef:87:34:18:7c:73:a5:39:
                    93:c8:a2:4d:25:d4:ed:94:8b:34:57:fa:09:8d:fd:
                    21:f6:a9:56:ed:fa:82:70:5a:dd:89:d5:12:bc:f7:
                    40:86:d3:6c:74:0e:4f:b6:b6:a4:bd:15:a3:81:b4:
                    41:9d:f6:c1:41:91:c3:45:bb:ec:cf:b0:70:0c:cb:
                    30:14:ce:13:8a:15:1c:4c:d0:c3:ca:e6:fd:a8:14:
                    5c:83:de:d5:86:b4:24:0c:78:f9:3e:d2:8d:b9:6a:
                    15:46:f7:c5:24:f5:27:cf:21:45:2a:e6:b5:04:28:
                    36:63:58:43:7a:37:08:55:d1:18:37:98:f2:ac:72:
                    32:af:73:5d:43:9e:30:01:77:e9:6d:0e:38:9d:ea:
                    55:2c:ff:fd:f6:8d:3a:1c:e3:9e:d9:a1:29:f0:07:
                    3a:fb:b2:9f:6b:17:22:6f:b1:d6:cf:3a:56:97:d4:
                    eb:ba:46:e1:28:dc:35:b2:48:39:35:01:59:ff:52:
                    a7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2A:D9:7C:3C:A7:33:18:C7:B2:78:BA:E5:BC:37:94:D1:71:8D:DA
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/zSrZfDynMxjHsni65bw3lNFxjdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:db:12:4d:b6:fa:65:f4:16:86:6d:1d:5e:5d:da:96:d3:16:
         05:4d:89:84:2c:7f:51:e3:51:2b:e5:7e:0b:af:a3:8a:3d:7e:
         20:dd:c5:c6:bc:3d:3a:59:ba:1d:38:eb:a0:7f:e1:39:eb:e6:
         b1:64:f7:eb:33:e4:76:eb:54:f8:24:3b:38:df:e7:34:99:c3:
         f5:d7:e2:4f:c0:d2:41:6f:a3:4d:da:0f:33:e2:6c:d4:28:21:
         91:fe:d1:f8:60:63:13:a8:19:7e:f6:9e:08:d7:4a:a6:4e:bb:
         b5:24:85:cb:f1:77:81:e7:88:6e:c8:b9:92:a7:cc:5f:2e:71:
         5a:4a:ff:c6:6b:0e:44:2c:e6:2a:21:3b:1e:09:8d:e5:d6:86:
         73:c4:81:a2:13:6e:75:0c:92:82:b8:dd:45:43:6d:f6:5e:99:
         b7:ec:3b:76:f6:a0:fb:bd:e3:3f:ba:24:1c:4c:5a:8f:97:cf:
         95:71:ea:ef:6a:cc:41:8b:99:96:3e:17:86:06:5e:69:cd:85:
         85:f7:79:6c:24:f2:e9:44:bc:0b:9b:05:47:5a:35:48:27:d5:
         35:7f:ba:2f:1a:5c:bb:de:f9:e5:71:3b:1a:b5:81:90:22:b8:
         08:27:50:09:5e:c0:83:49:01:b8:5a:bf:d5:c9:45:1c:00:2e:
         23:8a:10:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwIosMGL9gVnEM2Tw7BQqe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwMTI5MDcyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJhZDk3YzNjYTczMzE4YzdiMjc4YmFlNWJjMzc5NGQxNzE4ZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlBUkDhcOkxCsddwn4TcBL29VeAJ
Q88do5uUCAInR8Zo0kuElD2hWWCbSpK6l9IwtcGiYhlR3l20uR9KV5PgMXLm74c0
GHxzpTmTyKJNJdTtlIs0V/oJjf0h9qlW7fqCcFrdidUSvPdAhtNsdA5PtrakvRWj
gbRBnfbBQZHDRbvsz7BwDMswFM4TihUcTNDDyub9qBRcg97VhrQkDHj5PtKNuWoV
RvfFJPUnzyFFKua1BCg2Y1hDejcIVdEYN5jyrHIyr3NdQ54wAXfpbQ44nepVLP/9
9o06HOOe2aEp8Ac6+7Kfaxcib7HWzzpWl9TrukbhKNw1skg5NQFZ/1Kn9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0q2Xw8pzMYx7J4uuW8N5TRcY3aMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvelNyWmZEeW5NeGpIc25pNjVidzNsTkZ4amRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMUMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ2xJNtvpl9BaGbR1eXdqW0xYFTYmELH9R41Er5X4L
r6OKPX4g3cXGvD06WbodOOugf+E56+axZPfrM+R261T4JDs43+c0mcP11+JPwNJB
b6NN2g8z4mzUKCGR/tH4YGMTqBl+9p4I10qmTru1JIXL8XeB54huyLmSp8xfLnFa
Sv/Gaw5ELOYqITseCY3l1oZzxIGiE251DJKCuN1FQ232Xpm37Dt29qD7veM/uiQc
TFqPl8+VcervasxBi5mWPheGBl5pzYWF93lsJPLpRLwLmwVHWjVIJ9U1f7ovGly7
3vnlcTsatYGQIrgIJ1AJXsCDSQG4Wr/VyUUcAC4jihDx
-----END CERTIFICATE-----