This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/pzadOVQwNG20VtJBdLyOIXQWLIk.roa
File:                     pzadOVQwNG20VtJBdLyOIXQWLIk.roa (raw, json)
Hash identifier:          H3YYxC92C+Xt8vh2HeOMXU4LxRMtAIG+YaViqu9OwVo=
Subject key identifier:   A7:36:9D:39:54:30:34:6D:B4:56:D2:41:74:BC:8E:21:74:16:2C:89
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019B7DCB61DA87BF54027C79F3CE6960BD7C
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/pzadOVQwNG20VtJBdLyOIXQWLIk.roa
Signing time:             Fri 02 Jan 2026 08:20:39 +0000
ROA not before:           Fri 02 Jan 2026 08:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44149
IP address blocks:        31.222.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:61:da:87:bf:54:02:7c:79:f3:ce:69:60:bd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  2 08:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7369d395430346db456d24174bc8e2174162c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b0:3d:7d:ab:e0:3b:b4:0b:34:a1:ec:3d:1e:
                    cf:a4:a6:7e:e0:a8:ee:09:20:34:c2:bc:c2:42:be:
                    74:65:a8:92:37:7a:ab:a5:7a:0b:dc:c3:3f:d1:af:
                    59:2d:c5:9a:e2:8d:b8:0a:ac:f6:a8:93:f6:0b:c9:
                    72:4f:c6:f2:ac:9a:27:97:78:16:ab:6d:f4:30:5d:
                    11:a6:93:58:72:d5:3d:5c:c5:83:7c:17:11:e2:4d:
                    e4:a8:0f:f1:13:dd:e8:df:72:c9:b1:d5:df:bc:a3:
                    c9:d4:1b:11:0a:01:24:ee:08:ae:28:8a:3d:ba:aa:
                    5b:de:f1:1e:ef:d2:99:09:59:57:62:43:f5:d4:8d:
                    d3:8f:5f:03:6b:59:1b:ff:7d:31:d3:99:76:d6:11:
                    c6:2f:5f:5b:4c:75:b0:b4:02:81:9a:1d:e3:97:df:
                    13:2d:32:ec:7a:6c:99:d8:65:bb:52:e8:9c:10:a5:
                    ac:4e:03:86:c1:f5:21:83:f0:2e:20:63:b2:9d:5a:
                    a5:ab:4c:df:34:0f:6b:59:1e:22:ac:a0:24:3c:15:
                    00:da:6c:8c:a5:b4:cf:4f:7e:a1:cf:00:a5:87:1e:
                    ab:9a:28:54:46:17:4e:aa:57:3d:54:5c:b2:02:02:
                    4b:eb:64:1e:2c:9f:94:42:c3:be:19:a1:3d:0a:53:
                    23:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:36:9D:39:54:30:34:6D:B4:56:D2:41:74:BC:8E:21:74:16:2C:89
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/pzadOVQwNG20VtJBdLyOIXQWLIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:8a:11:1e:fa:7d:99:67:90:35:52:4e:01:c3:f3:be:8a:be:
         28:e1:3f:5f:71:cf:20:a6:32:a7:30:df:23:62:4f:e9:60:3c:
         ad:41:7f:dd:da:e1:85:78:3d:cd:7b:88:e5:cd:51:25:12:74:
         a8:c9:e5:e8:f2:fd:ab:e2:e6:8f:38:df:ba:44:48:cc:f0:aa:
         72:d8:8a:2f:d3:9b:f1:4d:2f:e2:17:53:28:0a:d7:e2:dd:84:
         5c:81:fe:64:2e:6e:c4:93:2d:2e:98:e2:d8:70:d5:b3:0d:07:
         46:8e:3c:e8:24:5d:94:03:83:18:35:91:95:a6:95:11:1e:b1:
         e4:50:ba:9b:d3:f5:9a:46:38:21:b4:3e:1b:9c:cf:74:48:bc:
         53:87:b8:12:65:88:ca:97:cd:e0:3c:94:a3:bf:9c:60:a7:36:
         9c:64:a3:c9:66:e4:a0:1b:5b:24:51:e9:92:60:e0:13:93:6f:
         c3:3a:cd:52:36:0c:cd:c3:fb:2c:f3:80:d6:e2:27:ef:49:47:
         0f:ea:46:f6:e5:e8:15:ca:f8:8a:51:09:92:fb:32:50:07:79:
         8e:4d:06:a7:ce:28:90:a1:92:b3:7b:20:59:c3:35:35:b1:6d:
         a3:e9:b7:2d:9f:3f:75:d5:21:cc:e1:f4:3a:b5:80:02:7a:9e:
         5b:7e:4b:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y2Hah79UAnx5885pYL18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTAyMDgyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM2OWQzOTU0MzAzNDZkYjQ1NmQyNDE3NGJjOGUyMTc0MTYyYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurA9favgO7QLNKHsPR7PpKZ+4Kju
CSA0wrzCQr50ZaiSN3qrpXoL3MM/0a9ZLcWa4o24Cqz2qJP2C8lyT8byrJonl3gW
q230MF0RppNYctU9XMWDfBcR4k3kqA/xE93o33LJsdXfvKPJ1BsRCgEk7giuKIo9
uqpb3vEe79KZCVlXYkP11I3Tj18Da1kb/30x05l21hHGL19bTHWwtAKBmh3jl98T
LTLsemyZ2GW7UuicEKWsTgOGwfUhg/AuIGOynVqlq0zfNA9rWR4irKAkPBUA2myM
pbTPT36hzwClhx6rmihURhdOqlc9VFyyAgJL62QeLJ+UQsO+GaE9ClMjjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKc2nTlUMDRttFbSQXS8jiF0FiyJMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvcHphZE9WUXdORzIwVnRKQmRMeU9JWFFXTElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97gMA0G
CSqGSIb3DQEBCwUAA4IBAQAzihEe+n2ZZ5A1Uk4Bw/O+ir4o4T9fcc8gpjKnMN8j
Yk/pYDytQX/d2uGFeD3Ne4jlzVElEnSoyeXo8v2r4uaPON+6REjM8Kpy2Iov05vx
TS/iF1MoCtfi3YRcgf5kLm7Eky0umOLYcNWzDQdGjjzoJF2UA4MYNZGVppURHrHk
ULqb0/WaRjghtD4bnM90SLxTh7gSZYjKl83gPJSjv5xgpzacZKPJZuSgG1skUemS
YOATk2/DOs1SNgzNw/ss84DW4ifvSUcP6kb25egVyviKUQmS+zJQB3mOTQanziiQ
oZKzeyBZwzU1sW2j6bctnz911SHM4fQ6tYACep5bfkv7
-----END CERTIFICATE-----