This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/kZfuHKDAiQJXBvJliXqrjaU0XIg.roa
File:                     kZfuHKDAiQJXBvJliXqrjaU0XIg.roa (raw, json)
Hash identifier:          DHMZVeLexmvq1Vc8FbkkKH/pRR44r4WIYoKUwGuSUU0=
Subject key identifier:   91:97:EE:1C:A0:C0:89:02:57:06:F2:65:89:7A:AB:8D:A5:34:5C:88
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019B775896AB51F7EF8A70418070DBA2058C
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/kZfuHKDAiQJXBvJliXqrjaU0XIg.roa
Signing time:             Thu 01 Jan 2026 02:17:32 +0000
ROA not before:           Thu 01 Jan 2026 02:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211373
IP address blocks:        194.4.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:96:ab:51:f7:ef:8a:70:41:80:70:db:a2:05:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jan  1 02:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9197ee1ca0c089025706f265897aab8da5345c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:36:a3:e6:9f:7b:25:9a:b9:cb:5b:2e:05:cc:
                    be:a5:6c:6d:2a:95:e1:ff:c1:db:c9:04:d6:12:5b:
                    55:a2:0a:01:6e:ef:5f:44:6d:ce:b0:45:14:60:14:
                    5e:81:13:07:b2:d5:16:ab:ee:78:f8:82:c3:b6:62:
                    c5:fe:ca:d1:71:dd:5a:93:3d:fb:b2:2d:66:6d:fd:
                    8c:0e:d7:b9:8a:7b:65:b8:32:0c:83:62:63:11:60:
                    ca:95:ca:fa:10:cc:51:de:f6:5d:b0:17:42:a6:02:
                    44:63:74:85:1c:3d:48:79:c9:a0:b4:30:d1:f7:d8:
                    e5:b6:b8:a1:92:d0:43:30:e8:54:ad:4f:1c:67:3f:
                    6a:1f:14:fc:17:c7:37:e9:e6:d3:69:6d:80:16:c8:
                    ff:1c:97:46:57:19:94:98:d7:f5:33:be:1c:a7:6d:
                    41:fe:07:6f:b5:6f:36:bc:fa:f3:ab:39:a8:9e:50:
                    a0:72:f6:aa:00:4c:a5:71:b3:f9:83:36:d2:01:61:
                    e2:2b:39:53:3d:c6:82:93:06:fc:5e:57:9a:91:96:
                    f4:a5:ed:e4:93:e7:2f:14:5e:75:92:9e:bd:33:15:
                    0d:99:a6:dc:f6:00:94:2b:d0:d2:97:fd:ae:6a:94:
                    d8:c5:f3:fe:f6:f8:48:29:7c:0a:f2:7a:08:61:ed:
                    7d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:97:EE:1C:A0:C0:89:02:57:06:F2:65:89:7A:AB:8D:A5:34:5C:88
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/kZfuHKDAiQJXBvJliXqrjaU0XIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:bf:17:e4:00:e7:07:4f:43:45:80:a5:62:d4:c8:ef:73:2b:
         f8:b4:f0:37:65:34:1c:f6:cd:fc:e5:98:ed:b7:9f:61:3a:ce:
         dc:72:3f:bc:87:10:a9:66:ec:0e:25:06:bc:48:1a:d8:04:7f:
         e9:1b:58:cb:e1:97:9e:13:cd:e8:3e:24:a3:93:09:d7:0c:df:
         f0:a2:36:99:9a:ae:ea:a1:5e:12:31:ff:fa:e2:32:27:6e:c1:
         2e:ea:f2:da:14:53:53:c9:4a:fb:15:22:d6:6e:c9:d9:6e:39:
         ff:15:57:9b:c3:55:b2:f7:e5:98:c1:e1:48:1d:55:0d:6d:d8:
         b7:3a:30:2e:a1:aa:79:f6:40:71:6d:36:3d:5e:ca:7f:e1:b2:
         df:30:e1:ef:c7:b8:72:0c:bd:9b:62:ff:37:e5:54:52:af:87:
         b3:8a:50:0e:93:3d:84:d9:03:4a:d4:0d:b3:55:12:b6:ed:c0:
         99:05:f2:3c:d7:50:0e:8a:aa:da:98:23:bc:f0:eb:8a:dc:2d:
         db:8e:8b:51:be:8a:2f:a8:0c:31:a6:4f:45:9d:67:2a:40:64:
         79:97:d0:1f:09:7f:1c:e9:a7:0b:59:78:5e:9e:48:82:fb:99:
         da:8b:97:95:43:64:86:e8:dc:d6:f2:bf:d2:65:d8:a9:5d:9d:
         a5:ae:85:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WJarUffvinBBgHDbogWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjYwMTAxMDIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTk3ZWUxY2EwYzA4OTAyNTcwNmYyNjU4OTdhYWI4ZGE1MzQ1Yzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjaj5p97JZq5y1suBcy+pWxtKpXh
/8HbyQTWEltVogoBbu9fRG3OsEUUYBRegRMHstUWq+54+ILDtmLF/srRcd1akz37
si1mbf2MDte5intluDIMg2JjEWDKlcr6EMxR3vZdsBdCpgJEY3SFHD1IecmgtDDR
99jltrihktBDMOhUrU8cZz9qHxT8F8c36ebTaW2AFsj/HJdGVxmUmNf1M74cp21B
/gdvtW82vPrzqzmonlCgcvaqAEylcbP5gzbSAWHiKzlTPcaCkwb8XleakZb0pe3k
k+cvFF51kp69MxUNmabc9gCUK9DSl/2uapTYxfP+9vhIKXwK8noIYe19ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGX7hygwIkCVwbyZYl6q42lNFyIMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEva1pmdUhLREFpUUpYQnZKbGlYcXJqYVUwWElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ1MA0G
CSqGSIb3DQEBCwUAA4IBAQBovxfkAOcHT0NFgKVi1Mjvcyv4tPA3ZTQc9s385Zjt
t59hOs7ccj+8hxCpZuwOJQa8SBrYBH/pG1jL4ZeeE83oPiSjkwnXDN/wojaZmq7q
oV4SMf/64jInbsEu6vLaFFNTyUr7FSLWbsnZbjn/FVebw1Wy9+WYweFIHVUNbdi3
OjAuoap59kBxbTY9Xsp/4bLfMOHvx7hyDL2bYv835VRSr4ezilAOkz2E2QNK1A2z
VRK27cCZBfI811AOiqramCO88OuK3C3bjotRvoovqAwxpk9FnWcqQGR5l9AfCX8c
6acLWXhenkiC+5nai5eVQ2SG6NzW8r/SZdipXZ2lroUK
-----END CERTIFICATE-----