This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zmfBqA-I4rx2qHC_OeJbPhXS-4E.roa
File:                     zmfBqA-I4rx2qHC_OeJbPhXS-4E.roa (raw, json)
Hash identifier:          WXzOMSMjaCEJyj37Z1+MlBCPz8ibC5ryymek+vug+14=
Subject key identifier:   CE:67:C1:A8:0F:88:E2:BC:76:A8:70:BF:39:E2:5B:3E:15:D2:FB:81
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019BCC7244899FAB0DAF8CA94DD043002B5B
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zmfBqA-I4rx2qHC_OeJbPhXS-4E.roa
Signing time:             Sat 17 Jan 2026 14:53:19 +0000
ROA not before:           Sat 17 Jan 2026 14:53:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2019499
IP address blocks:        46.38.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cc:72:44:89:9f:ab:0d:af:8c:a9:4d:d0:43:00:2b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan 17 14:53:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce67c1a80f88e2bc76a870bf39e25b3e15d2fb81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c8:b0:11:9e:d3:d5:b1:d5:b9:cb:93:01:e0:
                    19:d4:cc:32:de:64:3c:cd:ef:69:6d:d7:c8:20:cb:
                    c3:23:02:e5:cf:30:d7:c1:7b:e3:83:bd:db:c2:86:
                    d6:6f:0e:92:97:23:41:f6:77:78:a3:78:ad:9a:f9:
                    b3:1c:68:52:bd:22:97:86:e0:17:73:e9:1f:63:73:
                    00:ce:30:cb:19:8f:db:22:94:38:8e:0d:54:aa:e2:
                    f4:cb:8e:3e:54:22:ba:34:36:df:44:19:06:c7:0d:
                    fb:a2:94:3f:81:79:6d:db:42:eb:a3:53:0e:ad:a8:
                    d2:ad:05:8b:21:dd:e6:8f:4f:d3:24:5b:a6:5f:e0:
                    34:5d:76:f4:23:2f:43:e0:cf:0f:5c:0c:93:22:7d:
                    37:84:12:39:68:cb:e0:52:b5:27:d4:be:75:cb:94:
                    07:fa:f6:0e:d3:12:69:5e:22:05:88:fc:30:58:4f:
                    97:7a:fd:6c:44:9b:de:4f:b3:cb:cd:a0:4e:16:5a:
                    c4:fb:b9:97:89:2c:c1:fe:94:d3:07:de:47:c6:f1:
                    96:60:9e:61:43:6b:cf:a5:08:b6:71:80:99:ed:58:
                    63:09:53:b1:5a:f1:fb:b0:3b:14:07:32:0d:67:6f:
                    a3:4d:77:af:13:f9:93:5a:7c:6a:3d:5b:70:5f:f8:
                    70:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:67:C1:A8:0F:88:E2:BC:76:A8:70:BF:39:E2:5B:3E:15:D2:FB:81
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/zmfBqA-I4rx2qHC_OeJbPhXS-4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:40:66:51:1e:7a:e8:68:12:64:e8:c5:a2:f2:07:0e:9f:4e:
         2d:a2:98:83:92:02:c1:af:b2:71:29:a4:24:cf:17:56:8b:99:
         91:4c:f9:1e:06:95:cd:74:73:a4:7a:01:a5:09:1a:ff:97:42:
         fc:2e:b7:f4:18:be:e2:34:59:20:13:06:cb:14:ff:1c:bf:46:
         80:5a:7f:be:e5:82:8b:4c:34:80:77:e5:6b:eb:ae:14:01:f2:
         49:5f:93:f0:34:3f:8a:b3:01:80:c1:2d:08:ff:63:05:37:5d:
         b5:10:55:aa:31:46:fb:8f:f6:40:24:e5:f5:90:d2:dd:64:f6:
         55:c0:bb:dc:46:c0:55:27:66:41:97:f4:b9:8b:d3:02:08:f8:
         56:88:8c:4a:95:17:49:16:52:a7:33:31:3d:34:38:27:64:e7:
         c6:b8:97:d2:7c:34:c0:02:b7:6c:17:ef:f1:32:d4:25:57:5e:
         58:22:38:f9:fd:6d:65:2d:af:82:67:54:bb:c7:f4:fb:b8:a9:
         8b:a3:6c:4b:3d:95:c5:e2:1b:ed:56:b4:a9:d0:79:da:e5:8b:
         cc:04:bf:19:0b:2c:14:b9:f9:2c:ac:45:6c:67:9a:34:22:6a:
         f3:0d:5a:3f:01:a7:cc:bf:06:09:f2:28:13:0d:e4:8e:6f:11:
         43:ff:0c:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvMckSJn6sNr4ypTdBDACtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwMTE3MTQ1MzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTY3YzFhODBmODhlMmJjNzZhODcwYmYzOWUyNWIzZTE1ZDJmYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ciwEZ7T1bHVucuTAeAZ1Mwy3mQ8
ze9pbdfIIMvDIwLlzzDXwXvjg73bwobWbw6SlyNB9nd4o3itmvmzHGhSvSKXhuAX
c+kfY3MAzjDLGY/bIpQ4jg1UquL0y44+VCK6NDbfRBkGxw37opQ/gXlt20Lro1MO
rajSrQWLId3mj0/TJFumX+A0XXb0Iy9D4M8PXAyTIn03hBI5aMvgUrUn1L51y5QH
+vYO0xJpXiIFiPwwWE+Xev1sRJveT7PLzaBOFlrE+7mXiSzB/pTTB95HxvGWYJ5h
Q2vPpQi2cYCZ7VhjCVOxWvH7sDsUBzINZ2+jTXevE/mTWnxqPVtwX/hwqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5nwagPiOK8dqhwvzniWz4V0vuBMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvem1mQnFBLUk0cngycUhDX09lSmJQaFhTLTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiaYMA0G
CSqGSIb3DQEBCwUAA4IBAQBVQGZRHnroaBJk6MWi8gcOn04topiDkgLBr7JxKaQk
zxdWi5mRTPkeBpXNdHOkegGlCRr/l0L8Lrf0GL7iNFkgEwbLFP8cv0aAWn++5YKL
TDSAd+Vr664UAfJJX5PwND+KswGAwS0I/2MFN121EFWqMUb7j/ZAJOX1kNLdZPZV
wLvcRsBVJ2ZBl/S5i9MCCPhWiIxKlRdJFlKnMzE9NDgnZOfGuJfSfDTAArdsF+/x
MtQlV15YIjj5/W1lLa+CZ1S7x/T7uKmLo2xLPZXF4hvtVrSp0Hna5YvMBL8ZCywU
ufksrEVsZ5o0ImrzDVo/AafMvwYJ8igTDeSObxFD/wyQ
-----END CERTIFICATE-----