This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/0ZqH99V57Xuf54z1hwypjXXPfTk.roa
File:                     0ZqH99V57Xuf54z1hwypjXXPfTk.roa (raw, json)
Hash identifier:          a/D66uiFnK78JnobNYVCxo0xT6Yj6YVtDbbQ8ijoyQo=
Subject key identifier:   D1:9A:87:F7:D5:79:ED:7B:9F:E7:8C:F5:87:0C:A9:8D:75:CF:7D:39
Certificate issuer:       /CN=eefff40d8bb4a24872e01ba7f42e3ae63ee085f5
Certificate serial:       019B783516DCD4429F0A34C38CFF22CA9E03
Authority key identifier: EE:FF:F4:0D:8B:B4:A2:48:72:E0:1B:A7:F4:2E:3A:E6:3E:E0:85:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7v_0DYu0okhy4Bun9C465j7ghfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/0ZqH99V57Xuf54z1hwypjXXPfTk.roa
Signing time:             Thu 01 Jan 2026 06:18:23 +0000
ROA not before:           Thu 01 Jan 2026 06:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        85.236.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/7v_0DYu0okhy4Bun9C465j7ghfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/7v_0DYu0okhy4Bun9C465j7ghfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7v_0DYu0okhy4Bun9C465j7ghfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:16:dc:d4:42:9f:0a:34:c3:8c:ff:22:ca:9e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eefff40d8bb4a24872e01ba7f42e3ae63ee085f5
        Validity
            Not Before: Jan  1 06:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d19a87f7d579ed7b9fe78cf5870ca98d75cf7d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1c:5f:68:9d:d3:19:ce:87:c0:82:81:ba:6a:
                    ff:4a:ee:7a:01:b2:5a:54:31:da:7c:14:c4:7d:54:
                    c6:fd:9c:d8:6b:da:82:05:34:5f:45:78:21:b1:59:
                    13:56:de:67:fd:fc:12:74:7d:29:bc:84:4c:76:1c:
                    ed:b9:35:33:82:7b:05:78:62:a7:b3:16:9c:c7:9f:
                    4f:02:53:51:dc:73:08:b7:1f:89:74:52:63:36:1f:
                    85:68:72:d4:d0:69:56:95:b9:2c:29:40:25:a0:5b:
                    dc:77:27:74:61:be:f0:9b:5e:b5:be:0b:4f:af:14:
                    a5:57:bc:e0:de:11:ee:62:62:86:6c:9c:59:f2:55:
                    d7:1f:8f:4e:c7:a0:61:05:1b:3b:b0:52:f4:61:e1:
                    6c:a2:62:b0:b0:02:26:41:af:20:e6:24:ad:73:1c:
                    31:1d:17:60:43:c8:7f:d2:b3:29:e6:1d:20:52:38:
                    66:74:c8:a9:98:fb:a6:4d:37:87:3b:83:ad:cf:f1:
                    ee:fa:b5:0e:b2:10:e0:43:76:6a:70:c2:10:95:b1:
                    af:5f:33:ac:20:18:ad:93:32:73:3a:77:3b:f0:ac:
                    0b:f4:a0:d8:c1:70:1a:7c:a4:54:d5:36:87:1e:b7:
                    95:28:5b:3f:25:7e:d2:20:33:59:20:25:a1:bf:2b:
                    7b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9A:87:F7:D5:79:ED:7B:9F:E7:8C:F5:87:0C:A9:8D:75:CF:7D:39
            X509v3 Authority Key Identifier:
                keyid:EE:FF:F4:0D:8B:B4:A2:48:72:E0:1B:A7:F4:2E:3A:E6:3E:E0:85:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7v_0DYu0okhy4Bun9C465j7ghfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/0ZqH99V57Xuf54z1hwypjXXPfTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3ebdba-46c9-403c-8a0d-141d33c743df/1/7v_0DYu0okhy4Bun9C465j7ghfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.236.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:25:a9:b4:73:c7:a8:ba:b6:00:75:4d:8f:05:aa:fe:11:5c:
         d8:75:80:20:35:35:e7:40:54:3d:d8:c8:f3:6e:a5:76:d9:53:
         a8:de:b3:54:33:1e:d3:80:31:31:a4:ce:e3:4b:dc:43:d3:20:
         80:53:6d:44:f7:2a:d5:f9:cd:c4:af:ca:ad:cb:6a:78:c8:83:
         a0:96:4b:4b:8c:f8:c2:6e:86:58:d3:d0:86:06:66:64:ec:ec:
         8e:d4:59:96:88:4e:d3:75:5f:3a:f1:aa:5d:e3:08:af:82:39:
         3d:a4:b4:37:d1:b2:6b:64:8a:87:53:ad:6b:c8:3b:22:18:2e:
         44:ef:74:ae:17:3b:61:06:74:72:1a:a8:11:8c:36:7f:46:2f:
         56:87:8c:e7:d5:9f:5a:a3:bb:ba:62:d4:f3:60:cb:1d:44:f7:
         36:e2:0d:1d:49:68:0e:c5:91:fc:f0:11:cc:cb:f7:01:bf:17:
         29:5e:e4:39:86:c7:4c:1e:29:47:27:20:61:3d:55:9f:73:4e:
         cd:59:70:94:20:eb:2f:5b:84:69:cc:0d:b2:05:55:d6:85:3d:
         59:5f:37:cb:d8:6b:25:cf:2f:fc:76:f4:80:c5:98:ad:6c:13:
         2d:3d:63:88:0f:d0:6a:45:ff:59:73:37:f9:64:8e:7a:d7:da:
         9e:ef:4b:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NRbc1EKfCjTDjP8iyp4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmZmNDBkOGJiNGEyNDg3MmUwMWJhN2Y0MmUzYWU2M2Vl
MDg1ZjUwHhcNMjYwMTAxMDYxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTlhODdmN2Q1NzllZDdiOWZlNzhjZjU4NzBjYTk4ZDc1Y2Y3ZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRxfaJ3TGc6HwIKBumr/Su56AbJa
VDHafBTEfVTG/ZzYa9qCBTRfRXghsVkTVt5n/fwSdH0pvIRMdhztuTUzgnsFeGKn
sxacx59PAlNR3HMItx+JdFJjNh+FaHLU0GlWlbksKUAloFvcdyd0Yb7wm161vgtP
rxSlV7zg3hHuYmKGbJxZ8lXXH49Ox6BhBRs7sFL0YeFsomKwsAImQa8g5iStcxwx
HRdgQ8h/0rMp5h0gUjhmdMipmPumTTeHO4Otz/Hu+rUOshDgQ3ZqcMIQlbGvXzOs
IBitkzJzOnc78KwL9KDYwXAafKRU1TaHHreVKFs/JX7SIDNZICWhvyt7IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGah/fVee17n+eM9YcMqY11z305MB8GA1UdIwQY
MBaAFO7/9A2LtKJIcuAbp/QuOuY+4IX1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3ZfMERZdTBva2h5NEJ1bjlDNDY1ajdnaGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zZWJkYmEtNDZjOS00MDNjLThhMGQt
MTQxZDMzYzc0M2RmLzEvMFpxSDk5VjU3WHVmNTR6MWh3eXBqWFhQZlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zZWJkYmEtNDZjOS00MDNjLThhMGQtMTQxZDMzYzc0M2Rm
LzEvN3ZfMERZdTBva2h5NEJ1bjlDNDY1ajdnaGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVeyIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhJam0c8eourYAdU2PBar+EVzYdYAgNTXnQFQ92Mjz
bqV22VOo3rNUMx7TgDExpM7jS9xD0yCAU21E9yrV+c3Er8qty2p4yIOglktLjPjC
boZY09CGBmZk7OyO1FmWiE7TdV868apd4wivgjk9pLQ30bJrZIqHU61ryDsiGC5E
73SuFzthBnRyGqgRjDZ/Ri9Wh4zn1Z9ao7u6YtTzYMsdRPc24g0dSWgOxZH88BHM
y/cBvxcpXuQ5hsdMHilHJyBhPVWfc07NWXCUIOsvW4RpzA2yBVXWhT1ZXzfL2Gsl
zy/8dvSAxZitbBMtPWOID9BqRf9Zczf5ZI5619qe70sV
-----END CERTIFICATE-----