This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/S-Zk0ObYtJMIz656nLDAOtkUtx8.roa
File:                     S-Zk0ObYtJMIz656nLDAOtkUtx8.roa (raw, json)
Hash identifier:          +uIO+SHw3q58WAdHwKwHZ+9+iLe/2WT3m6O2zlQ0zeI=
Subject key identifier:   4B:E6:64:D0:E6:D8:B4:93:08:CF:AE:7A:9C:B0:C0:3A:D9:14:B7:1F
Certificate issuer:       /CN=5797245d78078985c147dccbe0ec6d168dd9982d
Certificate serial:       019B7E390FA4CD9DCEEE50FB1BD6BE678C86
Authority key identifier: 57:97:24:5D:78:07:89:85:C1:47:DC:CB:E0:EC:6D:16:8D:D9:98:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/S-Zk0ObYtJMIz656nLDAOtkUtx8.roa
Signing time:             Fri 02 Jan 2026 10:20:27 +0000
ROA not before:           Fri 02 Jan 2026 10:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51379
IP address blocks:        178.212.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:0f:a4:cd:9d:ce:ee:50:fb:1b:d6:be:67:8c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5797245d78078985c147dccbe0ec6d168dd9982d
        Validity
            Not Before: Jan  2 10:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4be664d0e6d8b49308cfae7a9cb0c03ad914b71f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:83:c2:87:01:af:3d:3f:dc:94:37:a5:73:a6:
                    d5:42:74:0d:7c:da:00:5a:2b:44:1c:86:da:4a:43:
                    45:9d:d0:e7:dd:28:dd:1f:f6:1a:18:54:f4:6d:e6:
                    fa:fb:b9:b4:e0:a2:f7:8f:7f:57:bc:c8:da:a1:76:
                    9a:14:a1:b1:fc:10:4a:df:14:8d:5f:4f:17:d9:d3:
                    f1:10:0f:24:cb:5a:2e:c7:a3:63:4c:aa:b7:d0:56:
                    4f:2b:05:0f:e7:6a:5a:77:3d:5f:50:58:27:fd:49:
                    4e:30:70:54:e9:23:39:be:b6:0d:6c:f9:09:f3:5a:
                    d5:2f:ed:da:11:60:e0:55:5e:35:d7:04:6f:e0:9f:
                    81:11:07:85:3e:ca:9f:15:9b:0c:a2:5c:75:a9:56:
                    9c:fb:91:50:16:c1:0b:d3:16:59:f7:99:2e:2f:f6:
                    8c:56:64:06:4f:ab:c0:d1:50:e9:d0:f7:ff:51:02:
                    13:f5:92:46:c9:7b:30:e1:4a:91:01:c4:bd:d0:0e:
                    ae:0f:7a:f9:da:ac:89:d0:88:04:fd:2f:d3:1f:e7:
                    8e:9d:4c:74:5f:42:0b:0f:20:f2:09:8b:42:36:91:
                    0f:9d:74:75:63:c4:34:be:cb:18:32:9e:1e:d9:95:
                    0a:5f:0c:d8:87:39:2a:7e:1c:58:11:bb:31:56:65:
                    ce:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E6:64:D0:E6:D8:B4:93:08:CF:AE:7A:9C:B0:C0:3A:D9:14:B7:1F
            X509v3 Authority Key Identifier:
                keyid:57:97:24:5D:78:07:89:85:C1:47:DC:CB:E0:EC:6D:16:8D:D9:98:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/S-Zk0ObYtJMIz656nLDAOtkUtx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:49:4b:ba:f8:e3:4a:21:cf:e2:52:c4:a6:fb:6a:07:4d:f5:
         8b:39:28:3d:72:1b:e1:45:f8:c8:40:c9:e1:68:01:d1:f0:df:
         50:da:b1:c6:19:bd:03:89:41:8a:2e:58:52:4e:52:c1:1e:ad:
         31:d1:bd:dc:03:cb:2d:ff:3b:fd:8c:f0:67:26:ff:05:80:89:
         83:e5:11:29:79:8f:13:91:fc:06:8e:0c:49:e8:98:50:8f:ef:
         0b:cc:a4:62:02:16:e6:5d:45:f1:a2:a7:9b:6b:5d:e3:62:24:
         5a:03:65:ae:ef:5f:49:4e:12:05:4a:22:a6:dc:56:71:4b:06:
         a0:e3:29:27:64:eb:94:4f:91:c5:72:26:31:60:ab:58:25:cb:
         cc:78:14:74:f0:5e:93:96:33:0c:6a:14:98:be:aa:c2:54:14:
         e7:1b:45:d7:da:10:cd:75:4f:4b:66:b4:c8:00:39:a5:63:90:
         a9:b8:74:be:56:f8:25:05:b9:1a:66:ea:3a:95:0b:35:f4:9b:
         82:8d:85:32:cc:3f:d3:33:2e:dd:e6:fc:8e:97:94:68:e8:cd:
         41:e6:c2:2f:f9:44:24:0d:e8:4b:e9:bc:dc:46:26:14:97:a2:
         df:86:06:3a:8a:97:42:27:b0:fa:60:e6:c8:44:19:bd:db:7b:
         4d:7b:17:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OQ+kzZ3O7lD7G9a+Z4yGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTcyNDVkNzgwNzg5ODVjMTQ3ZGNjYmUwZWM2ZDE2OGRk
OTk4MmQwHhcNMjYwMTAyMTAyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmU2NjRkMGU2ZDhiNDkzMDhjZmFlN2E5Y2IwYzAzYWQ5MTRiNzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYPChwGvPT/clDelc6bVQnQNfNoA
WitEHIbaSkNFndDn3SjdH/YaGFT0beb6+7m04KL3j39XvMjaoXaaFKGx/BBK3xSN
X08X2dPxEA8ky1oux6NjTKq30FZPKwUP52padz1fUFgn/UlOMHBU6SM5vrYNbPkJ
81rVL+3aEWDgVV411wRv4J+BEQeFPsqfFZsMolx1qVac+5FQFsEL0xZZ95kuL/aM
VmQGT6vA0VDp0Pf/UQIT9ZJGyXsw4UqRAcS90A6uD3r52qyJ0IgE/S/TH+eOnUx0
X0ILDyDyCYtCNpEPnXR1Y8Q0vssYMp4e2ZUKXwzYhzkqfhxYEbsxVmXO8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvmZNDm2LSTCM+uepywwDrZFLcfMB8GA1UdIwQY
MBaAFFeXJF14B4mFwUfcy+DsbRaN2ZgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVja1hYZ0hpWVhCUjl6TDRPeHRGbzNabUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xMTE1NzktYWUxOS00MjUxLTk3ODUt
NzNlMzhjY2UxMzgzLzEvUy1aazBPYll0Sk1JejY1Nm5MREFPdGtVdHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xMTE1NzktYWUxOS00MjUxLTk3ODUtNzNlMzhjY2UxMzgz
LzEvVjVja1hYZ0hpWVhCUjl6TDRPeHRGbzNabUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstRwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCSUu6+ONKIc/iUsSm+2oHTfWLOSg9chvhRfjIQMnh
aAHR8N9Q2rHGGb0DiUGKLlhSTlLBHq0x0b3cA8st/zv9jPBnJv8FgImD5REpeY8T
kfwGjgxJ6JhQj+8LzKRiAhbmXUXxoqeba13jYiRaA2Wu719JThIFSiKm3FZxSwag
4yknZOuUT5HFciYxYKtYJcvMeBR08F6TljMMahSYvqrCVBTnG0XX2hDNdU9LZrTI
ADmlY5CpuHS+VvglBbkaZuo6lQs19JuCjYUyzD/TMy7d5vyOl5Ro6M1B5sIv+UQk
DehL6bzcRiYUl6LfhgY6ipdCJ7D6YObIRBm923tNexch
-----END CERTIFICATE-----