This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/z99KDvPDdqK4NZKa3bvVfORT0V0.roa
File:                     z99KDvPDdqK4NZKa3bvVfORT0V0.roa (raw, json)
Hash identifier:          UzwOuK5awEHWxFmyDxu4QYqc04xp6nJ5wY/dRgTh9d0=
Subject key identifier:   CF:DF:4A:0E:F3:C3:76:A2:B8:35:92:9A:DD:BB:D5:7C:E4:53:D1:5D
Certificate issuer:       /CN=2b936149657a62be32e0e1571827c2b2f35a0d3d
Certificate serial:       019B79EBC88E284158E220B90A66ABBB2275
Authority key identifier: 2B:93:61:49:65:7A:62:BE:32:E0:E1:57:18:27:C2:B2:F3:5A:0D:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/z99KDvPDdqK4NZKa3bvVfORT0V0.roa
Signing time:             Thu 01 Jan 2026 14:17:33 +0000
ROA not before:           Thu 01 Jan 2026 14:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        80.247.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:c8:8e:28:41:58:e2:20:b9:0a:66:ab:bb:22:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b936149657a62be32e0e1571827c2b2f35a0d3d
        Validity
            Not Before: Jan  1 14:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfdf4a0ef3c376a2b835929addbbd57ce453d15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f9:8b:bf:d9:bd:bc:ea:9f:df:2b:e3:11:e4:
                    b4:fa:25:d2:58:a7:90:f0:e0:bd:71:17:20:d4:2c:
                    0a:61:b8:cd:6c:f3:cc:84:6b:83:7e:e9:eb:d2:37:
                    bb:e2:8f:e1:b1:eb:45:ae:2f:8b:74:9c:0d:69:d5:
                    ef:b2:df:8d:7b:a4:f3:a6:b4:f4:27:81:63:31:b2:
                    d0:72:20:8d:2e:3c:9e:f1:ec:99:c0:30:ad:8a:53:
                    b5:3b:fe:9d:1d:3d:c7:15:3f:22:54:66:b6:7d:07:
                    50:70:ea:6e:34:94:b7:f7:c6:af:00:9a:63:68:0b:
                    8f:6a:17:7f:da:4d:4b:cc:ce:8b:bb:90:7e:16:7c:
                    98:68:2c:52:32:c1:71:76:33:c2:f6:2b:2e:cc:07:
                    38:e0:ab:50:58:ad:a4:f8:66:da:f9:90:34:ea:14:
                    c4:d1:c2:ea:5f:c2:7a:b4:5a:54:ed:2c:98:62:92:
                    75:da:40:17:40:13:f3:cd:e7:80:d1:c3:07:3e:5d:
                    4d:fd:62:9b:37:8f:34:18:38:f1:b9:ec:91:fd:61:
                    50:05:75:68:eb:79:29:26:04:32:5d:4b:27:05:d0:
                    78:46:8c:75:a0:94:b9:30:7f:ad:e9:32:e2:dc:22:
                    88:bd:ad:77:16:67:03:32:55:07:66:c8:22:c2:92:
                    de:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DF:4A:0E:F3:C3:76:A2:B8:35:92:9A:DD:BB:D5:7C:E4:53:D1:5D
            X509v3 Authority Key Identifier:
                keyid:2B:93:61:49:65:7A:62:BE:32:E0:E1:57:18:27:C2:B2:F3:5A:0D:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/z99KDvPDdqK4NZKa3bvVfORT0V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:30:d1:78:b0:d7:c9:75:e1:b6:aa:ca:0a:d2:69:24:13:18:
         7b:6c:ec:80:91:2c:e4:76:bc:53:b3:4c:7b:56:21:ce:7d:ac:
         44:56:04:9d:49:3e:fb:8b:60:5a:4e:93:35:72:8c:04:c3:81:
         bf:bd:b0:61:e0:ce:d2:24:62:af:fb:50:0a:d2:4a:43:fc:dd:
         d7:35:f8:c0:2e:ae:01:db:5b:b0:d3:84:84:99:97:35:70:77:
         33:41:fa:98:d8:a3:38:cb:a5:e2:6f:8a:e1:75:f3:12:a9:5e:
         f4:a1:82:9e:db:9d:ae:5f:09:62:ae:f7:e4:df:14:8e:a2:2a:
         39:bf:36:d8:4a:67:15:f6:7a:eb:14:9b:79:e0:84:69:3b:18:
         ac:9c:c3:19:52:54:50:0d:3f:7b:d1:4f:5e:3b:73:5b:42:b0:
         91:44:fa:0b:c3:f2:99:71:66:d2:30:e4:33:9e:1e:3a:dd:ab:
         2f:a8:14:78:83:79:80:45:35:0a:84:44:9b:f6:df:30:1f:ef:
         ac:e7:41:c5:1f:3c:19:2f:3f:9e:4d:d8:25:63:d7:bb:03:42:
         04:51:c1:bc:29:11:9c:58:cc:ce:ca:77:37:a6:fc:eb:df:e0:
         3a:09:9e:c9:c6:62:b5:f4:4c:c6:07:ad:27:c3:43:2c:80:79:
         e9:91:76:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt568iOKEFY4iC5CmaruyJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTM2MTQ5NjU3YTYyYmUzMmUwZTE1NzE4MjdjMmIyZjM1
YTBkM2QwHhcNMjYwMTAxMTQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRmNGEwZWYzYzM3NmEyYjgzNTkyOWFkZGJiZDU3Y2U0NTNkMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPmLv9m9vOqf3yvjEeS0+iXSWKeQ
8OC9cRcg1CwKYbjNbPPMhGuDfunr0je74o/hsetFri+LdJwNadXvst+Ne6TzprT0
J4FjMbLQciCNLjye8eyZwDCtilO1O/6dHT3HFT8iVGa2fQdQcOpuNJS398avAJpj
aAuPahd/2k1LzM6Lu5B+FnyYaCxSMsFxdjPC9isuzAc44KtQWK2k+Gba+ZA06hTE
0cLqX8J6tFpU7SyYYpJ12kAXQBPzzeeA0cMHPl1N/WKbN480GDjxueyR/WFQBXVo
63kpJgQyXUsnBdB4Rox1oJS5MH+t6TLi3CKIva13FmcDMlUHZsgiwpLemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/fSg7zw3aiuDWSmt271XzkU9FdMB8GA1UdIwQY
MBaAFCuTYUllemK+MuDhVxgnwrLzWg09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVOaFNXVjZZcjR5NE9GWEdDZkNzdk5hRFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9jM2U0MTktODY5MC00NWUwLTg1NGIt
NzgyMGE1MWVkODM0LzEvejk5S0R2UERkcUs0TlpLYTNidlZmT1JUMFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9jM2U0MTktODY5MC00NWUwLTg1NGItNzgyMGE1MWVkODM0
LzEvSzVOaFNXVjZZcjR5NE9GWEdDZkNzdk5hRFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPcxMA0G
CSqGSIb3DQEBCwUAA4IBAQBcMNF4sNfJdeG2qsoK0mkkExh7bOyAkSzkdrxTs0x7
ViHOfaxEVgSdST77i2BaTpM1cowEw4G/vbBh4M7SJGKv+1AK0kpD/N3XNfjALq4B
21uw04SEmZc1cHczQfqY2KM4y6Xib4rhdfMSqV70oYKe252uXwlirvfk3xSOoio5
vzbYSmcV9nrrFJt54IRpOxisnMMZUlRQDT970U9eO3NbQrCRRPoLw/KZcWbSMOQz
nh463asvqBR4g3mARTUKhESb9t8wH++s50HFHzwZLz+eTdglY9e7A0IEUcG8KRGc
WMzOync3pvzr3+A6CZ7JxmK19EzGB60nw0MsgHnpkXbE
-----END CERTIFICATE-----