This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Zfmn7PLUXl7lL0aAm28pkukpp-8.roa
File:                     Zfmn7PLUXl7lL0aAm28pkukpp-8.roa (raw, json)
Hash identifier:          wWzxKcWPaUlPRP3es/7HEenc/qF8fcJ2Rii1Xlr77D8=
Subject key identifier:   65:F9:A7:EC:F2:D4:5E:5E:E5:2F:46:80:9B:6F:29:92:E9:29:A7:EF
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F15A6E994FF7C4B6C67AC7BAAC445C2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Zfmn7PLUXl7lL0aAm28pkukpp-8.roa
Signing time:             Fri 02 Jan 2026 14:21:23 +0000
ROA not before:           Fri 02 Jan 2026 14:21:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200612
IP address blocks:        2.23.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:a6:e9:94:ff:7c:4b:6c:67:ac:7b:aa:c4:45:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65f9a7ecf2d45e5ee52f46809b6f2992e929a7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ed:14:d6:45:ae:07:2a:d4:bd:4e:2a:41:ac:
                    6b:f6:b0:af:12:15:24:b8:cc:a6:08:26:6f:7a:de:
                    9e:eb:85:03:df:39:75:96:33:bf:54:69:57:a3:61:
                    35:e1:8c:36:6c:29:75:ef:bd:8f:44:bd:9b:81:a0:
                    db:cb:f1:57:6a:3b:64:b4:b7:92:89:63:0c:55:4b:
                    11:5e:23:f1:ab:54:19:58:48:31:ac:2a:73:76:58:
                    91:df:27:af:09:84:cc:af:9c:10:67:22:db:dc:12:
                    b7:62:3b:54:28:df:a4:ae:50:7a:8a:51:04:2f:1d:
                    93:37:73:ab:31:f0:b3:b6:9f:14:58:30:37:6a:1e:
                    56:ab:be:5e:ea:e7:32:91:b8:23:95:f8:d5:ee:30:
                    4c:ec:56:6e:5f:f6:72:1a:95:e2:63:b7:60:20:60:
                    df:a0:df:e5:89:23:52:0f:6a:a7:ab:86:fc:89:db:
                    d4:d1:6d:8f:33:b7:f7:bd:d4:58:a6:bc:22:39:5b:
                    e7:52:62:b8:0f:96:cf:2d:16:77:e5:f1:f7:af:e8:
                    94:c4:5f:4f:ff:be:31:0c:f7:92:8d:31:60:6e:06:
                    68:7e:e8:af:e3:19:34:4d:85:49:b8:f3:26:d2:20:
                    34:44:66:65:40:e0:0e:8f:ad:d1:b7:eb:81:01:be:
                    38:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F9:A7:EC:F2:D4:5E:5E:E5:2F:46:80:9B:6F:29:92:E9:29:A7:EF
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Zfmn7PLUXl7lL0aAm28pkukpp-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:dd:c9:c5:b3:0c:48:4e:36:9d:48:d8:0f:e2:6e:ed:4d:84:
         4e:e7:b4:7c:f6:97:2c:44:78:59:53:88:82:c8:6d:17:27:66:
         09:73:7d:e5:91:14:e4:0d:45:19:d1:45:5d:5a:c4:73:f9:45:
         d6:56:91:d3:60:75:b2:d9:22:50:a5:4d:88:12:55:16:ae:7d:
         bf:5a:a2:22:bf:c1:32:c9:08:56:90:8e:49:7c:51:25:7d:a1:
         6f:77:16:7a:32:bc:c5:41:a5:73:a4:47:3c:8b:8a:9a:62:82:
         ba:78:dc:5f:72:cf:ed:96:8f:39:72:42:bf:f5:ba:1d:24:3f:
         8c:3c:93:52:05:de:aa:8f:21:58:35:c2:a8:bd:b5:43:5e:bd:
         e3:d4:d2:0b:c5:d6:d9:3c:3b:13:3a:2f:fe:2c:aa:8c:0c:b6:
         c0:73:ac:89:92:59:9c:dc:f2:66:72:b3:80:a7:75:ba:e1:64:
         c3:c8:02:85:62:d7:65:c1:3f:81:5b:72:81:1a:c8:f4:9e:17:
         c6:b6:a8:9a:78:f5:1c:8e:ba:70:aa:f6:64:34:cf:0a:23:82:
         87:5a:17:f5:45:40:7c:63:87:d6:50:77:9d:de:38:9c:06:24:
         26:bc:22:a0:58:31:0c:53:25:57:dd:00:92:be:79:8a:78:f0:
         38:e0:43:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FabplP98S2xnrHuqxEXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWY5YTdlY2YyZDQ1ZTVlZTUyZjQ2ODA5YjZmMjk5MmU5MjlhN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1u0U1kWuByrUvU4qQaxr9rCvEhUk
uMymCCZvet6e64UD3zl1ljO/VGlXo2E14Yw2bCl1772PRL2bgaDby/FXajtktLeS
iWMMVUsRXiPxq1QZWEgxrCpzdliR3yevCYTMr5wQZyLb3BK3YjtUKN+krlB6ilEE
Lx2TN3OrMfCztp8UWDA3ah5Wq75e6ucykbgjlfjV7jBM7FZuX/ZyGpXiY7dgIGDf
oN/liSNSD2qnq4b8idvU0W2PM7f3vdRYprwiOVvnUmK4D5bPLRZ35fH3r+iUxF9P
/74xDPeSjTFgbgZofuiv4xk0TYVJuPMm0iA0RGZlQOAOj63Rt+uBAb442wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGX5p+zy1F5e5S9GgJtvKZLpKafvMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWmZtbjdQTFVYbDdsTDBhQW0yOHBrdWtwcC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAheoMA0G
CSqGSIb3DQEBCwUAA4IBAQAa3cnFswxITjadSNgP4m7tTYRO57R89pcsRHhZU4iC
yG0XJ2YJc33lkRTkDUUZ0UVdWsRz+UXWVpHTYHWy2SJQpU2IElUWrn2/WqIiv8Ey
yQhWkI5JfFElfaFvdxZ6MrzFQaVzpEc8i4qaYoK6eNxfcs/tlo85ckK/9bodJD+M
PJNSBd6qjyFYNcKovbVDXr3j1NILxdbZPDsTOi/+LKqMDLbAc6yJklmc3PJmcrOA
p3W64WTDyAKFYtdlwT+BW3KBGsj0nhfGtqiaePUcjrpwqvZkNM8KI4KHWhf1RUB8
Y4fWUHed3jicBiQmvCKgWDEMUyVX3QCSvnmKePA44EOq
-----END CERTIFICATE-----