This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/z4ZmrsMi4rffTSSj7sG9KUI2RbI.roa
File:                     z4ZmrsMi4rffTSSj7sG9KUI2RbI.roa (raw, json)
Hash identifier:          Mu3/esgK0X5k7pGlanJsUxVxpFzxsfzlGM/QwNB28fo=
Subject key identifier:   CF:86:66:AE:C3:22:E2:B7:DF:4D:24:A3:EE:C1:BD:29:42:36:45:B2
Certificate issuer:       /CN=7edbf83aff434512c503712f22291602f55bff48
Certificate serial:       019B79110047C25E00A7ACDB8A6AA1E8623D
Authority key identifier: 7E:DB:F8:3A:FF:43:45:12:C5:03:71:2F:22:29:16:02:F5:5B:FF:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/z4ZmrsMi4rffTSSj7sG9KUI2RbI.roa
Signing time:             Thu 01 Jan 2026 10:18:35 +0000
ROA not before:           Thu 01 Jan 2026 10:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        193.30.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:00:47:c2:5e:00:a7:ac:db:8a:6a:a1:e8:62:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7edbf83aff434512c503712f22291602f55bff48
        Validity
            Not Before: Jan  1 10:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf8666aec322e2b7df4d24a3eec1bd29423645b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c8:a0:1f:dc:86:b1:10:ef:4c:fe:9a:19:0d:
                    63:b0:6b:50:c4:3c:c7:3c:a5:36:78:f3:58:6e:92:
                    95:8a:98:1f:d1:4b:44:ca:cd:0c:b1:f8:60:09:51:
                    99:b2:f6:26:a4:34:f9:92:e4:24:5c:c1:0a:4c:89:
                    54:26:a8:c2:4a:86:00:1e:96:6c:46:c4:c5:e1:b2:
                    f7:f0:56:f9:ba:16:f1:40:c2:76:9c:cd:91:de:d4:
                    6a:5d:f0:8a:29:fd:68:d9:ab:e8:e1:bb:78:78:f7:
                    05:1d:6c:d6:f7:d7:5d:02:a1:62:9b:b4:56:44:46:
                    1a:3e:b7:62:af:cd:b3:6d:06:8a:fe:72:52:8f:49:
                    09:61:04:da:c2:df:32:5e:62:f9:24:10:b3:d1:7a:
                    ca:bd:71:43:0b:38:4d:0d:5c:71:cb:c8:ec:5b:ec:
                    19:52:ef:8c:56:8c:52:8f:82:31:52:78:61:54:f3:
                    41:62:f1:cf:2e:28:33:d0:d4:c5:e0:60:d1:cb:8e:
                    73:1b:8f:e5:fb:7f:85:c8:7c:18:40:31:ec:48:02:
                    81:3f:eb:da:ed:e3:3e:0d:cf:10:62:ee:5a:03:f9:
                    85:e5:8b:52:bc:5f:26:f6:06:5b:b1:a5:b0:e2:53:
                    6f:21:50:cd:f3:d3:9b:ad:94:01:1a:73:b6:e6:6c:
                    f0:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:86:66:AE:C3:22:E2:B7:DF:4D:24:A3:EE:C1:BD:29:42:36:45:B2
            X509v3 Authority Key Identifier:
                keyid:7E:DB:F8:3A:FF:43:45:12:C5:03:71:2F:22:29:16:02:F5:5B:FF:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/z4ZmrsMi4rffTSSj7sG9KUI2RbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:bd:74:26:eb:05:87:b8:b7:58:37:4c:75:87:bb:65:a8:28:
         0a:10:44:62:16:85:ca:70:1b:0d:71:3b:b8:32:0f:00:e5:cf:
         f6:9b:22:62:2c:54:08:a9:c5:a7:0a:f0:d2:20:ea:29:51:b2:
         46:bd:a9:32:76:3a:34:cc:28:5c:25:f7:dd:b2:91:11:d1:99:
         d9:3c:c7:f0:02:1a:9d:84:76:0a:2d:53:b2:e1:84:8e:bf:e0:
         2e:c0:91:04:36:3b:e3:5d:3f:53:35:2a:b6:cf:d2:f2:bd:37:
         b2:b9:c2:4d:3c:69:27:e8:cf:8b:56:c1:7d:49:bc:5a:77:5d:
         51:21:0e:11:51:f9:88:8d:f9:b6:3b:ac:ee:85:4e:3f:82:b4:
         86:5d:38:b6:14:35:71:d5:1b:74:60:e2:82:a2:22:b7:8f:d2:
         10:ba:28:24:95:19:00:a6:d7:a7:03:b2:49:e1:9b:a6:cb:a3:
         71:21:14:8f:d6:45:03:51:22:ff:c0:98:6c:54:87:69:6e:30:
         99:00:47:df:f8:3b:7d:2f:2b:90:b1:81:04:55:e3:8e:c9:f4:
         c9:17:a3:27:53:9a:78:49:3c:ea:ee:04:dc:7e:63:84:c8:43:
         6f:df:44:f2:c8:15:42:77:62:12:9a:d9:3d:2e:ad:6c:a7:96:
         c8:4f:63:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EQBHwl4Ap6zbimqh6GI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZGJmODNhZmY0MzQ1MTJjNTAzNzEyZjIyMjkxNjAyZjU1
YmZmNDgwHhcNMjYwMTAxMTAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg2NjZhZWMzMjJlMmI3ZGY0ZDI0YTNlZWMxYmQyOTQyMzY0NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsigH9yGsRDvTP6aGQ1jsGtQxDzH
PKU2ePNYbpKVipgf0UtEys0MsfhgCVGZsvYmpDT5kuQkXMEKTIlUJqjCSoYAHpZs
RsTF4bL38Fb5uhbxQMJ2nM2R3tRqXfCKKf1o2avo4bt4ePcFHWzW99ddAqFim7RW
REYaPrdir82zbQaK/nJSj0kJYQTawt8yXmL5JBCz0XrKvXFDCzhNDVxxy8jsW+wZ
Uu+MVoxSj4IxUnhhVPNBYvHPLigz0NTF4GDRy45zG4/l+3+FyHwYQDHsSAKBP+va
7eM+Dc8QYu5aA/mF5YtSvF8m9gZbsaWw4lNvIVDN89ObrZQBGnO25mzw4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+GZq7DIuK3300ko+7BvSlCNkWyMB8GA1UdIwQY
MBaAFH7b+Dr/Q0USxQNxLyIpFgL1W/9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnR2NE92OURSUkxGQTNFdklpa1dBdlZiXzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNjE1YjEtNzNhOS00YzNlLWFhZDEt
MDMzNWQxYTc0OGZjLzEvejRabXJzTWk0cmZmVFNTajdzRzlLVUkyUmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNjE1YjEtNzNhOS00YzNlLWFhZDEtMDMzNWQxYTc0OGZj
LzEvZnR2NE92OURSUkxGQTNFdklpa1dBdlZiXzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5wMA0G
CSqGSIb3DQEBCwUAA4IBAQASvXQm6wWHuLdYN0x1h7tlqCgKEERiFoXKcBsNcTu4
Mg8A5c/2myJiLFQIqcWnCvDSIOopUbJGvakydjo0zChcJffdspER0ZnZPMfwAhqd
hHYKLVOy4YSOv+AuwJEENjvjXT9TNSq2z9LyvTeyucJNPGkn6M+LVsF9Sbxad11R
IQ4RUfmIjfm2O6zuhU4/grSGXTi2FDVx1Rt0YOKCoiK3j9IQuigklRkAptenA7JJ
4Zumy6NxIRSP1kUDUSL/wJhsVIdpbjCZAEff+Dt9LyuQsYEEVeOOyfTJF6MnU5p4
STzq7gTcfmOEyENv30TyyBVCd2ISmtk9Lq1sp5bIT2MM
-----END CERTIFICATE-----