This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/pzUfvLlZBxfs74YQSOjhYC9N0PE.roa
File:                     pzUfvLlZBxfs74YQSOjhYC9N0PE.roa (raw, json)
Hash identifier:          ZtJd5WRwfIE1hz6AkG/EAoA8j2p0ylHE9S1NKkUAjdo=
Subject key identifier:   A7:35:1F:BC:B9:59:07:17:EC:EF:86:10:48:E8:E1:60:2F:4D:D0:F1
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019B7BA3D89B51AA1718F50EF5BB93C5C746
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/pzUfvLlZBxfs74YQSOjhYC9N0PE.roa
Signing time:             Thu 01 Jan 2026 22:18:13 +0000
ROA not before:           Thu 01 Jan 2026 22:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        212.100.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:d8:9b:51:aa:17:18:f5:0e:f5:bb:93:c5:c7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Jan  1 22:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7351fbcb9590717ecef861048e8e1602f4dd0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e2:3d:28:22:3b:0f:95:d1:54:01:e4:fb:78:
                    5e:15:f7:22:d6:b5:80:ba:66:f3:4f:4a:06:f7:3f:
                    26:d0:a8:83:d5:90:ed:f6:1b:87:28:d9:85:f5:18:
                    21:3d:51:7f:04:b6:78:f3:b9:a2:5e:06:ec:c7:bf:
                    ca:a1:be:d4:69:e3:07:97:3a:3a:cb:be:99:55:69:
                    d5:3d:9f:c6:99:86:f9:e3:04:5b:67:5b:62:8c:a2:
                    e4:b6:1e:40:de:17:92:f1:cc:8c:28:d7:88:9c:19:
                    d2:68:d2:38:17:b6:dc:7b:75:68:aa:b2:69:49:84:
                    47:44:ac:c4:72:35:52:72:d0:62:dd:9d:6e:b6:c6:
                    6b:2c:19:7b:73:bd:dd:68:08:6a:f1:63:99:47:10:
                    35:d3:f1:0d:45:b5:6e:1e:8e:81:fe:d9:0b:35:39:
                    30:12:24:be:63:c1:5b:36:c2:45:f1:3e:a5:33:43:
                    c6:ff:6e:60:88:fb:be:4a:4c:48:b1:9b:0f:39:a1:
                    79:4e:c1:0c:7b:c5:d5:fa:fd:7c:24:f8:fe:74:11:
                    18:1d:86:30:43:8c:ea:a1:f1:65:1c:c3:a5:c2:c5:
                    4f:27:12:a5:73:df:94:e9:0e:72:fc:e4:3c:b0:01:
                    4d:d1:87:c8:59:78:7e:e1:35:aa:01:07:09:92:61:
                    62:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:35:1F:BC:B9:59:07:17:EC:EF:86:10:48:E8:E1:60:2F:4D:D0:F1
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/pzUfvLlZBxfs74YQSOjhYC9N0PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:69:6d:eb:b0:73:dc:26:f2:9b:70:e0:1a:b0:3f:9f:eb:e6:
         f2:06:7c:b8:93:ba:1f:64:87:4a:a0:4a:9f:8a:2a:a7:5e:09:
         ff:01:ee:39:59:f1:fa:34:92:23:26:a4:86:0c:cb:30:c1:ff:
         4f:05:fa:82:9d:7a:aa:21:80:30:af:05:d8:19:10:2e:f7:79:
         12:81:6f:3b:08:57:f7:66:f5:09:d0:70:49:40:0e:e9:4b:4f:
         d9:fe:e6:59:53:91:8a:a0:f7:f7:40:3e:2b:57:d8:0b:94:a7:
         66:a7:89:6a:b7:ef:b6:61:c4:e1:19:32:34:b1:bc:22:b1:ef:
         72:8c:e8:25:32:4f:a6:94:97:52:b0:dc:18:b1:10:06:75:36:
         9a:27:aa:9f:10:96:70:a3:00:cd:5b:cc:d0:4b:9d:bc:4b:a6:
         ae:50:32:3f:42:bb:23:fa:c0:56:61:e8:03:aa:fc:e6:5c:e4:
         4e:0a:0f:e5:12:fd:ee:2c:db:00:70:d5:6e:63:db:32:ff:02:
         7c:8e:cc:34:5d:83:39:a0:72:fb:d7:a4:37:d5:15:a7:da:ec:
         e0:53:90:5f:7f:e5:0b:3a:ef:96:d8:da:20:98:93:ce:1b:17:
         50:7b:d5:a9:c2:7f:68:bd:ef:67:31:62:8a:11:a8:cd:6b:dc:
         d7:48:f2:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o9ibUaoXGPUO9buTxcdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMTAxMjIxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM1MWZiY2I5NTkwNzE3ZWNlZjg2MTA0OGU4ZTE2MDJmNGRkMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeI9KCI7D5XRVAHk+3heFfci1rWA
umbzT0oG9z8m0KiD1ZDt9huHKNmF9RghPVF/BLZ487miXgbsx7/Kob7UaeMHlzo6
y76ZVWnVPZ/GmYb54wRbZ1tijKLkth5A3heS8cyMKNeInBnSaNI4F7bce3VoqrJp
SYRHRKzEcjVSctBi3Z1utsZrLBl7c73daAhq8WOZRxA10/ENRbVuHo6B/tkLNTkw
EiS+Y8FbNsJF8T6lM0PG/25giPu+SkxIsZsPOaF5TsEMe8XV+v18JPj+dBEYHYYw
Q4zqofFlHMOlwsVPJxKlc9+U6Q5y/OQ8sAFN0YfIWXh+4TWqAQcJkmFi+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKc1H7y5WQcX7O+GEEjo4WAvTdDxMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvcHpVZnZMbFpCeGZzNzRZUVNPamhZQzlOMFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSqMA0G
CSqGSIb3DQEBCwUAA4IBAQA2aW3rsHPcJvKbcOAasD+f6+byBny4k7ofZIdKoEqf
iiqnXgn/Ae45WfH6NJIjJqSGDMswwf9PBfqCnXqqIYAwrwXYGRAu93kSgW87CFf3
ZvUJ0HBJQA7pS0/Z/uZZU5GKoPf3QD4rV9gLlKdmp4lqt++2YcThGTI0sbwise9y
jOglMk+mlJdSsNwYsRAGdTaaJ6qfEJZwowDNW8zQS528S6auUDI/Qrsj+sBWYegD
qvzmXOROCg/lEv3uLNsAcNVuY9sy/wJ8jsw0XYM5oHL716Q31RWn2uzgU5Bff+UL
Ou+W2NogmJPOGxdQe9Wpwn9ove9nMWKKEajNa9zXSPKn
-----END CERTIFICATE-----