This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/ZC50pBO67qVHzN1c7SEa1kzzD6E.roa
File:                     ZC50pBO67qVHzN1c7SEa1kzzD6E.roa (raw, json)
Hash identifier:          IAgaovaJhzFt2Ft+5OuMmXTJSQzhtUgFmcVOJJam/YA=
Subject key identifier:   64:2E:74:A4:13:BA:EE:A5:47:CC:DD:5C:ED:21:1A:D6:4C:F3:0F:A1
Certificate issuer:       /CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
Certificate serial:       019B7B369EED93B4D27DA4078938796706F9
Authority key identifier: 03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/ZC50pBO67qVHzN1c7SEa1kzzD6E.roa
Signing time:             Thu 01 Jan 2026 20:18:55 +0000
ROA not before:           Thu 01 Jan 2026 20:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55154
IP address blocks:        185.84.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:9e:ed:93:b4:d2:7d:a4:07:89:38:79:67:06:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
        Validity
            Not Before: Jan  1 20:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=642e74a413baeea547ccdd5ced211ad64cf30fa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:59:1b:4c:ac:87:1b:70:dd:ce:36:5b:4e:05:
                    bc:e0:37:43:cf:a8:d7:68:1b:ab:e7:92:18:73:6d:
                    5c:92:f1:38:50:33:09:1d:1f:40:a1:b8:84:20:a2:
                    24:ce:17:af:ae:91:7a:7e:5c:ad:c5:c4:ba:53:73:
                    77:26:2b:d5:31:73:10:32:7b:1f:ce:c4:32:d5:be:
                    2d:ad:75:54:cf:c7:4e:f6:f2:55:92:80:7f:3b:87:
                    0c:23:90:4c:a5:c5:76:ca:fb:5a:50:f7:fb:ea:c6:
                    f4:ae:bb:66:f7:1c:e0:83:ac:fb:dc:ff:de:40:31:
                    85:51:16:be:2c:d3:a9:94:19:ef:60:80:36:39:dc:
                    49:74:19:ed:fc:f1:8e:8e:3f:f1:ba:4e:8b:2e:d2:
                    96:07:9b:61:bb:32:b3:3d:b3:a5:84:f5:52:34:9a:
                    38:6d:71:40:68:bd:6b:4f:e2:20:3a:bd:28:fb:10:
                    9b:1b:e5:7f:3c:60:65:b1:0b:b5:6d:24:0a:e3:01:
                    69:bc:9c:a0:d5:fc:03:da:25:c7:5a:6b:9c:7f:57:
                    f6:58:32:cf:ce:23:1d:37:49:64:e1:20:34:1a:94:
                    37:e8:e2:f9:41:d2:93:e4:fe:5b:28:a0:88:d0:67:
                    0f:6c:db:1a:d5:d0:13:d7:eb:52:e1:0e:33:ff:b0:
                    df:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2E:74:A4:13:BA:EE:A5:47:CC:DD:5C:ED:21:1A:D6:4C:F3:0F:A1
            X509v3 Authority Key Identifier:
                keyid:03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/ZC50pBO67qVHzN1c7SEa1kzzD6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:30:51:03:d5:8e:e9:2e:05:2d:ee:64:fc:2e:92:3f:73:fc:
         ff:20:80:de:08:c0:ff:fc:c3:7c:cd:ee:49:3a:06:c3:83:f0:
         9e:ba:5f:88:49:28:2d:e0:be:62:af:ac:f9:f5:cc:4c:b4:f5:
         91:07:cc:23:c9:fd:90:df:29:ab:f7:82:2d:12:cb:a3:52:74:
         c5:99:0a:f5:0c:b9:30:a6:76:09:5c:7d:05:b8:a5:37:f5:4e:
         9c:02:f7:3b:95:67:13:59:46:4e:c9:2c:e0:d4:83:71:44:43:
         b9:db:3e:4a:89:6c:ec:47:9c:51:fc:10:25:5c:73:d6:c7:78:
         fc:da:53:23:b7:ec:f7:b2:4e:f4:2e:39:73:0a:90:93:e9:e2:
         35:7b:4b:88:0d:eb:d9:2c:2c:d0:f9:54:09:42:34:54:3c:42:
         9d:50:16:c4:97:68:9d:72:42:57:4d:92:ea:3c:7b:10:a6:67:
         98:b2:3a:3f:d8:57:74:b1:38:6b:26:c2:95:41:0b:50:fb:35:
         1d:c2:88:48:3a:11:28:f5:35:b4:ca:1b:f8:1b:95:3c:36:02:
         71:bc:0c:05:4d:d1:59:8f:13:63:06:76:0c:a0:25:a8:0f:9e:
         84:d1:a0:08:7f:c4:d3:1b:f6:93:99:e4:3e:07:15:11:7d:f0:
         49:29:c4:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Np7tk7TSfaQHiTh5Zwb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzY0ZmNlZGQ2OTEzNTc3MzNjZDVjY2Q3MDI5ZGI4ZTYx
ZDFlM2EwHhcNMjYwMTAxMjAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJlNzRhNDEzYmFlZWE1NDdjY2RkNWNlZDIxMWFkNjRjZjMwZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVkbTKyHG3DdzjZbTgW84DdDz6jX
aBur55IYc21ckvE4UDMJHR9AobiEIKIkzhevrpF6flytxcS6U3N3JivVMXMQMnsf
zsQy1b4trXVUz8dO9vJVkoB/O4cMI5BMpcV2yvtaUPf76sb0rrtm9xzgg6z73P/e
QDGFURa+LNOplBnvYIA2OdxJdBnt/PGOjj/xuk6LLtKWB5thuzKzPbOlhPVSNJo4
bXFAaL1rT+IgOr0o+xCbG+V/PGBlsQu1bSQK4wFpvJyg1fwD2iXHWmucf1f2WDLP
ziMdN0lk4SA0GpQ36OL5QdKT5P5bKKCI0GcPbNsa1dAT1+tS4Q4z/7DfVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQudKQTuu6lR8zdXO0hGtZM8w+hMB8GA1UdIwQY
MBaAFAM2T87daRNXczzVzNcCnbjmHR46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEt
YWJmMGI1OTQ2NDZmLzEvWkM1MHBCTzY3cVZIek4xYzdTRWExa3p6RDZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEtYWJmMGI1OTQ2NDZm
LzEvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVScMA0G
CSqGSIb3DQEBCwUAA4IBAQAyMFED1Y7pLgUt7mT8LpI/c/z/IIDeCMD//MN8ze5J
OgbDg/Ceul+ISSgt4L5ir6z59cxMtPWRB8wjyf2Q3ymr94ItEsujUnTFmQr1DLkw
pnYJXH0FuKU39U6cAvc7lWcTWUZOySzg1INxREO52z5KiWzsR5xR/BAlXHPWx3j8
2lMjt+z3sk70LjlzCpCT6eI1e0uIDevZLCzQ+VQJQjRUPEKdUBbEl2idckJXTZLq
PHsQpmeYsjo/2Fd0sThrJsKVQQtQ+zUdwohIOhEo9TW0yhv4G5U8NgJxvAwFTdFZ
jxNjBnYMoCWoD56E0aAIf8TTG/aTmeQ+BxURffBJKcTV
-----END CERTIFICATE-----