This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/CZ_vg2yMDqKVCYRK8Qle7EmywbM.roa
File:                     CZ_vg2yMDqKVCYRK8Qle7EmywbM.roa (raw, json)
Hash identifier:          I6MzdrErUPSCD0sk16myqhgh6+H1xFM8zE2Mja1DH0A=
Subject key identifier:   09:9F:EF:83:6C:8C:0E:A2:95:09:84:4A:F1:09:5E:EC:49:B2:C1:B3
Certificate issuer:       /CN=7da49a9aef2184ec0bb6ef0fde901c5b2841ba64
Certificate serial:       019B7F85144484E658E27AC83A41A0AB4EB9
Authority key identifier: 7D:A4:9A:9A:EF:21:84:EC:0B:B6:EF:0F:DE:90:1C:5B:28:41:BA:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/CZ_vg2yMDqKVCYRK8Qle7EmywbM.roa
Signing time:             Fri 02 Jan 2026 16:23:06 +0000
ROA not before:           Fri 02 Jan 2026 16:23:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206771
IP address blocks:        185.171.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:14:44:84:e6:58:e2:7a:c8:3a:41:a0:ab:4e:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da49a9aef2184ec0bb6ef0fde901c5b2841ba64
        Validity
            Not Before: Jan  2 16:23:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=099fef836c8c0ea29509844af1095eec49b2c1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:a6:4c:1c:01:c2:a7:cf:e7:11:54:a7:54:1c:
                    fe:a2:b3:70:44:a8:59:7e:57:4b:45:21:c1:3d:21:
                    cd:1e:ff:02:da:13:56:1e:de:bf:88:94:7f:3a:1a:
                    a3:53:57:99:0b:8e:07:0a:b2:19:9c:1a:26:63:4b:
                    a1:d0:57:d6:81:4a:a5:8f:fa:97:18:6a:bf:b5:a3:
                    37:75:cb:61:aa:a4:55:ef:24:38:62:37:16:b9:d8:
                    f4:b1:6e:f9:ff:90:6c:4b:76:d0:05:fb:bb:e0:da:
                    07:1e:7e:dd:2b:bb:16:1c:ee:3e:e6:77:4c:db:e6:
                    d5:53:cf:be:79:db:63:77:86:71:e9:a1:72:c8:ba:
                    ce:d7:14:39:89:15:f0:e0:62:a1:2d:78:56:46:15:
                    59:ae:5a:df:d5:eb:e8:a5:39:03:9c:46:ef:9c:8a:
                    21:76:cd:e4:ff:4a:d3:9f:31:c9:5f:18:78:c1:c1:
                    b7:98:b0:f0:db:86:e2:e1:86:bd:c0:29:e4:27:4f:
                    48:d1:a8:b3:6b:04:36:0d:30:0e:78:fb:18:20:15:
                    12:4e:dd:06:c9:e5:c8:fb:79:4b:7e:b5:2b:41:b6:
                    32:0d:48:bd:c4:6a:9d:e4:31:c1:32:ed:19:50:41:
                    d0:f6:c5:d1:a9:b8:68:a4:0d:0b:e2:f8:24:35:8f:
                    b6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:9F:EF:83:6C:8C:0E:A2:95:09:84:4A:F1:09:5E:EC:49:B2:C1:B3
            X509v3 Authority Key Identifier:
                keyid:7D:A4:9A:9A:EF:21:84:EC:0B:B6:EF:0F:DE:90:1C:5B:28:41:BA:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/CZ_vg2yMDqKVCYRK8Qle7EmywbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:1f:8d:0e:56:03:aa:02:e2:1c:82:92:55:5b:49:fd:5a:e6:
         74:c3:49:0d:c0:25:91:c0:b0:20:be:8b:3f:00:cc:9e:dd:e3:
         db:30:49:95:5e:3f:bd:8d:b2:f2:66:65:27:f0:6f:be:1e:e9:
         0d:f8:ac:6e:9e:db:f8:62:8f:c7:83:a6:fb:ca:bf:a7:2c:84:
         b7:f9:28:96:5c:03:64:ac:c2:d6:2c:35:87:be:fc:98:a2:02:
         e0:5a:38:c1:48:4f:69:a5:0f:f6:cc:c2:e8:1f:f2:65:86:7d:
         42:da:c9:ed:39:bb:7a:35:89:03:0d:ba:7c:91:71:f1:d9:40:
         70:84:2c:26:6b:9e:44:9f:11:18:a7:ad:a7:91:0c:20:91:5f:
         2b:01:42:1b:0b:8a:84:49:1b:f4:54:b5:d6:f0:1f:98:1c:5b:
         d4:eb:91:63:3c:18:61:e6:de:5f:0d:7b:2b:7a:c2:99:41:c0:
         27:60:ab:83:2a:b7:8b:2d:88:c8:80:6c:19:6f:a9:32:dd:f1:
         ff:84:d6:47:69:72:81:36:b2:44:9e:5d:86:c7:72:c5:44:fa:
         c0:e4:80:05:b7:15:91:6d:a9:b2:61:e2:80:1c:61:e4:87:bf:
         f9:c8:70:28:d6:76:d4:d6:41:a6:70:1a:5f:c6:d6:40:4d:e4:
         46:f0:dd:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hRREhOZY4nrIOkGgq065MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTQ5YTlhZWYyMTg0ZWMwYmI2ZWYwZmRlOTAxYzViMjg0
MWJhNjQwHhcNMjYwMTAyMTYyMzA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTlmZWY4MzZjOGMwZWEyOTUwOTg0NGFmMTA5NWVlYzQ5YjJjMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9aZMHAHCp8/nEVSnVBz+orNwRKhZ
fldLRSHBPSHNHv8C2hNWHt6/iJR/OhqjU1eZC44HCrIZnBomY0uh0FfWgUqlj/qX
GGq/taM3dcthqqRV7yQ4YjcWudj0sW75/5BsS3bQBfu74NoHHn7dK7sWHO4+5ndM
2+bVU8++edtjd4Zx6aFyyLrO1xQ5iRXw4GKhLXhWRhVZrlrf1evopTkDnEbvnIoh
ds3k/0rTnzHJXxh4wcG3mLDw24bi4Ya9wCnkJ09I0aizawQ2DTAOePsYIBUSTt0G
yeXI+3lLfrUrQbYyDUi9xGqd5DHBMu0ZUEHQ9sXRqbhopA0L4vgkNY+25QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmf74NsjA6ilQmESvEJXuxJssGzMB8GA1UdIwQY
MBaAFH2kmprvIYTsC7bvD96QHFsoQbpkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFTYW11OGhoT3dMdHU4UDNwQWNXeWhCdW1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mZjA3NDItNzMxMy00ZTk0LTk2MTgt
NjNhMWNlMzMzMDdmLzEvQ1pfdmcyeU1EcUtWQ1lSSzhRbGU3RW15d2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mZjA3NDItNzMxMy00ZTk0LTk2MTgtNjNhMWNlMzMzMDdm
LzEvZmFTYW11OGhoT3dMdHU4UDNwQWNXeWhCdW1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuat0MA0G
CSqGSIb3DQEBCwUAA4IBAQAlH40OVgOqAuIcgpJVW0n9WuZ0w0kNwCWRwLAgvos/
AMye3ePbMEmVXj+9jbLyZmUn8G++HukN+Kxuntv4Yo/Hg6b7yr+nLIS3+SiWXANk
rMLWLDWHvvyYogLgWjjBSE9ppQ/2zMLoH/Jlhn1C2sntObt6NYkDDbp8kXHx2UBw
hCwma55EnxEYp62nkQwgkV8rAUIbC4qESRv0VLXW8B+YHFvU65FjPBhh5t5fDXsr
esKZQcAnYKuDKreLLYjIgGwZb6ky3fH/hNZHaXKBNrJEnl2Gx3LFRPrA5IAFtxWR
bamyYeKAHGHkh7/5yHAo1nbU1kGmcBpfxtZATeRG8N2P
-----END CERTIFICATE-----