This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ZAnijWxoJ_XaXw6qLrelIFm9JdQ.roa
File:                     ZAnijWxoJ_XaXw6qLrelIFm9JdQ.roa (raw, json)
Hash identifier:          nBPCD+P8AtHwZvVmqpZjmDzPNG8dJ4f+i0dszvNJD08=
Subject key identifier:   64:09:E2:8D:6C:68:27:F5:DA:5F:0E:AA:2E:B7:A5:20:59:BD:25:D4
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019B7F816DC6197B22A449D95C5534BF8778
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ZAnijWxoJ_XaXw6qLrelIFm9JdQ.roa
Signing time:             Fri 02 Jan 2026 16:19:07 +0000
ROA not before:           Fri 02 Jan 2026 16:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1239
IP address blocks:        185.170.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:6d:c6:19:7b:22:a4:49:d9:5c:55:34:bf:87:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 16:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6409e28d6c6827f5da5f0eaa2eb7a52059bd25d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:31:58:0d:6a:fe:38:cb:5e:77:49:0d:2c:8a:
                    86:4f:94:54:1b:0f:15:57:f4:a4:1a:e7:6d:44:0f:
                    a9:0b:08:5c:1a:3a:c0:40:5d:2d:59:32:97:a3:df:
                    82:4c:08:90:cf:d2:86:06:08:e6:90:69:25:d5:87:
                    48:e5:56:b9:55:b3:66:50:df:81:58:d2:c5:69:41:
                    5c:b7:19:fb:8d:38:07:76:c4:1f:76:5b:0b:f3:6a:
                    25:4d:af:d6:bf:01:7c:7b:a2:7c:db:07:b9:1f:40:
                    7a:b4:27:2e:73:18:fe:96:24:20:7b:17:1e:3b:86:
                    d0:9e:36:5f:97:a6:3b:0a:c5:f3:3c:6c:aa:44:4c:
                    6b:54:ef:28:d0:45:04:a8:e4:21:bb:7f:3d:ff:5b:
                    42:5e:3e:ca:25:47:88:09:29:58:7a:63:44:04:3c:
                    77:aa:ca:cb:95:fe:5d:96:03:31:92:1c:2e:69:f5:
                    54:43:97:ca:fc:6a:00:a7:65:61:cd:f9:10:40:c8:
                    3a:a7:61:33:4d:90:a3:9c:69:bc:4a:b3:8c:f1:8e:
                    cf:85:8b:17:d7:54:f6:b0:ab:a3:d9:e5:c9:31:4c:
                    f8:11:d4:63:ad:5a:00:5f:4c:c0:63:e5:7a:7c:fb:
                    32:a5:c7:4c:4e:74:17:4a:f9:1b:14:8a:b0:58:41:
                    3f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:09:E2:8D:6C:68:27:F5:DA:5F:0E:AA:2E:B7:A5:20:59:BD:25:D4
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ZAnijWxoJ_XaXw6qLrelIFm9JdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:67:b9:42:13:06:3c:cd:f9:71:b8:67:4a:ab:cd:f3:7e:6b:
         d6:7c:8f:73:da:00:ce:3f:d6:4d:e7:97:a7:20:f4:3e:f1:9f:
         86:e1:99:c4:cf:f1:f7:aa:d6:6b:2e:3d:a7:03:60:62:dc:20:
         db:a6:a9:73:e9:a2:3d:d0:93:00:5e:d2:15:8f:c9:67:22:b2:
         27:8c:f8:22:1b:50:e3:d8:d3:18:22:8d:9e:e6:36:e6:22:8c:
         88:d0:6b:45:80:28:ea:be:b1:94:5c:8b:7b:87:90:ed:f6:a9:
         06:70:53:0f:76:e1:af:2c:21:1e:89:79:bb:36:4c:0c:b7:42:
         cf:d2:15:33:75:69:ab:1c:98:4a:9a:5e:76:f4:3b:fe:cc:b7:
         92:dc:7a:42:3e:a8:d5:31:5d:02:df:26:06:89:38:3d:e8:d4:
         9b:65:71:14:b0:ee:76:78:23:34:70:38:ae:a8:9d:85:38:c3:
         fa:15:32:2a:9e:59:1f:a8:51:9b:b6:ac:9e:7d:fe:9a:20:66:
         19:5b:11:6d:cd:a0:8b:50:c6:e0:3e:2d:ee:79:73:e8:4d:67:
         35:ef:6d:06:db:47:8b:da:39:cf:d2:23:0f:93:5b:77:b3:e1:
         d8:92:a5:03:7c:97:85:f5:89:de:38:f0:3f:64:91:8e:d9:ad:
         b8:ab:ad:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gW3GGXsipEnZXFU0v4d4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwMTAyMTYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA5ZTI4ZDZjNjgyN2Y1ZGE1ZjBlYWEyZWI3YTUyMDU5YmQyNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjFYDWr+OMted0kNLIqGT5RUGw8V
V/SkGudtRA+pCwhcGjrAQF0tWTKXo9+CTAiQz9KGBgjmkGkl1YdI5Va5VbNmUN+B
WNLFaUFctxn7jTgHdsQfdlsL82olTa/WvwF8e6J82we5H0B6tCcucxj+liQgexce
O4bQnjZfl6Y7CsXzPGyqRExrVO8o0EUEqOQhu389/1tCXj7KJUeICSlYemNEBDx3
qsrLlf5dlgMxkhwuafVUQ5fK/GoAp2VhzfkQQMg6p2EzTZCjnGm8SrOM8Y7PhYsX
11T2sKuj2eXJMUz4EdRjrVoAX0zAY+V6fPsypcdMTnQXSvkbFIqwWEE/TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQJ4o1saCf12l8Oqi63pSBZvSXUMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvWkFuaWpXeG9KX1hhWHc2cUxyZWxJRm05SmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuapEMA0G
CSqGSIb3DQEBCwUAA4IBAQAoZ7lCEwY8zflxuGdKq83zfmvWfI9z2gDOP9ZN55en
IPQ+8Z+G4ZnEz/H3qtZrLj2nA2Bi3CDbpqlz6aI90JMAXtIVj8lnIrInjPgiG1Dj
2NMYIo2e5jbmIoyI0GtFgCjqvrGUXIt7h5Dt9qkGcFMPduGvLCEeiXm7NkwMt0LP
0hUzdWmrHJhKml529Dv+zLeS3HpCPqjVMV0C3yYGiTg96NSbZXEUsO52eCM0cDiu
qJ2FOMP6FTIqnlkfqFGbtqyeff6aIGYZWxFtzaCLUMbgPi3ueXPoTWc1720G20eL
2jnP0iMPk1t3s+HYkqUDfJeF9YneOPA/ZJGO2a24q60A
-----END CERTIFICATE-----