This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zOKA7J7Idb84Liu1iKTUjPSRWPg.roa
File:                     zOKA7J7Idb84Liu1iKTUjPSRWPg.roa (raw, json)
Hash identifier:          nUIdBPbvvhQvXK5tc887xKX/fsH+TbqZkp41V9X60uc=
Subject key identifier:   CC:E2:80:EC:9E:C8:75:BF:38:2E:2B:B5:88:A4:D4:8C:F4:91:58:F8
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019B7F816F5BC322A68785FEA8EC148F1428
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zOKA7J7Idb84Liu1iKTUjPSRWPg.roa
Signing time:             Fri 02 Jan 2026 16:19:07 +0000
ROA not before:           Fri 02 Jan 2026 16:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        168.199.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:6f:5b:c3:22:a6:87:85:fe:a8:ec:14:8f:14:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 16:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cce280ec9ec875bf382e2bb588a4d48cf49158f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8f:ed:5f:db:8c:74:e0:39:ef:77:02:7c:87:
                    1d:95:4e:00:2b:ca:16:ca:11:bc:24:10:90:d6:8e:
                    04:80:d2:d8:2c:8c:14:d9:3b:ad:09:7d:c6:a6:b3:
                    aa:57:fd:93:1b:e7:5e:dc:c6:2e:b0:1f:7f:ae:7e:
                    d8:e9:23:d6:b6:86:e4:80:4f:6e:dd:4e:b0:d0:41:
                    a2:56:16:7e:1f:1c:11:3e:8b:40:4f:6a:f8:30:c5:
                    94:0a:5e:96:ca:c9:45:1c:fa:77:ed:9e:ed:e1:45:
                    17:da:f2:64:63:85:05:28:53:40:6b:c0:13:76:0d:
                    a9:20:3e:cc:83:16:88:47:dd:bb:41:6f:ec:78:14:
                    e4:8d:25:db:bb:2c:6c:f2:18:cf:0f:a1:9e:70:e1:
                    28:2c:df:07:4a:18:9e:b1:a9:48:1c:25:88:b9:70:
                    e7:96:ed:a4:45:c2:60:5a:b0:0b:6a:bc:fa:71:84:
                    c3:d3:93:89:9c:bb:c4:a3:85:e1:bf:c4:4b:bc:4b:
                    da:07:ff:ee:f4:48:ab:39:94:c6:a4:31:7e:04:05:
                    bc:ae:2e:a7:ae:5b:21:81:c3:c4:8c:c9:85:74:c6:
                    6a:01:36:bc:46:b9:93:1e:b7:58:c8:13:bc:44:36:
                    ae:3f:a7:d1:64:4c:d2:a0:45:e3:aa:17:dd:44:1a:
                    bf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E2:80:EC:9E:C8:75:BF:38:2E:2B:B5:88:A4:D4:8C:F4:91:58:F8
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zOKA7J7Idb84Liu1iKTUjPSRWPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:29:e5:6d:1d:18:e6:a7:99:c5:ff:4f:ec:e9:78:a2:4c:61:
         37:fb:38:60:b4:0c:1b:cf:f7:da:0d:17:e1:65:c0:f2:70:c8:
         9b:d8:c3:d7:c6:91:fc:28:1b:99:00:4f:1c:fb:bf:a0:1c:bc:
         7f:72:34:fb:1e:67:f2:13:52:4f:ea:65:4f:55:b6:b1:31:da:
         ce:87:e3:dc:83:db:18:30:30:43:41:73:d0:e1:03:43:50:80:
         c3:99:b6:fe:22:ef:7e:62:e8:ab:f9:86:45:f7:a8:ee:8b:92:
         4c:2e:ce:52:20:a9:9e:0c:35:bb:ce:fa:3f:22:4c:66:f5:43:
         65:e0:6c:b6:2f:9d:54:07:0b:f5:af:fe:d9:71:ce:22:65:86:
         73:8b:8a:2c:b2:45:50:59:15:47:6d:26:5a:62:99:3a:d0:ae:
         7b:06:9f:56:6b:87:0c:b8:95:14:23:3f:84:7a:a9:7d:17:e9:
         88:27:f7:91:b4:be:1c:dd:89:c4:81:60:13:f1:c6:73:bf:41:
         91:22:a8:51:f5:92:56:3f:99:57:2b:4a:b4:57:3b:e8:24:bb:
         5c:f6:ab:e9:4f:0e:69:60:b9:08:53:b8:e2:34:2d:b2:9c:6a:
         7e:d0:2a:39:2e:f5:74:46:2b:56:de:55:35:8a:4c:47:dd:d7:
         f2:3e:68:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gW9bwyKmh4X+qOwUjxQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwMTAyMTYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2UyODBlYzllYzg3NWJmMzgyZTJiYjU4OGE0ZDQ4Y2Y0OTE1OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY/tX9uMdOA573cCfIcdlU4AK8oW
yhG8JBCQ1o4EgNLYLIwU2TutCX3GprOqV/2TG+de3MYusB9/rn7Y6SPWtobkgE9u
3U6w0EGiVhZ+HxwRPotAT2r4MMWUCl6WyslFHPp37Z7t4UUX2vJkY4UFKFNAa8AT
dg2pID7MgxaIR927QW/seBTkjSXbuyxs8hjPD6GecOEoLN8HShiesalIHCWIuXDn
lu2kRcJgWrALarz6cYTD05OJnLvEo4Xhv8RLvEvaB//u9EirOZTGpDF+BAW8ri6n
rlshgcPEjMmFdMZqATa8RrmTHrdYyBO8RDauP6fRZEzSoEXjqhfdRBq/DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzigOyeyHW/OC4rtYik1Iz0kVj4MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvek9LQTdKN0lkYjg0TGl1MWlLVFVqUFNSV1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqMcTMA0G
CSqGSIb3DQEBCwUAA4IBAQAFKeVtHRjmp5nF/0/s6XiiTGE3+zhgtAwbz/faDRfh
ZcDycMib2MPXxpH8KBuZAE8c+7+gHLx/cjT7HmfyE1JP6mVPVbaxMdrOh+Pcg9sY
MDBDQXPQ4QNDUIDDmbb+Iu9+Yuir+YZF96jui5JMLs5SIKmeDDW7zvo/Ikxm9UNl
4Gy2L51UBwv1r/7Zcc4iZYZzi4osskVQWRVHbSZaYpk60K57Bp9Wa4cMuJUUIz+E
eql9F+mIJ/eRtL4c3YnEgWAT8cZzv0GRIqhR9ZJWP5lXK0q0VzvoJLtc9qvpTw5p
YLkIU7jiNC2ynGp+0Co5LvV0RitW3lU1ikxH3dfyPmiw
-----END CERTIFICATE-----