This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/dZjxO1t1y7iTrJ-KRqPRE_p1jMA.roa
File:                     dZjxO1t1y7iTrJ-KRqPRE_p1jMA.roa (raw, json)
Hash identifier:          B1GSi5keg2Ocppx2D4kG/XL7mz409lb5KLKl79R0HCE=
Subject key identifier:   75:98:F1:3B:5B:75:CB:B8:93:AC:9F:8A:46:A3:D1:13:FA:75:8C:C0
Certificate issuer:       /CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
Certificate serial:       019B7EA755FDA5068F9CE2D611FCEA13DB6A
Authority key identifier: CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/dZjxO1t1y7iTrJ-KRqPRE_p1jMA.roa
Signing time:             Fri 02 Jan 2026 12:20:54 +0000
ROA not before:           Fri 02 Jan 2026 12:20:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        134.106.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:55:fd:a5:06:8f:9c:e2:d6:11:fc:ea:13:db:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
        Validity
            Not Before: Jan  2 12:20:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7598f13b5b75cbb893ac9f8a46a3d113fa758cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9a:4b:78:06:fe:6d:7f:e2:62:5c:92:db:6b:
                    d1:93:d4:c8:1a:65:f3:28:9e:df:b9:ff:01:64:0c:
                    35:31:80:42:09:8c:e1:84:73:78:9e:50:e8:a0:3f:
                    78:34:f4:03:e2:30:9e:81:31:22:8e:3f:f7:d0:b3:
                    f5:73:96:a7:99:c5:51:0b:3f:9e:2d:68:9f:70:be:
                    97:30:f8:8b:cf:2b:3f:d4:a2:61:8d:6b:d4:58:88:
                    d1:b0:2e:24:23:e6:40:70:7b:4b:60:2d:53:35:26:
                    08:e4:05:4d:f7:d0:e6:83:52:f2:aa:b0:8a:2e:14:
                    3d:0d:51:9c:b3:e2:02:81:51:84:56:85:c0:fa:b4:
                    08:a9:03:1a:67:33:5a:c2:d8:39:cb:73:23:6b:01:
                    74:bb:65:e3:9f:76:9a:5f:3a:f7:3b:2b:42:03:e8:
                    ec:39:26:55:e6:23:55:df:3a:68:ac:79:27:25:b1:
                    ee:44:05:f5:43:29:5e:d6:5f:37:8e:95:c6:a6:ec:
                    9e:8d:23:87:a3:c8:f4:b4:04:1e:0e:3d:dc:ae:1f:
                    ea:47:c0:1a:de:40:5f:93:3d:e9:c3:bc:38:5a:3e:
                    c4:e5:f1:59:c7:2a:79:ee:34:ef:22:9e:03:13:47:
                    16:8c:27:2d:ed:21:65:50:cf:8d:24:7d:95:d2:24:
                    da:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:98:F1:3B:5B:75:CB:B8:93:AC:9F:8A:46:A3:D1:13:FA:75:8C:C0
            X509v3 Authority Key Identifier:
                keyid:CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/dZjxO1t1y7iTrJ-KRqPRE_p1jMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.106.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:9b:1b:19:c3:f8:07:99:20:51:c7:e2:d2:a3:25:22:1f:7f:
         53:51:d2:2a:00:09:30:03:a8:4f:47:97:99:1e:3c:23:28:78:
         57:b6:a9:b2:b1:b2:cd:27:46:4e:ff:ec:74:87:4a:be:cc:0c:
         21:11:03:f3:ed:df:44:1d:de:da:e2:d9:39:fe:d8:04:a2:8f:
         9e:20:09:22:8d:ba:f8:77:d7:ca:83:62:b2:a6:f6:a8:19:e9:
         ba:18:e0:cd:ef:bb:15:8b:db:c5:d6:30:1a:ee:c4:ac:1c:91:
         fa:2c:63:6b:2d:11:61:d6:63:f4:90:2d:74:04:83:f8:3d:99:
         96:a8:5c:f5:11:82:81:a5:38:23:9b:73:3d:02:34:08:69:14:
         6c:fa:8a:c5:38:0b:1c:0c:79:79:46:67:04:4e:0c:ac:39:27:
         a1:a1:91:f1:6f:ef:3b:80:a6:7f:e0:cd:38:0b:b2:d2:4c:11:
         3a:55:bb:ef:0f:75:02:30:f0:05:96:a8:cc:d7:d5:2e:1d:3b:
         c2:37:2a:a5:9a:7d:55:d7:34:f2:da:41:42:2d:11:c8:39:02:
         bc:18:16:af:77:91:e8:ef:09:ee:87:01:77:08:71:69:1c:5e:
         24:d5:18:1a:25:a9:e9:3a:ee:7c:63:fe:57:8a:ff:96:ec:fa:
         e9:cd:c6:e9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt+p1X9pQaPnOLWEfzqE9tqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjU5MjkzNjFlMWQwZGUxNjBiODcxZjI5YmRkNWE0MDQw
Y2ExMTEwHhcNMjYwMTAyMTIyMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTk4ZjEzYjViNzVjYmI4OTNhYzlmOGE0NmEzZDExM2ZhNzU4Y2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5pLeAb+bX/iYlyS22vRk9TIGmXz
KJ7fuf8BZAw1MYBCCYzhhHN4nlDooD94NPQD4jCegTEijj/30LP1c5anmcVRCz+e
LWifcL6XMPiLzys/1KJhjWvUWIjRsC4kI+ZAcHtLYC1TNSYI5AVN99Dmg1LyqrCK
LhQ9DVGcs+ICgVGEVoXA+rQIqQMaZzNawtg5y3MjawF0u2Xjn3aaXzr3OytCA+js
OSZV5iNV3zporHknJbHuRAX1Qyle1l83jpXGpuyejSOHo8j0tAQeDj3crh/qR8Aa
3kBfkz3pw7w4Wj7E5fFZxyp57jTvIp4DE0cWjCct7SFlUM+NJH2V0iTaAwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHWY8Ttbdcu4k6yfikaj0RP6dYzAMB8GA1UdIwQY
MBaAFM61kpNh4dDeFguHHym91aQEDKERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQt
ZjYxNmYwMDk0YjE0LzEvZFpqeE8xdDF5N2lUckotS1JxUFJFX3Axak1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQtZjYxNmYwMDk0YjE0
LzEvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmowDQYJ
KoZIhvcNAQELBQADggEBAC6bGxnD+AeZIFHH4tKjJSIff1NR0ioACTADqE9Hl5ke
PCMoeFe2qbKxss0nRk7/7HSHSr7MDCERA/Pt30Qd3tri2Tn+2ASij54gCSKNuvh3
18qDYrKm9qgZ6boY4M3vuxWL28XWMBruxKwckfosY2stEWHWY/SQLXQEg/g9mZao
XPURgoGlOCObcz0CNAhpFGz6isU4CxwMeXlGZwRODKw5J6GhkfFv7zuApn/gzTgL
stJMETpVu+8PdQIw8AWWqMzX1S4dO8I3KqWafVXXNPLaQUItEcg5ArwYFq93kejv
Ce6HAXcIcWkcXiTVGBolqek67nxj/leK/5bs+unNxuk=
-----END CERTIFICATE-----