This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjWBGeTwX-Om-fK3l185gF5EFVQ.roa
File:                     zjWBGeTwX-Om-fK3l185gF5EFVQ.roa (raw, json)
Hash identifier:          POwGkoXUzP+9kWmKfV4bOrQTKXajln2VTc/tq9lYiw4=
Subject key identifier:   CE:35:81:19:E4:F0:5F:E3:A6:F9:F2:B7:97:5F:39:80:5E:44:15:54
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB1894087D5D4CFE4747FC0EF879FC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjWBGeTwX-Om-fK3l185gF5EFVQ.roa
Signing time:             Fri 02 Jan 2026 08:20:20 +0000
ROA not before:           Fri 02 Jan 2026 08:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15143
IP address blocks:        151.242.224.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:18:94:08:7d:5d:4c:fe:47:47:fc:0e:f8:79:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce358119e4f05fe3a6f9f2b7975f39805e441554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:27:be:ef:f0:ab:04:09:65:a4:8e:46:f6:ba:
                    37:4e:7d:0b:4a:ea:f0:e1:c3:98:8f:c0:70:ae:b1:
                    7f:40:44:d9:86:bc:5c:9d:11:3f:4c:1a:27:25:bc:
                    c1:49:81:8e:78:3e:d5:e7:0c:c3:fd:f0:84:a4:6f:
                    3a:8e:0e:ea:6e:8e:b9:a2:04:30:2a:4e:f5:0f:3b:
                    aa:98:cd:f1:a8:c2:6f:3b:b3:40:7a:98:f0:2a:8a:
                    c5:b2:5b:4d:17:aa:79:db:26:ff:24:a3:a3:fd:9a:
                    87:6e:c4:ec:71:eb:eb:ad:1a:f4:1d:b3:23:b2:7d:
                    00:3e:a7:38:24:b5:12:a6:38:f3:a6:46:03:b7:4d:
                    18:90:26:78:51:d1:e1:ee:c5:73:8b:59:80:fa:81:
                    40:0a:4c:32:ad:54:2e:23:cf:d0:ae:cf:7c:96:ed:
                    63:52:d8:84:5b:cc:54:26:15:20:ab:6b:0e:fd:d1:
                    94:1a:f6:f0:af:1c:cc:70:36:3b:2f:be:2f:7d:7d:
                    e0:03:70:3f:d2:59:60:42:41:46:0b:08:a2:10:e3:
                    16:52:fc:a3:19:7e:4a:f3:bc:bf:eb:5f:d4:36:88:
                    77:71:ed:e9:96:28:63:64:83:97:f9:02:b9:46:c3:
                    f7:4e:5f:4c:62:a5:a1:62:f2:d9:f1:76:44:57:47:
                    c5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:35:81:19:E4:F0:5F:E3:A6:F9:F2:B7:97:5F:39:80:5E:44:15:54
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjWBGeTwX-Om-fK3l185gF5EFVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:9f:85:1f:b5:a1:96:f8:3d:1b:c7:f8:9b:27:6c:ae:d4:a4:
         7a:35:9a:8f:23:c5:5c:7b:70:29:6a:09:9e:ce:02:1f:a7:c5:
         c4:9b:02:0f:2a:f4:7d:34:21:62:9e:3d:35:98:e4:0c:4c:7e:
         9e:13:5e:0d:13:1c:d2:51:9e:47:00:e0:a6:f0:d1:b7:be:7c:
         0a:c2:35:f3:dd:9e:21:ee:8d:69:4a:24:c2:5e:a5:02:f6:72:
         fd:36:77:ca:2c:b0:d6:ef:e0:64:d2:b3:5a:3e:c3:ca:ed:de:
         c9:5f:bc:41:0e:44:1b:30:c2:d7:e0:56:81:32:8b:1e:5b:2a:
         8f:df:2b:04:54:8e:77:4b:ee:4f:7e:5d:fc:fe:81:9d:91:54:
         1c:ca:77:e9:7f:07:b4:dd:57:cb:8d:3a:0e:01:3e:02:8b:4d:
         21:f8:3b:81:98:01:3e:eb:fb:d2:8d:6c:f3:e8:6c:59:29:fa:
         bf:83:08:40:61:63:7e:f2:6f:cf:e8:8d:18:93:6a:2e:1b:69:
         20:84:b5:cd:c3:ea:c3:b0:70:6d:eb:41:46:af:c2:14:6d:cd:
         40:a8:5c:ab:0d:22:06:5d:ab:ad:51:1b:4b:87:5e:54:f7:b6:
         12:80:e5:d6:98:f5:b5:61:c6:48:4e:3b:e2:31:a3:d2:f5:03:
         fc:f9:f3:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yxiUCH1dTP5HR/wO+Hn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTM1ODExOWU0ZjA1ZmUzYTZmOWYyYjc5NzVmMzk4MDVlNDQxNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCe+7/CrBAllpI5G9ro3Tn0LSurw
4cOYj8BwrrF/QETZhrxcnRE/TBonJbzBSYGOeD7V5wzD/fCEpG86jg7qbo65ogQw
Kk71DzuqmM3xqMJvO7NAepjwKorFsltNF6p52yb/JKOj/ZqHbsTscevrrRr0HbMj
sn0APqc4JLUSpjjzpkYDt00YkCZ4UdHh7sVzi1mA+oFACkwyrVQuI8/Qrs98lu1j
UtiEW8xUJhUgq2sO/dGUGvbwrxzMcDY7L74vfX3gA3A/0llgQkFGCwiiEOMWUvyj
GX5K87y/61/UNoh3ce3plihjZIOX+QK5RsP3Tl9MYqWhYvLZ8XZEV0fF9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM41gRnk8F/jpvnyt5dfOYBeRBVUMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvempXQkdlVHdYLU9tLWZLM2wxODVnRjVFRlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/LgMA0G
CSqGSIb3DQEBCwUAA4IBAQCln4UftaGW+D0bx/ibJ2yu1KR6NZqPI8Vce3Apagme
zgIfp8XEmwIPKvR9NCFinj01mOQMTH6eE14NExzSUZ5HAOCm8NG3vnwKwjXz3Z4h
7o1pSiTCXqUC9nL9NnfKLLDW7+Bk0rNaPsPK7d7JX7xBDkQbMMLX4FaBMoseWyqP
3ysEVI53S+5Pfl38/oGdkVQcynfpfwe03VfLjToOAT4Ci00h+DuBmAE+6/vSjWzz
6GxZKfq/gwhAYWN+8m/P6I0Yk2ouG2kghLXNw+rDsHBt60FGr8IUbc1AqFyrDSIG
XautURtLh15U97YSgOXWmPW1YcZITjviMaPS9QP8+fOK
-----END CERTIFICATE-----