This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/zS1zUonEO-G6AM1cws_9_ZwZdJI.roa
File:                     zS1zUonEO-G6AM1cws_9_ZwZdJI.roa (raw, json)
Hash identifier:          NMcUU3mBJ1QzroUYREZhHCEZESdeRv4hJC0eLlS6EkU=
Subject key identifier:   CD:2D:73:52:89:C4:3B:E1:BA:00:CD:5C:C2:CF:FD:FD:9C:19:74:92
Certificate issuer:       /CN=329dbb46a4eb7645d994a0e4b984fcdac204a484
Certificate serial:       019B7C7F6CC53CB0ED8929AE272ACF57D35A
Authority key identifier: 32:9D:BB:46:A4:EB:76:45:D9:94:A0:E4:B9:84:FC:DA:C2:04:A4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/zS1zUonEO-G6AM1cws_9_ZwZdJI.roa
Signing time:             Fri 02 Jan 2026 02:18:04 +0000
ROA not before:           Fri 02 Jan 2026 02:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210177
IP address blocks:        194.62.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:6c:c5:3c:b0:ed:89:29:ae:27:2a:cf:57:d3:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=329dbb46a4eb7645d994a0e4b984fcdac204a484
        Validity
            Not Before: Jan  2 02:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd2d735289c43be1ba00cd5cc2cffdfd9c197492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c7:60:71:5f:9a:15:0e:62:8a:03:2e:a9:39:
                    2c:92:a3:9d:de:b4:e4:22:82:0a:bb:c7:88:84:0a:
                    ed:c8:28:be:90:57:83:d1:36:1d:c6:e1:cf:f8:6e:
                    28:d9:db:43:cf:a2:47:d6:a6:f3:cd:6a:9c:ec:c3:
                    18:b2:80:90:97:6f:f2:09:6b:1e:c8:54:dd:3f:04:
                    65:1e:7b:dd:fb:eb:f7:5f:ff:6b:ae:3c:b5:58:c1:
                    a6:1e:e3:8d:6b:06:ea:06:d1:70:ee:7f:99:47:40:
                    c7:5d:ba:2d:98:5a:37:84:a4:92:3f:80:f2:2e:12:
                    41:fd:78:24:07:8f:cb:fa:e6:c3:9f:cf:8c:4c:4f:
                    48:49:cc:68:7a:89:d4:4f:3d:dd:06:90:cc:d0:3e:
                    60:50:67:57:5c:87:cc:24:b9:1b:bf:3c:ba:70:f2:
                    3a:8b:b6:91:6b:a4:da:57:ab:52:ac:58:af:a4:82:
                    fe:39:f2:12:e1:e7:42:5f:0a:d2:f5:48:c5:8b:d2:
                    60:b4:ac:0d:b0:cd:23:b7:80:ff:e7:6f:9d:da:80:
                    5b:f6:eb:50:6d:cd:eb:a6:b3:a2:bb:7f:aa:64:49:
                    ef:46:12:b9:76:4b:59:b2:5e:75:bf:4c:e4:cf:da:
                    fe:c6:a3:35:b8:f3:fe:26:00:22:10:c7:8e:14:89:
                    88:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2D:73:52:89:C4:3B:E1:BA:00:CD:5C:C2:CF:FD:FD:9C:19:74:92
            X509v3 Authority Key Identifier:
                keyid:32:9D:BB:46:A4:EB:76:45:D9:94:A0:E4:B9:84:FC:DA:C2:04:A4:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/zS1zUonEO-G6AM1cws_9_ZwZdJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:6e:28:b5:f4:6c:54:d2:cc:8e:98:0f:b5:f0:32:97:43:8e:
         8a:3d:f1:51:8b:87:9e:ce:fe:20:20:18:4a:38:9b:a3:2a:dc:
         90:2d:6f:6e:f3:1e:81:d4:62:39:40:11:80:8a:b8:63:36:8a:
         f9:aa:e1:b6:c3:5b:4d:7a:21:b5:1b:09:e1:cf:47:b0:62:fb:
         b9:27:fb:11:9b:45:0f:f0:6e:b9:bc:d2:60:8f:0a:5f:7f:cc:
         28:9f:31:81:44:dd:fe:c2:37:78:e4:1e:1a:86:93:c4:14:e2:
         6d:ca:44:63:fd:ac:16:a4:33:61:81:75:06:6b:14:90:7c:d1:
         66:cb:30:5b:cf:a0:66:b0:a0:1f:3d:8c:6b:6f:3b:4b:03:31:
         b4:68:08:ca:4a:f1:d7:f7:c1:b8:3b:61:4f:c1:66:41:96:ec:
         ba:98:f5:68:71:26:7f:44:0f:48:2d:83:be:b4:46:a9:bb:ac:
         6d:22:2e:74:32:85:bf:7e:ff:ce:a9:dd:7e:21:e8:aa:33:12:
         47:d2:a1:32:53:8e:f4:98:29:3a:3d:27:28:4e:86:b5:2d:5b:
         17:ed:be:3f:84:63:62:98:0b:4b:81:b7:25:1b:be:b3:df:79:
         98:0f:19:d0:0a:72:79:8a:37:77:2c:e2:35:db:7c:ef:b4:3c:
         5e:03:50:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f2zFPLDtiSmuJyrPV9NaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyOWRiYjQ2YTRlYjc2NDVkOTk0YTBlNGI5ODRmY2RhYzIw
NGE0ODQwHhcNMjYwMTAyMDIxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJkNzM1Mjg5YzQzYmUxYmEwMGNkNWNjMmNmZmRmZDljMTk3NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sdgcV+aFQ5iigMuqTkskqOd3rTk
IoIKu8eIhArtyCi+kFeD0TYdxuHP+G4o2dtDz6JH1qbzzWqc7MMYsoCQl2/yCWse
yFTdPwRlHnvd++v3X/9rrjy1WMGmHuONawbqBtFw7n+ZR0DHXbotmFo3hKSSP4Dy
LhJB/XgkB4/L+ubDn8+MTE9IScxoeonUTz3dBpDM0D5gUGdXXIfMJLkbvzy6cPI6
i7aRa6TaV6tSrFivpIL+OfIS4edCXwrS9UjFi9JgtKwNsM0jt4D/52+d2oBb9utQ
bc3rprOiu3+qZEnvRhK5dktZsl51v0zkz9r+xqM1uPP+JgAiEMeOFImI9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0tc1KJxDvhugDNXMLP/f2cGXSSMB8GA1UdIwQY
MBaAFDKdu0ak63ZF2ZSg5LmE/NrCBKSEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXAyN1JxVHJka1habEtEa3VZVDgyc0lFcElRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mMTcxYmUtOTY1My00MWQ4LWEzNDQt
ZmVjMTVhYjg0MTM1LzEvelMxelVvbkVPLUc2QU0xY3dzXzlfWndaZEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mMTcxYmUtOTY1My00MWQ4LWEzNDQtZmVjMTVhYjg0MTM1
LzEvTXAyN1JxVHJka1habEtEa3VZVDgyc0lFcElRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj6IMA0G
CSqGSIb3DQEBCwUAA4IBAQAvbii19GxU0syOmA+18DKXQ46KPfFRi4eezv4gIBhK
OJujKtyQLW9u8x6B1GI5QBGAirhjNor5quG2w1tNeiG1Gwnhz0ewYvu5J/sRm0UP
8G65vNJgjwpff8wonzGBRN3+wjd45B4ahpPEFOJtykRj/awWpDNhgXUGaxSQfNFm
yzBbz6BmsKAfPYxrbztLAzG0aAjKSvHX98G4O2FPwWZBluy6mPVocSZ/RA9ILYO+
tEapu6xtIi50MoW/fv/Oqd1+IeiqMxJH0qEyU470mCk6PScoToa1LVsX7b4/hGNi
mAtLgbclG76z33mYDxnQCnJ5ijd3LOI123zvtDxeA1Bc
-----END CERTIFICATE-----