This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nzTl8UF3p7e9FvS0wb6zPjc4FHQ.roa
File:                     nzTl8UF3p7e9FvS0wb6zPjc4FHQ.roa (raw, json)
Hash identifier:          gedwjVpwIHP4TjyyTazQknsPogKpR2m/8Qa6aAsv0F4=
Subject key identifier:   9F:34:E5:F1:41:77:A7:B7:BD:16:F4:B4:C1:BE:B3:3E:37:38:14:74
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       019B7E3897C5B736C1B3AAAAE901615AC243
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nzTl8UF3p7e9FvS0wb6zPjc4FHQ.roa
Signing time:             Fri 02 Jan 2026 10:19:56 +0000
ROA not before:           Fri 02 Jan 2026 10:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47518
IP address blocks:        83.133.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Feb 2026 12:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:97:c5:b7:36:c1:b3:aa:aa:e9:01:61:5a:c2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  2 10:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f34e5f14177a7b7bd16f4b4c1beb33e37381474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:48:56:c8:5c:ee:5e:b3:96:50:7c:a6:30:eb:
                    4c:55:ec:79:69:d1:38:1f:61:a4:9d:72:0c:0d:f1:
                    26:2a:2e:98:cf:86:46:45:f9:23:ce:ce:d7:f2:35:
                    6a:87:f7:53:d9:ab:38:2f:3c:12:e5:d3:24:9e:c3:
                    cb:2f:38:7b:a5:91:d0:e9:1b:4c:72:1c:e3:9a:9e:
                    b4:86:3f:fb:b2:da:bd:28:fb:5f:01:0d:94:81:73:
                    d2:81:cd:3b:d3:2d:bd:60:60:9e:02:ef:8e:18:51:
                    c4:6d:58:3e:c0:2b:ea:c7:85:e1:73:09:ba:dc:9a:
                    55:33:05:f8:d3:d4:67:26:95:bf:6d:00:8e:2c:83:
                    87:ab:4f:9a:91:7f:7f:a8:a0:15:a0:ee:9e:84:f8:
                    90:82:a7:99:d6:9a:c2:6e:a6:14:58:45:35:f4:ef:
                    2a:14:9b:1d:25:1e:ea:9d:a2:aa:80:90:9f:32:d5:
                    84:34:15:10:ef:f7:a3:64:a3:3d:15:54:67:c7:bb:
                    cf:03:47:d4:35:d1:ba:3c:22:38:e9:0b:7e:68:2c:
                    b0:64:67:be:5f:15:3d:0d:5a:7e:fd:1a:a1:0f:95:
                    07:01:73:cf:80:98:51:38:d0:40:fc:c2:2c:95:54:
                    1e:3f:af:fb:39:8f:0c:42:da:09:29:8a:89:61:55:
                    16:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:34:E5:F1:41:77:A7:B7:BD:16:F4:B4:C1:BE:B3:3E:37:38:14:74
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nzTl8UF3p7e9FvS0wb6zPjc4FHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.133.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:dc:d7:85:ab:95:04:22:01:db:67:69:15:fb:ee:3a:5d:91:
         aa:4c:e4:7e:e6:82:c6:fb:91:a8:31:07:28:c6:de:0b:f2:40:
         54:f8:79:c5:40:61:7b:48:d0:b5:c7:11:7e:b2:9c:ec:0d:3f:
         4d:06:ad:93:d0:0c:94:a2:a3:13:a1:1f:fb:d4:44:b4:c5:06:
         1d:f1:56:50:4b:18:3e:01:3f:46:c9:06:7d:29:47:be:32:36:
         91:44:d0:d7:a6:72:3f:4d:40:79:2a:a7:4a:b0:bd:1a:35:ea:
         31:f4:02:f3:8d:63:06:d2:14:da:f2:0f:18:14:1f:78:de:b3:
         bb:4a:4c:78:ab:61:72:e1:98:af:d5:9a:88:b6:f9:e8:2c:a9:
         d0:c5:c9:9e:5b:93:f5:24:17:37:3b:ce:f3:a3:f1:e4:96:5b:
         b4:7b:df:98:35:c0:e8:11:70:2f:43:5e:4d:c4:79:5c:0f:12:
         fa:3d:7b:f2:05:63:0e:f7:70:54:94:38:8c:57:d9:41:b0:6b:
         12:79:d6:2a:4f:79:8e:e3:dd:af:b9:eb:58:19:6d:14:e4:41:
         52:dd:1f:40:68:f2:35:8e:85:5c:e1:e5:ae:36:46:65:95:85:
         11:8e:fd:71:c6:ac:cd:50:d6:b0:1b:9c:9b:3a:f2:36:4a:72:
         21:66:63:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJfFtzbBs6qq6QFhWsJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjYwMTAyMTAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM0ZTVmMTQxNzdhN2I3YmQxNmY0YjRjMWJlYjMzZTM3MzgxNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60hWyFzuXrOWUHymMOtMVex5adE4
H2GknXIMDfEmKi6Yz4ZGRfkjzs7X8jVqh/dT2as4LzwS5dMknsPLLzh7pZHQ6RtM
chzjmp60hj/7stq9KPtfAQ2UgXPSgc070y29YGCeAu+OGFHEbVg+wCvqx4Xhcwm6
3JpVMwX409RnJpW/bQCOLIOHq0+akX9/qKAVoO6ehPiQgqeZ1prCbqYUWEU19O8q
FJsdJR7qnaKqgJCfMtWENBUQ7/ejZKM9FVRnx7vPA0fUNdG6PCI46Qt+aCywZGe+
XxU9DVp+/RqhD5UHAXPPgJhRONBA/MIslVQeP6/7OY8MQtoJKYqJYVUWlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ805fFBd6e3vRb0tMG+sz43OBR0MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvbnpUbDhVRjNwN2U5RnZTMHdiNnpQamM0RkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4VFMA0G
CSqGSIb3DQEBCwUAA4IBAQA+3NeFq5UEIgHbZ2kV++46XZGqTOR+5oLG+5GoMQco
xt4L8kBU+HnFQGF7SNC1xxF+spzsDT9NBq2T0AyUoqMToR/71ES0xQYd8VZQSxg+
AT9GyQZ9KUe+MjaRRNDXpnI/TUB5KqdKsL0aNeox9ALzjWMG0hTa8g8YFB943rO7
Skx4q2Fy4Ziv1ZqItvnoLKnQxcmeW5P1JBc3O87zo/Hkllu0e9+YNcDoEXAvQ15N
xHlcDxL6PXvyBWMO93BUlDiMV9lBsGsSedYqT3mO492vuetYGW0U5EFS3R9AaPI1
joVc4eWuNkZllYURjv1xxqzNUNawG5ybOvI2SnIhZmNb
-----END CERTIFICATE-----