This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/Z4RE0ETdC4xhk1FbbundGTGGRB8.roa
File:                     Z4RE0ETdC4xhk1FbbundGTGGRB8.roa (raw, json)
Hash identifier:          qQ3AizCsruyzTMQNiKoa4LuCo6aARO1PFZyPx/nGISA=
Subject key identifier:   67:84:44:D0:44:DD:0B:8C:61:93:51:5B:6E:E9:DD:19:31:86:44:1F
Certificate issuer:       /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial:       019B7F837D1E468A06B96198E5A0F0ED624C
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/Z4RE0ETdC4xhk1FbbundGTGGRB8.roa
Signing time:             Fri 02 Jan 2026 16:21:22 +0000
ROA not before:           Fri 02 Jan 2026 16:21:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        212.47.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:7d:1e:46:8a:06:b9:61:98:e5:a0:f0:ed:62:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
        Validity
            Not Before: Jan  2 16:21:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=678444d044dd0b8c6193515b6ee9dd193186441f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:16:d0:d4:69:a2:d8:06:48:24:1d:a4:48:13:
                    1b:03:12:8d:74:70:ac:b1:9e:63:d7:8c:6d:5e:aa:
                    91:0e:f3:94:53:16:dc:81:82:d6:6d:d8:f3:b8:ce:
                    20:1d:5b:e8:f5:fa:31:1a:02:93:6e:67:22:0d:1f:
                    91:3f:c5:07:a3:a7:d4:65:7d:19:82:44:d3:ee:09:
                    44:c0:3d:e2:6a:38:98:25:03:58:4c:c4:02:2b:b3:
                    63:06:ef:6f:19:ba:9c:95:ac:aa:79:6d:34:19:ce:
                    bf:f3:b5:f6:07:d1:a0:dc:38:e0:e2:92:53:94:de:
                    a8:58:47:03:f3:9e:38:dc:87:5d:7d:ec:ab:11:da:
                    b6:8a:53:42:c2:85:1e:31:76:b2:63:98:04:51:98:
                    fa:69:a2:5d:22:e4:ba:98:07:e7:a1:8d:88:1b:06:
                    60:92:6d:ac:2d:bc:77:2d:49:4c:fa:56:41:7b:6d:
                    89:a5:bf:cb:aa:ad:58:54:e2:44:6a:f7:fa:ff:41:
                    16:16:5e:8a:08:ff:5e:c1:63:34:22:cd:b6:ba:6c:
                    6f:d1:c7:94:b2:29:ab:ed:41:e9:a4:3c:c3:41:b5:
                    11:d2:b8:27:b9:ca:f0:db:f9:5b:1f:d7:2b:58:ee:
                    eb:e6:8b:52:28:a7:49:46:74:0d:1e:d5:f7:40:a6:
                    fd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:84:44:D0:44:DD:0B:8C:61:93:51:5B:6E:E9:DD:19:31:86:44:1F
            X509v3 Authority Key Identifier:
                keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/Z4RE0ETdC4xhk1FbbundGTGGRB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.47.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:95:da:6e:e6:96:6b:fc:b2:67:6d:09:c7:9a:d7:f9:23:7b:
         e0:c8:d4:b2:48:8a:a7:55:4e:84:eb:b5:0e:72:b5:80:2d:35:
         bb:18:a7:9d:8b:8c:92:ab:41:8e:80:8a:c0:42:65:47:c3:b4:
         88:f5:7a:c7:fb:81:7f:0b:ab:4b:01:60:2b:32:9e:e1:48:8f:
         84:c2:bb:68:27:ad:b0:96:19:da:b2:47:a8:21:e9:62:c7:1f:
         db:4a:42:5b:ac:87:17:84:43:08:c9:d9:f9:0a:92:17:92:1a:
         25:c5:82:c6:58:2c:78:f0:54:d8:27:b7:d0:30:b8:ad:0b:98:
         4a:cf:4c:25:13:8e:f1:55:aa:a5:c1:2e:a3:c5:c5:49:e8:55:
         29:e7:47:34:f6:0c:a7:c5:b5:ca:cf:1b:77:ed:f8:8a:6a:0e:
         a3:49:70:c3:93:1e:8e:01:79:17:42:75:5a:0a:fc:50:cd:49:
         e4:ca:04:3a:d2:08:be:6b:e1:aa:33:2d:43:2f:4c:49:47:9f:
         cd:3c:43:2c:3f:f8:73:15:6f:ea:7d:1a:ef:99:db:0c:ee:7a:
         f2:6a:e2:8e:47:38:f0:24:71:70:34:f6:eb:c0:29:e0:28:bf:
         1f:8b:74:4d:c1:a8:4a:19:f5:b3:9d:b0:b9:36:ef:ad:33:d1:
         58:99:c6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g30eRooGuWGY5aDw7WJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjYwMTAyMTYyMTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg0NDRkMDQ0ZGQwYjhjNjE5MzUxNWI2ZWU5ZGQxOTMxODY0NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxbQ1Gmi2AZIJB2kSBMbAxKNdHCs
sZ5j14xtXqqRDvOUUxbcgYLWbdjzuM4gHVvo9foxGgKTbmciDR+RP8UHo6fUZX0Z
gkTT7glEwD3iajiYJQNYTMQCK7NjBu9vGbqclayqeW00Gc6/87X2B9Gg3Djg4pJT
lN6oWEcD85443IddfeyrEdq2ilNCwoUeMXayY5gEUZj6aaJdIuS6mAfnoY2IGwZg
km2sLbx3LUlM+lZBe22Jpb/Lqq1YVOJEavf6/0EWFl6KCP9ewWM0Is22umxv0ceU
simr7UHppDzDQbUR0rgnucrw2/lbH9crWO7r5otSKKdJRnQNHtX3QKb9HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeERNBE3QuMYZNRW27p3RkxhkQfMB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvWjRSRTBFVGRDNHhoazFGYmJ1bmRHVEdHUkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1C9WMA0G
CSqGSIb3DQEBCwUAA4IBAQBgldpu5pZr/LJnbQnHmtf5I3vgyNSySIqnVU6E67UO
crWALTW7GKedi4ySq0GOgIrAQmVHw7SI9XrH+4F/C6tLAWArMp7hSI+EwrtoJ62w
lhnaskeoIelixx/bSkJbrIcXhEMIydn5CpIXkholxYLGWCx48FTYJ7fQMLitC5hK
z0wlE47xVaqlwS6jxcVJ6FUp50c09gynxbXKzxt37fiKag6jSXDDkx6OAXkXQnVa
CvxQzUnkygQ60gi+a+GqMy1DL0xJR5/NPEMsP/hzFW/qfRrvmdsM7nryauKORzjw
JHFwNPbrwCngKL8fi3RNwahKGfWznbC5Nu+tM9FYmcb7
-----END CERTIFICATE-----