This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zrLYbxAE_MEtIH9ApgNZHOvv0J4.roa
File:                     zrLYbxAE_MEtIH9ApgNZHOvv0J4.roa (raw, json)
Hash identifier:          yhDybLP3MEMCtaEEzjnt3LMV/FxUp3kz6Nn5Vv/go5M=
Subject key identifier:   CE:B2:D8:6F:10:04:FC:C1:2D:20:7F:40:A6:03:59:1C:EB:EF:D0:9E
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA539983A73FCDDC3117C01E764DEA9
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zrLYbxAE_MEtIH9ApgNZHOvv0J4.roa
Signing time:             Thu 01 Jan 2026 22:19:44 +0000
ROA not before:           Thu 01 Jan 2026 22:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49330
IP address blocks:        94.236.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:39:98:3a:73:fc:dd:c3:11:7c:01:e7:64:de:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ceb2d86f1004fcc12d207f40a603591cebefd09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:64:e8:25:10:5a:13:5e:44:6f:13:ec:7b:21:
                    61:0d:7a:23:74:75:c2:28:f4:4a:be:8c:a3:24:ec:
                    62:c2:07:ad:49:65:63:8e:38:ed:56:4d:ed:f6:a5:
                    c7:3b:50:26:3e:24:a5:01:2d:fb:2f:4b:d9:91:56:
                    48:ae:fa:f2:f2:79:c5:f0:8d:c6:b4:3a:59:3c:b6:
                    6a:73:0b:10:e4:96:4e:c9:3f:b8:2c:c3:b9:a6:19:
                    9c:af:7a:18:24:6b:f4:20:a9:d5:a2:e0:49:fc:a9:
                    77:47:2d:8d:a7:99:2c:d1:78:b5:49:3f:da:5e:36:
                    79:37:83:a2:5a:ef:96:5b:3b:1c:14:0d:cf:c4:67:
                    48:2c:cd:c2:91:53:7a:62:72:3a:93:e9:65:58:fd:
                    c3:55:2f:2d:81:5b:9e:95:90:78:f9:bc:db:75:37:
                    90:df:ea:ff:40:4d:41:ff:91:27:ea:00:b5:9d:ae:
                    36:24:c0:28:8b:1a:b4:d6:2c:81:7b:36:57:12:f1:
                    8c:8c:76:5a:ad:0e:13:d6:73:f5:49:b0:c3:84:62:
                    d7:a1:76:aa:b5:ec:68:23:69:45:98:2c:bc:f7:ef:
                    ab:9a:f3:29:19:8f:3e:53:e4:5f:83:1d:19:74:f8:
                    d7:b2:af:c5:a9:d1:27:b8:47:63:19:ea:21:72:4e:
                    f8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B2:D8:6F:10:04:FC:C1:2D:20:7F:40:A6:03:59:1C:EB:EF:D0:9E
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zrLYbxAE_MEtIH9ApgNZHOvv0J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.236.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:86:7d:1a:1f:c1:00:4b:0f:de:89:7b:42:67:ad:6a:3e:1d:
         e8:f3:34:a1:09:86:a1:f6:37:08:3c:cd:a9:dc:79:4f:d8:5d:
         3a:d3:84:17:af:ec:97:36:9b:3b:1a:0b:84:88:bb:77:bf:23:
         20:f3:83:5e:ba:14:47:be:91:60:bb:4a:52:d9:7d:b1:c5:3c:
         63:ef:40:7c:7a:9d:99:24:a1:11:e1:6f:0a:37:a1:16:3b:04:
         98:05:9d:5c:e3:3f:b7:df:aa:6d:0e:3a:26:4f:a6:3a:61:e3:
         c4:d2:f8:7d:11:e3:da:69:b2:e6:e9:ea:34:f4:e2:78:77:50:
         bf:07:7a:c6:38:fb:d6:45:45:31:b8:b2:18:bc:d7:50:b6:09:
         03:64:c6:45:a0:0e:58:8c:cf:74:86:a6:9d:63:69:1a:12:4f:
         b7:d4:f3:d4:38:d9:20:20:99:2f:4c:15:67:c9:c6:23:0c:57:
         10:7b:70:ec:c7:18:d8:2c:8b:f9:f4:d3:3b:a4:20:e7:51:49:
         a1:4e:da:d0:03:90:e4:36:57:6e:fc:51:37:4b:42:1b:2e:c9:
         89:ab:93:0f:88:a8:f6:fd:69:6e:d9:e1:37:1c:e0:c6:b7:0c:
         c7:db:c4:91:aa:3d:9f:f4:cf:93:9a:73:4a:9f:6d:b6:50:dd:
         a7:4d:cf:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTmYOnP83cMRfAHnZN6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIyZDg2ZjEwMDRmY2MxMmQyMDdmNDBhNjAzNTkxY2ViZWZkMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWToJRBaE15EbxPseyFhDXojdHXC
KPRKvoyjJOxiwgetSWVjjjjtVk3t9qXHO1AmPiSlAS37L0vZkVZIrvry8nnF8I3G
tDpZPLZqcwsQ5JZOyT+4LMO5phmcr3oYJGv0IKnVouBJ/Kl3Ry2Np5ks0Xi1ST/a
XjZ5N4OiWu+WWzscFA3PxGdILM3CkVN6YnI6k+llWP3DVS8tgVuelZB4+bzbdTeQ
3+r/QE1B/5En6gC1na42JMAoixq01iyBezZXEvGMjHZarQ4T1nP1SbDDhGLXoXaq
texoI2lFmCy89++rmvMpGY8+U+Rfgx0ZdPjXsq/FqdEnuEdjGeohck740wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6y2G8QBPzBLSB/QKYDWRzr79CeMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvenJMWWJ4QUVfTUV0SUg5QXBnTlpIT3Z2MEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuyiMA0G
CSqGSIb3DQEBCwUAA4IBAQCIhn0aH8EASw/eiXtCZ61qPh3o8zShCYah9jcIPM2p
3HlP2F0604QXr+yXNps7GguEiLt3vyMg84NeuhRHvpFgu0pS2X2xxTxj70B8ep2Z
JKER4W8KN6EWOwSYBZ1c4z+336ptDjomT6Y6YePE0vh9EePaabLm6eo09OJ4d1C/
B3rGOPvWRUUxuLIYvNdQtgkDZMZFoA5YjM90hqadY2kaEk+31PPUONkgIJkvTBVn
ycYjDFcQe3DsxxjYLIv59NM7pCDnUUmhTtrQA5DkNldu/FE3S0IbLsmJq5MPiKj2
/Wlu2eE3HODGtwzH28SRqj2f9M+TmnNKn222UN2nTc8b
-----END CERTIFICATE-----