This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Znfa73p9gykO0gBaOY96RVDKTWg.roa
File:                     Znfa73p9gykO0gBaOY96RVDKTWg.roa (raw, json)
Hash identifier:          JqvrbwmWqW5i30K6jcxmqvrUWP4xj/VonoHZXAOdti8=
Subject key identifier:   66:77:DA:EF:7A:7D:83:29:0E:D2:00:5A:39:8F:7A:45:50:CA:4D:68
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       019B77C6E31872D6299B1D9122B378BBBDE9
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Znfa73p9gykO0gBaOY96RVDKTWg.roa
Signing time:             Thu 01 Jan 2026 04:18:01 +0000
ROA not before:           Thu 01 Jan 2026 04:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135391
IP address blocks:        202.50.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e3:18:72:d6:29:9b:1d:91:22:b3:78:bb:bd:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  1 04:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6677daef7a7d83290ed2005a398f7a4550ca4d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:19:8e:15:e0:80:14:36:9d:dc:21:0f:a8:cf:
                    ca:a6:a2:7c:66:a3:5c:1d:41:05:57:ce:a9:65:06:
                    f4:63:70:93:74:93:69:dc:14:97:51:f1:29:ed:ed:
                    2f:1b:97:5c:c2:c2:f8:53:e1:f2:9e:ea:fb:15:e6:
                    0b:58:12:85:46:a4:3c:e1:3b:1d:9c:08:67:50:dd:
                    d4:85:ad:ef:bf:38:03:f8:be:ae:bd:55:16:2f:f0:
                    54:1f:b7:62:95:6f:af:5b:ea:32:d7:1a:9e:51:9f:
                    26:42:51:26:3f:d4:9f:13:8c:d2:52:5c:96:9e:a7:
                    27:aa:85:b4:7a:62:76:5f:06:0e:67:a2:9f:ef:86:
                    52:50:84:b7:ee:be:a2:1f:36:40:09:c5:ff:9d:1a:
                    7e:49:63:0b:8b:d7:3b:9f:2e:eb:70:e5:1c:d0:11:
                    c8:04:91:b0:d7:9e:57:cb:e7:80:93:11:41:8b:54:
                    81:ff:50:40:6e:31:01:f6:ac:9c:b0:4c:9a:b1:c1:
                    3e:0a:6a:c6:24:05:d5:97:25:66:6d:82:c8:35:7d:
                    86:26:18:20:7b:d3:7e:32:ad:de:e9:ed:7f:3b:eb:
                    f2:d1:a4:80:fe:ea:c3:34:93:26:16:4d:03:97:ba:
                    c6:b8:1a:79:48:bd:28:d6:0e:4e:68:e6:61:44:d9:
                    1d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:77:DA:EF:7A:7D:83:29:0E:D2:00:5A:39:8F:7A:45:50:CA:4D:68
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Znfa73p9gykO0gBaOY96RVDKTWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.50.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:f7:ca:17:52:43:4f:bc:35:96:bf:af:91:15:97:87:49:4e:
         50:74:66:b7:f3:c1:c2:60:31:17:2d:01:d8:3a:af:98:04:86:
         84:fb:7e:63:a5:9b:e0:80:c1:d6:0d:25:f3:91:f1:1e:b4:79:
         13:fd:49:a6:fb:8a:f4:7d:38:32:6f:51:6b:23:4e:50:58:47:
         fe:33:95:f6:55:4e:51:57:fa:05:62:af:6e:83:e0:61:96:e3:
         2f:48:42:f0:4d:21:95:1d:36:26:b3:4f:9e:49:78:a3:09:48:
         a6:7f:78:4d:87:d5:0c:ca:74:75:4a:c2:7c:bf:b5:61:a8:5b:
         8a:b3:9b:6f:d8:ec:d3:f2:fa:40:89:33:cd:ca:23:6d:06:a9:
         51:ad:8f:fb:c0:79:76:12:88:3e:c9:1e:3d:2c:cb:2f:38:78:
         6f:f3:f8:e4:6c:1c:8e:55:16:bb:34:94:41:e4:46:5e:98:c4:
         f2:05:3a:0c:a6:5d:a4:0a:eb:7c:84:10:b7:a2:8f:04:cf:7e:
         be:5a:64:a9:69:ff:cd:aa:66:1d:cb:86:22:74:03:af:51:2a:
         dd:20:9b:a9:2a:05:1e:e5:3a:00:f0:5a:82:30:f8:0d:bc:e5:
         5c:4b:16:c6:d1:63:ea:2a:8b:8c:dc:97:b0:70:37:bd:57:e4:
         5a:94:5a:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xuMYctYpmx2RIrN4u73pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjYwMTAxMDQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njc3ZGFlZjdhN2Q4MzI5MGVkMjAwNWEzOThmN2E0NTUwY2E0ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBmOFeCAFDad3CEPqM/KpqJ8ZqNc
HUEFV86pZQb0Y3CTdJNp3BSXUfEp7e0vG5dcwsL4U+Hynur7FeYLWBKFRqQ84Tsd
nAhnUN3Uha3vvzgD+L6uvVUWL/BUH7dilW+vW+oy1xqeUZ8mQlEmP9SfE4zSUlyW
nqcnqoW0emJ2XwYOZ6Kf74ZSUIS37r6iHzZACcX/nRp+SWMLi9c7ny7rcOUc0BHI
BJGw155Xy+eAkxFBi1SB/1BAbjEB9qycsEyascE+CmrGJAXVlyVmbYLINX2GJhgg
e9N+Mq3e6e1/O+vy0aSA/urDNJMmFk0Dl7rGuBp5SL0o1g5OaOZhRNkdGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ32u96fYMpDtIAWjmPekVQyk1oMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvWm5mYTczcDlneWtPMGdCYU9ZOTZSVkRLVFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyjL9MA0G
CSqGSIb3DQEBCwUAA4IBAQCf98oXUkNPvDWWv6+RFZeHSU5QdGa388HCYDEXLQHY
Oq+YBIaE+35jpZvggMHWDSXzkfEetHkT/Umm+4r0fTgyb1FrI05QWEf+M5X2VU5R
V/oFYq9ug+BhluMvSELwTSGVHTYms0+eSXijCUimf3hNh9UMynR1SsJ8v7VhqFuK
s5tv2OzT8vpAiTPNyiNtBqlRrY/7wHl2Eog+yR49LMsvOHhv8/jkbByOVRa7NJRB
5EZemMTyBToMpl2kCut8hBC3oo8Ez36+WmSpaf/NqmYdy4YidAOvUSrdIJupKgUe
5ToA8FqCMPgNvOVcSxbG0WPqKouM3JewcDe9V+RalFqU
-----END CERTIFICATE-----