This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/ziF5LUxXxsiZsU2Zn5F9Vs8QBIU.roa
File:                     ziF5LUxXxsiZsU2Zn5F9Vs8QBIU.roa (raw, json)
Hash identifier:          JWHNPV4Q0ijWQ7FA9BlDGI8xfPLJfKs3pJXg1QGEDkY=
Subject key identifier:   CE:21:79:2D:4C:57:C6:C8:99:B1:4D:99:9F:91:7D:56:CF:10:04:85
Certificate issuer:       /CN=58d89dc189e009361acb2655680e669c0bc47456
Certificate serial:       019B7F13A05FF28C03A4CFA2F10B55345EC2
Authority key identifier: 58:D8:9D:C1:89:E0:09:36:1A:CB:26:55:68:0E:66:9C:0B:C4:74:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNidwYngCTYayyZVaA5mnAvEdFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/ziF5LUxXxsiZsU2Zn5F9Vs8QBIU.roa
Signing time:             Fri 02 Jan 2026 14:19:11 +0000
ROA not before:           Fri 02 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        185.241.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/WNidwYngCTYayyZVaA5mnAvEdFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/WNidwYngCTYayyZVaA5mnAvEdFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WNidwYngCTYayyZVaA5mnAvEdFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:a0:5f:f2:8c:03:a4:cf:a2:f1:0b:55:34:5e:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d89dc189e009361acb2655680e669c0bc47456
        Validity
            Not Before: Jan  2 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce21792d4c57c6c899b14d999f917d56cf100485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7f:91:e9:2a:c9:68:0b:a9:42:2c:3f:5a:3b:
                    4b:f5:71:62:6c:ee:06:9b:f5:24:aa:a9:f8:99:72:
                    c0:5a:d7:d4:f3:91:8f:fa:0f:b2:5b:72:fe:ab:fe:
                    19:53:96:14:d7:59:22:15:1d:9b:f2:16:58:d4:60:
                    8f:0b:58:f1:0b:54:d0:c4:2c:ea:ad:17:d1:9d:43:
                    61:8c:3c:94:50:cc:9f:f1:ed:b0:6e:24:56:b8:6e:
                    bb:ce:04:77:9c:4b:33:15:eb:bc:59:26:c2:22:28:
                    42:71:ef:56:dc:b7:56:e7:08:13:41:b9:66:7d:7d:
                    2e:23:58:3e:67:3a:b8:5b:63:c9:96:7e:65:98:d1:
                    33:ee:35:bc:3a:04:2a:04:ff:da:bf:0b:f7:3e:ed:
                    95:ff:5a:c8:59:c8:bb:b8:b7:5f:a7:cb:16:ca:6d:
                    b3:6c:a0:8c:a0:b3:c2:2a:cd:1e:d1:a7:fe:d3:cd:
                    05:23:5a:d2:c5:b2:f0:13:93:a1:d7:40:26:bf:54:
                    42:e3:90:56:ed:83:9a:88:dc:ba:be:91:c9:d4:97:
                    5d:e1:6f:ee:58:e5:43:9f:4e:ac:d6:84:0d:1d:b6:
                    0c:d6:62:44:d0:16:eb:9d:03:d1:60:df:2a:47:7b:
                    43:85:a4:f0:5a:9d:25:85:55:4d:12:45:3f:6f:37:
                    e0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:21:79:2D:4C:57:C6:C8:99:B1:4D:99:9F:91:7D:56:CF:10:04:85
            X509v3 Authority Key Identifier:
                keyid:58:D8:9D:C1:89:E0:09:36:1A:CB:26:55:68:0E:66:9C:0B:C4:74:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNidwYngCTYayyZVaA5mnAvEdFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/ziF5LUxXxsiZsU2Zn5F9Vs8QBIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/WNidwYngCTYayyZVaA5mnAvEdFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:7f:bc:94:7e:61:5f:d4:4b:91:36:44:60:ea:85:2c:a8:45:
         fc:1a:2c:7c:03:89:b0:95:8f:08:47:0d:6d:3c:95:2e:41:61:
         87:21:b6:50:ab:aa:51:f9:58:21:e6:07:e0:44:c4:28:7c:48:
         e4:65:6e:a4:30:8b:55:e3:6c:7c:bf:e5:c2:c5:91:14:02:35:
         17:90:43:42:03:3d:0b:d4:07:39:c6:79:3e:83:4e:04:ca:4f:
         6b:85:7c:0e:be:0a:68:ff:3c:69:e4:05:89:6e:04:09:28:18:
         fd:6a:09:f3:7a:c7:a1:c1:bf:79:1a:72:0c:58:f7:ac:8f:e8:
         d0:10:d7:a3:e0:01:1f:b1:e3:b6:de:5b:a4:09:fa:00:5f:ad:
         57:d4:f6:fc:64:73:96:f0:20:e8:d0:63:79:09:0c:73:aa:84:
         e3:79:a1:52:08:ee:e6:c4:09:26:74:7d:65:32:91:43:57:2d:
         d9:d7:65:a9:2a:db:39:e2:b5:bd:cc:d0:43:20:d9:3f:f5:0f:
         aa:92:37:94:57:9c:a1:cd:74:c3:62:89:f4:67:e8:a6:ed:87:
         60:95:14:13:c7:2b:98:5f:d8:c6:f4:f5:7b:77:37:f1:22:37:
         4b:a1:33:84:91:d7:41:9c:55:47:8f:67:ae:3d:8f:18:01:e8:
         8b:34:4c:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E6Bf8owDpM+i8QtVNF7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDg5ZGMxODllMDA5MzYxYWNiMjY1NTY4MGU2NjljMGJj
NDc0NTYwHhcNMjYwMTAyMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTIxNzkyZDRjNTdjNmM4OTliMTRkOTk5ZjkxN2Q1NmNmMTAwNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H+R6SrJaAupQiw/WjtL9XFibO4G
m/Ukqqn4mXLAWtfU85GP+g+yW3L+q/4ZU5YU11kiFR2b8hZY1GCPC1jxC1TQxCzq
rRfRnUNhjDyUUMyf8e2wbiRWuG67zgR3nEszFeu8WSbCIihCce9W3LdW5wgTQblm
fX0uI1g+Zzq4W2PJln5lmNEz7jW8OgQqBP/avwv3Pu2V/1rIWci7uLdfp8sWym2z
bKCMoLPCKs0e0af+080FI1rSxbLwE5Oh10Amv1RC45BW7YOaiNy6vpHJ1Jdd4W/u
WOVDn06s1oQNHbYM1mJE0BbrnQPRYN8qR3tDhaTwWp0lhVVNEkU/bzfgfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4heS1MV8bImbFNmZ+RfVbPEASFMB8GA1UdIwQY
MBaAFFjYncGJ4Ak2GssmVWgOZpwLxHRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05pZHdZbmdDVFlheXlaVmFBNW1uQXZFZEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81MWVmNDYtZDA2OS00NzRjLTliNGIt
OWRmZjViZDU0ODhhLzEvemlGNUxVeFh4c2lac1UyWm41RjlWczhRQklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81MWVmNDYtZDA2OS00NzRjLTliNGItOWRmZjViZDU0ODhh
LzEvV05pZHdZbmdDVFlheXlaVmFBNW1uQXZFZEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufHMMA0G
CSqGSIb3DQEBCwUAA4IBAQCaf7yUfmFf1EuRNkRg6oUsqEX8Gix8A4mwlY8IRw1t
PJUuQWGHIbZQq6pR+Vgh5gfgRMQofEjkZW6kMItV42x8v+XCxZEUAjUXkENCAz0L
1Ac5xnk+g04Eyk9rhXwOvgpo/zxp5AWJbgQJKBj9agnzesehwb95GnIMWPesj+jQ
ENej4AEfseO23lukCfoAX61X1Pb8ZHOW8CDo0GN5CQxzqoTjeaFSCO7mxAkmdH1l
MpFDVy3Z12WpKts54rW9zNBDINk/9Q+qkjeUV5yhzXTDYon0Z+im7YdglRQTxyuY
X9jG9PV7dzfxIjdLoTOEkddBnFVHj2euPY8YAeiLNEy8
-----END CERTIFICATE-----