This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rzOwe3KRqHzanZTCIZzK0104Hls.roa
File:                     rzOwe3KRqHzanZTCIZzK0104Hls.roa (raw, json)
Hash identifier:          pKmVQ83gMzBM7wk3YJJapQL0XTgHJRcX/Ns8h5eTeW8=
Subject key identifier:   AF:33:B0:7B:72:91:A8:7C:DA:9D:94:C2:21:9C:CA:D3:5D:38:1E:5B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C1386505CCB7AAA3CBF4A714A309E22
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rzOwe3KRqHzanZTCIZzK0104Hls.roa
Signing time:             Fri 02 Jan 2026 00:20:12 +0000
ROA not before:           Fri 02 Jan 2026 00:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202673
IP address blocks:        185.221.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:86:50:5c:cb:7a:aa:3c:bf:4a:71:4a:30:9e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af33b07b7291a87cda9d94c2219ccad35d381e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e4:6b:bc:09:ad:67:cb:f2:94:58:28:a8:02:
                    69:35:d6:55:0a:09:05:1b:cb:2b:32:93:e0:ba:42:
                    a0:bf:be:4b:0c:23:ca:04:53:7c:60:39:6d:1f:cb:
                    21:c4:1b:42:b0:4d:20:12:76:f2:69:ab:41:56:8f:
                    8c:c0:2f:80:27:1b:07:fd:b3:15:a4:dd:04:df:a2:
                    06:7f:e2:20:0f:34:6e:b4:59:92:5c:89:e0:e5:fe:
                    f7:66:29:61:b4:2f:1b:55:d4:d2:0f:75:b1:93:e0:
                    4f:5d:e1:02:8b:e9:c2:00:c1:9f:5b:2c:6f:03:5c:
                    11:40:ab:e7:be:66:73:5a:df:d0:1a:e7:6a:11:3c:
                    6c:ed:bc:a0:51:41:15:92:3c:11:25:61:69:8b:1b:
                    1e:b2:b5:87:6f:59:d9:4e:8b:9f:ec:4e:7a:b7:2a:
                    0f:ed:ea:af:cd:88:4e:fd:a7:e1:ca:ca:cc:17:e0:
                    62:cc:08:bc:d5:5d:de:1d:8a:21:1b:55:96:1c:c0:
                    c7:9f:0f:68:8b:54:53:38:f8:68:b4:46:ea:61:60:
                    09:b1:45:30:44:98:da:a7:a9:db:7c:e3:fa:44:73:
                    12:58:05:5b:94:2d:cf:e2:09:27:5f:bf:fe:b7:cb:
                    ed:60:b1:5f:43:6f:60:2c:da:e4:a0:15:28:9f:15:
                    f4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:33:B0:7B:72:91:A8:7C:DA:9D:94:C2:21:9C:CA:D3:5D:38:1E:5B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rzOwe3KRqHzanZTCIZzK0104Hls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:e4:95:2b:b4:cc:8e:48:b7:03:42:6a:15:9c:a2:25:96:58:
         14:32:20:12:5f:30:5b:9d:52:85:b7:da:0e:53:dd:c2:c7:ab:
         63:96:78:df:42:8b:db:49:fe:9f:cd:c7:9e:ae:ff:cc:c1:4e:
         ed:f5:c6:95:97:e3:61:77:64:c5:96:67:05:c2:72:cb:6b:bc:
         ef:9f:74:1b:84:83:92:5c:d8:f1:df:42:9e:32:a9:91:bc:45:
         a1:5e:da:02:c6:81:b6:bc:b3:fb:9d:66:84:a6:03:16:a7:82:
         51:18:6f:c1:62:7f:4a:c3:4c:e3:35:5a:41:d7:4b:28:f7:cb:
         c3:6a:a1:9c:32:cf:47:ac:64:e5:99:29:63:6c:36:35:f8:36:
         5f:79:a1:98:f7:df:ca:24:9e:37:76:84:38:58:61:57:ca:c4:
         22:23:02:a7:07:0a:4c:af:a5:71:5f:29:ae:32:ff:8e:d0:8f:
         fd:42:2f:a0:66:46:cc:8a:0b:d7:ad:15:f1:3e:72:c7:3c:e4:
         71:02:86:8b:e3:37:a3:98:1f:ba:10:65:da:5e:c4:b6:dd:8f:
         c6:05:ee:58:91:66:e0:d1:9b:3b:e8:0d:bf:a7:9f:e9:4a:78:
         04:59:88:99:91:ca:98:74:5b:c9:ee:57:63:91:a0:22:a8:00:
         cf:07:d8:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E4ZQXMt6qjy/SnFKMJ4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMzYjA3YjcyOTFhODdjZGE5ZDk0YzIyMTljY2FkMzVkMzgxZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsORrvAmtZ8vylFgoqAJpNdZVCgkF
G8srMpPgukKgv75LDCPKBFN8YDltH8shxBtCsE0gEnbyaatBVo+MwC+AJxsH/bMV
pN0E36IGf+IgDzRutFmSXIng5f73ZilhtC8bVdTSD3Wxk+BPXeECi+nCAMGfWyxv
A1wRQKvnvmZzWt/QGudqETxs7bygUUEVkjwRJWFpixsesrWHb1nZTouf7E56tyoP
7eqvzYhO/afhysrMF+BizAi81V3eHYohG1WWHMDHnw9oi1RTOPhotEbqYWAJsUUw
RJjap6nbfOP6RHMSWAVblC3P4gknX7/+t8vtYLFfQ29gLNrkoBUonxX0YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8zsHtykah82p2UwiGcytNdOB5bMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcnpPd2UzS1JxSHphblpUQ0laekswMTA0SGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0UMA0G
CSqGSIb3DQEBCwUAA4IBAQCC5JUrtMyOSLcDQmoVnKIlllgUMiASXzBbnVKFt9oO
U93Cx6tjlnjfQovbSf6fzceerv/MwU7t9caVl+Nhd2TFlmcFwnLLa7zvn3QbhIOS
XNjx30KeMqmRvEWhXtoCxoG2vLP7nWaEpgMWp4JRGG/BYn9Kw0zjNVpB10so98vD
aqGcMs9HrGTlmSljbDY1+DZfeaGY99/KJJ43doQ4WGFXysQiIwKnBwpMr6VxXymu
Mv+O0I/9Qi+gZkbMigvXrRXxPnLHPORxAoaL4zejmB+6EGXaXsS23Y/GBe5YkWbg
0Zs76A2/p5/pSngEWYiZkcqYdFvJ7ldjkaAiqADPB9gh
-----END CERTIFICATE-----