This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/nzU1DUcc-wuwFiW-a7zKPZ7kUFM.roa
File:                     nzU1DUcc-wuwFiW-a7zKPZ7kUFM.roa (raw, json)
Hash identifier:          ZJNzG5B9h6XB/iR0ZipMVdzJWZ4JmXR61rO3sO/aC34=
Subject key identifier:   9F:35:35:0D:47:1C:FB:0B:B0:16:25:BE:6B:BC:CA:3D:9E:E4:50:53
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       019B76EB306435BB290349F6CC13C7998FD2
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/nzU1DUcc-wuwFiW-a7zKPZ7kUFM.roa
Signing time:             Thu 01 Jan 2026 00:18:03 +0000
ROA not before:           Thu 01 Jan 2026 00:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35569
IP address blocks:        80.93.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:30:64:35:bb:29:03:49:f6:cc:13:c7:99:8f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 00:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f35350d471cfb0bb01625be6bbcca3d9ee45053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:22:73:30:b7:cb:e7:93:83:78:72:1d:27:a9:
                    d9:37:1b:77:7d:1b:85:26:0f:29:91:bd:ec:02:9e:
                    5f:91:64:72:44:61:8f:e2:d7:de:50:78:87:61:27:
                    92:23:69:3e:ba:4b:56:ec:77:c9:f2:c6:17:8d:57:
                    a5:c4:ff:50:32:cd:f0:04:12:78:64:92:2b:e4:57:
                    71:c9:67:b5:28:db:79:01:94:bc:c3:96:7b:8c:45:
                    b4:16:67:1a:e3:34:61:03:79:36:83:10:89:b7:c6:
                    ea:a1:25:7f:b6:45:c9:2b:e6:68:01:ce:4d:6c:17:
                    41:7a:84:28:35:85:de:68:14:00:2d:7e:71:1f:3d:
                    70:99:a4:97:cf:40:d1:6a:50:6a:0a:57:8a:c5:6f:
                    1e:26:77:41:cc:5b:38:fe:87:f1:c0:9e:ef:6c:10:
                    bb:37:21:15:95:2b:e4:83:fd:e4:5e:d9:95:46:16:
                    9c:b1:0e:7b:7a:70:e1:40:ef:c1:55:d6:f9:df:b0:
                    ff:32:73:08:45:fa:cc:aa:a0:9a:cf:b8:72:33:ca:
                    91:c2:b3:69:f7:ef:21:82:b4:0e:1e:78:20:09:ea:
                    49:83:d8:37:54:42:a9:00:1d:3f:35:3d:e1:01:5e:
                    9c:35:50:7b:21:dd:1e:2b:fc:a1:eb:ad:5d:8c:77:
                    a7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:35:35:0D:47:1C:FB:0B:B0:16:25:BE:6B:BC:CA:3D:9E:E4:50:53
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/nzU1DUcc-wuwFiW-a7zKPZ7kUFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:03:fa:a7:6c:e8:a3:1d:83:b6:f6:2c:b1:33:03:9a:bf:d2:
         ef:d7:d2:00:0f:f7:a1:92:37:2e:75:31:79:4a:99:35:38:6f:
         7b:c5:0c:4a:b9:f9:a9:a2:27:88:63:22:f4:ee:1a:7b:19:df:
         16:63:40:9f:82:8a:af:bb:54:5c:ec:48:bc:17:5e:b9:32:f3:
         60:e5:7b:61:92:39:a9:5f:3c:0e:f3:6e:e4:81:1a:22:f4:12:
         5e:cc:bb:40:ad:21:8b:a0:53:8b:cf:16:e7:5d:f6:6b:92:66:
         74:a1:53:52:df:46:54:83:5f:11:df:44:47:26:d9:f0:4f:69:
         b9:18:f5:1f:3b:84:3d:30:32:0f:6f:7f:4d:e2:e9:1a:0c:fd:
         9a:77:17:d9:58:bf:ff:98:c9:de:27:a0:1c:e0:d4:6a:93:3d:
         78:ff:aa:3b:3b:e7:75:47:cc:3a:ae:16:38:76:af:91:e4:37:
         0e:bf:0f:cc:3a:90:33:18:11:55:90:0c:75:42:eb:71:8e:12:
         68:55:2b:70:71:2c:8a:fe:0e:53:28:5c:eb:08:0e:03:60:68:
         9e:2f:6c:b3:b2:2d:ad:d8:79:d7:11:19:65:c9:fc:3d:c9:77:
         93:ce:a0:f5:c6:36:0e:f4:e7:05:e5:c2:22:3e:18:f2:3c:b4:
         8c:f0:a2:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26zBkNbspA0n2zBPHmY/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjYwMTAxMDAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM1MzUwZDQ3MWNmYjBiYjAxNjI1YmU2YmJjY2EzZDllZTQ1MDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7iJzMLfL55ODeHIdJ6nZNxt3fRuF
Jg8pkb3sAp5fkWRyRGGP4tfeUHiHYSeSI2k+uktW7HfJ8sYXjVelxP9QMs3wBBJ4
ZJIr5FdxyWe1KNt5AZS8w5Z7jEW0Fmca4zRhA3k2gxCJt8bqoSV/tkXJK+ZoAc5N
bBdBeoQoNYXeaBQALX5xHz1wmaSXz0DRalBqCleKxW8eJndBzFs4/ofxwJ7vbBC7
NyEVlSvkg/3kXtmVRhacsQ57enDhQO/BVdb537D/MnMIRfrMqqCaz7hyM8qRwrNp
9+8hgrQOHnggCepJg9g3VEKpAB0/NT3hAV6cNVB7Id0eK/yh661djHenVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ81NQ1HHPsLsBYlvmu8yj2e5FBTMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvbnpVMURVY2Mtd3V3RmlXLWE3ektQWjdrVUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUF04MA0G
CSqGSIb3DQEBCwUAA4IBAQBfA/qnbOijHYO29iyxMwOav9Lv19IAD/ehkjcudTF5
Spk1OG97xQxKufmpoieIYyL07hp7Gd8WY0Cfgoqvu1Rc7Ei8F165MvNg5Xthkjmp
XzwO827kgRoi9BJezLtArSGLoFOLzxbnXfZrkmZ0oVNS30ZUg18R30RHJtnwT2m5
GPUfO4Q9MDIPb39N4ukaDP2adxfZWL//mMneJ6Ac4NRqkz14/6o7O+d1R8w6rhY4
dq+R5DcOvw/MOpAzGBFVkAx1QutxjhJoVStwcSyK/g5TKFzrCA4DYGieL2yzsi2t
2HnXERllyfw9yXeTzqD1xjYO9OcF5cIiPhjyPLSM8KJi
-----END CERTIFICATE-----