This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/mzjreCh1UKp6Tw01JHK_gKRYkGg.roa
File:                     mzjreCh1UKp6Tw01JHK_gKRYkGg.roa (raw, json)
Hash identifier:          8KHhl+lFh6yPZptHPK8f1cx7zO0RSCaz8HUst/vhTr0=
Subject key identifier:   9B:38:EB:78:28:75:50:AA:7A:4F:0D:35:24:72:BF:80:A4:58:90:68
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019B77C6F8E9594343F64D76895FA7059801
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/mzjreCh1UKp6Tw01JHK_gKRYkGg.roa
Signing time:             Thu 01 Jan 2026 04:18:07 +0000
ROA not before:           Thu 01 Jan 2026 04:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        45.152.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f8:e9:59:43:43:f6:4d:76:89:5f:a7:05:98:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 04:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b38eb78287550aa7a4f0d352472bf80a4589068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5a:46:df:87:37:6c:ca:d6:0f:83:e3:dd:4e:
                    96:90:e9:5d:25:7e:c9:12:04:53:f6:67:a5:22:46:
                    6e:d6:d6:6b:d1:d6:f1:7a:f2:9e:13:f2:b2:1f:49:
                    30:3b:c9:70:8d:17:9a:f2:a5:9d:96:22:98:42:84:
                    77:7c:76:74:8b:ed:31:d8:1b:89:3f:ef:bf:25:92:
                    44:d0:93:7d:93:37:96:5a:a2:cc:fc:bb:11:f5:f6:
                    01:4d:14:d3:f1:a4:e9:96:a8:2c:63:cc:e6:8f:cd:
                    57:1e:29:5d:2a:44:78:f1:7b:2d:ad:fd:7b:a2:48:
                    ac:80:c6:02:fb:52:00:c4:75:62:d1:6e:99:5f:4c:
                    e7:d2:f1:af:01:73:99:d1:3a:b2:d1:b0:8e:a4:d8:
                    9e:9e:59:ec:6f:43:40:fa:a3:f3:cc:87:27:6f:ce:
                    dd:a6:c0:af:c2:4e:31:3c:bf:b2:25:e5:92:b8:d9:
                    80:fb:a8:ec:f8:24:12:af:10:e0:69:1a:53:4c:e9:
                    a9:6a:85:8c:1a:90:8d:57:b1:e4:2f:13:f1:9b:bd:
                    e2:b7:69:08:a9:34:1f:10:65:e7:4a:3c:4e:d3:16:
                    9c:3c:4f:f6:3d:25:50:33:f1:2a:6f:bc:5f:60:22:
                    c4:d8:00:66:12:c2:da:86:6b:39:2b:64:32:3b:d7:
                    b6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:38:EB:78:28:75:50:AA:7A:4F:0D:35:24:72:BF:80:A4:58:90:68
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/mzjreCh1UKp6Tw01JHK_gKRYkGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:fe:5a:e3:06:2c:f7:ac:c6:df:15:71:25:57:19:51:92:e3:
         8b:ad:ba:ba:73:f4:c2:76:35:ab:07:c1:37:45:ac:8a:44:c8:
         65:43:18:b0:a9:34:8d:36:22:93:a0:78:ca:7a:e5:32:92:b1:
         43:78:33:7e:fc:3d:3f:2a:95:a4:48:92:c6:de:df:10:95:d8:
         c4:4b:33:88:cb:7b:68:b8:fc:78:e8:65:24:df:a5:50:05:26:
         96:cb:79:1b:55:e4:ce:ee:3f:12:f0:32:17:9d:60:35:f1:42:
         c7:67:da:70:4e:b6:41:be:c9:bc:c7:61:6a:d4:b4:43:55:a5:
         62:0c:db:77:a8:90:bb:12:73:d4:57:45:f0:8b:87:67:d8:79:
         f4:a7:e2:e7:dc:3b:bb:d7:63:af:3c:96:67:6f:e8:37:0b:24:
         5e:74:88:ac:92:45:9b:0e:b5:c6:aa:1f:fe:4f:70:82:13:59:
         ca:74:95:48:0e:66:89:48:53:05:c7:8a:25:16:4b:12:f1:f2:
         8a:7d:88:d7:a8:4a:bc:6c:49:aa:fa:2f:76:fe:89:31:00:aa:
         05:c2:38:61:68:95:fb:e4:33:34:d0:1b:d6:9a:e4:21:a3:10:
         73:7b:c0:71:be:49:0a:24:46:92:bf:7a:86:23:4b:35:7a:73:
         ee:2f:a1:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvjpWUND9k12iV+nBZgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMTAxMDQxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM4ZWI3ODI4NzU1MGFhN2E0ZjBkMzUyNDcyYmY4MGE0NTg5MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVpG34c3bMrWD4Pj3U6WkOldJX7J
EgRT9melIkZu1tZr0dbxevKeE/KyH0kwO8lwjRea8qWdliKYQoR3fHZ0i+0x2BuJ
P++/JZJE0JN9kzeWWqLM/LsR9fYBTRTT8aTplqgsY8zmj81XHildKkR48Xstrf17
okisgMYC+1IAxHVi0W6ZX0zn0vGvAXOZ0Tqy0bCOpNienlnsb0NA+qPzzIcnb87d
psCvwk4xPL+yJeWSuNmA+6js+CQSrxDgaRpTTOmpaoWMGpCNV7HkLxPxm73it2kI
qTQfEGXnSjxO0xacPE/2PSVQM/Eqb7xfYCLE2ABmEsLahms5K2QyO9e2/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs463godVCqek8NNSRyv4CkWJBoMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvbXpqcmVDaDFVS3A2VHcwMUpIS19nS1JZa0dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZikMA0G
CSqGSIb3DQEBCwUAA4IBAQCK/lrjBiz3rMbfFXElVxlRkuOLrbq6c/TCdjWrB8E3
RayKRMhlQxiwqTSNNiKToHjKeuUykrFDeDN+/D0/KpWkSJLG3t8QldjESzOIy3to
uPx46GUk36VQBSaWy3kbVeTO7j8S8DIXnWA18ULHZ9pwTrZBvsm8x2Fq1LRDVaVi
DNt3qJC7EnPUV0Xwi4dn2Hn0p+Ln3Du712OvPJZnb+g3CyRedIiskkWbDrXGqh/+
T3CCE1nKdJVIDmaJSFMFx4olFksS8fKKfYjXqEq8bEmq+i92/okxAKoFwjhhaJX7
5DM00BvWmuQhoxBze8BxvkkKJEaSv3qGI0s1enPuL6GX
-----END CERTIFICATE-----