This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Ztqw78ZRqkZ9r4dUve4yORASgjY.roa
File:                     Ztqw78ZRqkZ9r4dUve4yORASgjY.roa (raw, json)
Hash identifier:          4/5tXQGDZtxlbqEHC4WR/Itl5GBMMX7/czzhSvOR3QU=
Subject key identifier:   66:DA:B0:EF:C6:51:AA:46:7D:AF:87:54:BD:EE:32:39:10:12:82:36
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019B7F830B3CB14C37DDF25F68AFD11FD8D8
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Ztqw78ZRqkZ9r4dUve4yORASgjY.roa
Signing time:             Fri 02 Jan 2026 16:20:53 +0000
ROA not before:           Fri 02 Jan 2026 16:20:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        46.233.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 07:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:0b:3c:b1:4c:37:dd:f2:5f:68:af:d1:1f:d8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 16:20:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66dab0efc651aa467daf8754bdee323910128236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:91:09:b1:cc:6f:ca:2c:20:17:04:26:47:58:
                    9f:ed:fe:5c:3d:51:e2:a7:bc:4a:0e:d4:52:84:17:
                    d6:60:75:d2:89:f8:71:d1:83:6b:82:78:22:9e:67:
                    b4:6e:f8:fb:56:84:e5:8e:78:68:36:c5:90:6f:05:
                    04:00:95:2f:54:78:a8:dd:83:3e:81:7c:fa:a2:fc:
                    a6:f4:56:ab:86:c5:7a:b4:3e:38:bd:a9:cb:27:5f:
                    f5:0c:99:34:a2:6a:72:51:a8:b7:c6:30:f6:88:cd:
                    61:36:10:a8:c4:89:b8:34:96:17:e5:60:43:c2:c7:
                    f7:10:05:55:db:ae:8a:bf:67:63:ba:b7:ce:06:83:
                    4c:47:cf:44:2a:01:c4:3b:6f:fa:87:a3:88:6e:ac:
                    34:e4:64:78:6f:81:30:7d:65:0d:d1:07:35:bf:33:
                    93:29:6f:a9:49:a1:4a:6a:eb:dd:90:0c:5d:26:8b:
                    8b:da:ca:46:da:dd:06:f4:3d:e0:66:f7:1c:c0:83:
                    1d:0c:1c:f7:51:b1:84:b9:37:af:69:51:38:c8:39:
                    2b:18:6e:f3:f6:e4:1e:88:fc:60:32:b4:02:1f:48:
                    79:5f:98:5c:89:1e:b8:17:85:32:ad:fd:e3:82:e9:
                    87:a5:1b:27:0b:95:e6:d7:4d:32:b1:95:06:d5:6e:
                    ee:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DA:B0:EF:C6:51:AA:46:7D:AF:87:54:BD:EE:32:39:10:12:82:36
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Ztqw78ZRqkZ9r4dUve4yORASgjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b2:23:85:46:cd:8e:51:71:26:89:41:12:79:a6:ca:19:31:
         89:6d:44:17:d7:76:3b:84:1f:de:1d:30:59:92:e8:43:90:f4:
         c6:58:18:cf:d4:e8:fe:05:55:96:b1:c2:0a:79:b2:a9:f6:8a:
         5d:f9:31:54:9f:01:ff:1f:a4:ab:4b:e5:d3:a2:ea:0d:e3:3c:
         3a:5c:c9:1b:d5:e9:44:49:20:8b:cb:21:62:e8:68:dc:4f:5b:
         b6:d0:3b:c3:06:93:c0:90:a7:19:8c:54:04:2a:f7:11:0f:9e:
         a6:5e:e0:05:0f:73:02:89:67:75:af:73:ae:ed:78:32:86:3a:
         80:a2:de:34:8b:23:ce:fa:6f:3a:76:da:58:34:d1:46:59:0e:
         91:96:88:2f:0e:88:d0:61:1e:96:25:bf:e6:ae:b8:ee:48:62:
         f1:3a:8d:89:02:bf:b2:14:73:2e:e0:00:3f:24:c1:7a:0e:a3:
         84:1c:b9:1f:c9:db:61:65:c1:a2:7e:5b:fb:f9:2f:f4:59:bd:
         c4:cc:7b:24:66:d2:24:59:e1:55:b1:cf:c2:51:e6:ee:31:a1:
         f4:4c:26:4b:ba:ac:57:2f:32:5d:3f:7c:7b:2e:48:77:68:2d:
         41:02:e3:8f:bc:25:46:ae:eb:01:1f:84:74:9b:17:5c:e7:2e:
         58:26:5a:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gws8sUw33fJfaK/RH9jYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjYwMTAyMTYyMDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRhYjBlZmM2NTFhYTQ2N2RhZjg3NTRiZGVlMzIzOTEwMTI4MjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpEJscxvyiwgFwQmR1if7f5cPVHi
p7xKDtRShBfWYHXSifhx0YNrgnginme0bvj7VoTljnhoNsWQbwUEAJUvVHio3YM+
gXz6ovym9FarhsV6tD44vanLJ1/1DJk0ompyUai3xjD2iM1hNhCoxIm4NJYX5WBD
wsf3EAVV266Kv2djurfOBoNMR89EKgHEO2/6h6OIbqw05GR4b4EwfWUN0Qc1vzOT
KW+pSaFKauvdkAxdJouL2spG2t0G9D3gZvccwIMdDBz3UbGEuTevaVE4yDkrGG7z
9uQeiPxgMrQCH0h5X5hciR64F4Uyrf3jgumHpRsnC5Xm100ysZUG1W7uoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbasO/GUapGfa+HVL3uMjkQEoI2MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvWnRxdzc4WlJxa1o5cjRkVXZlNHlPUkFTZ2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukrMA0G
CSqGSIb3DQEBCwUAA4IBAQAJsiOFRs2OUXEmiUESeabKGTGJbUQX13Y7hB/eHTBZ
kuhDkPTGWBjP1Oj+BVWWscIKebKp9opd+TFUnwH/H6SrS+XTouoN4zw6XMkb1elE
SSCLyyFi6GjcT1u20DvDBpPAkKcZjFQEKvcRD56mXuAFD3MCiWd1r3Ou7XgyhjqA
ot40iyPO+m86dtpYNNFGWQ6RlogvDojQYR6WJb/mrrjuSGLxOo2JAr+yFHMu4AA/
JMF6DqOEHLkfydthZcGiflv7+S/0Wb3EzHskZtIkWeFVsc/CUebuMaH0TCZLuqxX
LzJdP3x7Lkh3aC1BAuOPvCVGrusBH4R0mxdc5y5YJlon
-----END CERTIFICATE-----