This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZiR6ZrA3XKmOMdSYn1nbkvoJfuc.roa
File:                     ZiR6ZrA3XKmOMdSYn1nbkvoJfuc.roa (raw, json)
Hash identifier:          H0dHPUEpABR63APcnlQrAzJqRe+rMqjbSQQKwlGf7xo=
Subject key identifier:   66:24:7A:66:B0:37:5C:A9:8E:31:D4:98:9F:59:DB:92:FA:09:7E:E7
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       019B7EA545AACFD80EE8DC0414938909A7DA
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZiR6ZrA3XKmOMdSYn1nbkvoJfuc.roa
Signing time:             Fri 02 Jan 2026 12:18:39 +0000
ROA not before:           Fri 02 Jan 2026 12:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        45.153.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:45:aa:cf:d8:0e:e8:dc:04:14:93:89:09:a7:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  2 12:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66247a66b0375ca98e31d4989f59db92fa097ee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:59:ed:2f:9f:7b:1a:fa:e1:d2:59:60:b7:27:
                    f9:6f:bd:9e:d6:af:de:e2:57:49:58:b7:e2:d6:67:
                    dd:ea:b7:a0:9b:8b:a2:8c:d7:59:7e:a9:9b:f9:e4:
                    fc:a2:3d:e6:2a:e8:39:4a:fb:4e:cb:fd:03:b9:b6:
                    14:98:f9:84:ab:ad:be:30:64:ba:68:b4:f9:db:86:
                    80:28:5d:58:9c:88:75:10:13:f9:46:16:2f:9e:7b:
                    9f:a1:5c:f2:62:44:5c:02:fa:b5:f1:df:1e:56:06:
                    ba:1a:7c:d1:34:41:7f:19:28:d9:4d:13:74:75:75:
                    22:cc:a6:4f:66:1a:1c:90:45:cf:d6:1d:ba:95:9d:
                    24:9b:63:c5:82:c0:21:25:55:40:ec:01:4c:79:a3:
                    ce:63:4b:6e:3c:75:9d:e9:6a:b4:03:c6:ef:6d:99:
                    ed:b8:c1:61:a8:bf:1b:6c:29:cf:d8:da:d2:99:4a:
                    0a:63:93:c4:ae:cf:84:49:13:01:f4:e0:03:d8:bf:
                    4e:aa:11:c4:38:cc:d0:71:5b:bc:11:25:4e:42:fe:
                    c5:20:7d:42:b1:a6:97:50:e2:39:1a:91:5e:aa:d4:
                    e0:f7:01:c7:ac:ed:70:7d:be:82:6c:d7:f1:b1:6f:
                    ae:15:06:a4:d3:c8:0e:51:34:bb:e8:dc:d7:59:c1:
                    16:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:24:7A:66:B0:37:5C:A9:8E:31:D4:98:9F:59:DB:92:FA:09:7E:E7
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZiR6ZrA3XKmOMdSYn1nbkvoJfuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a0:00:d5:34:c4:be:8e:e3:0d:62:97:85:b3:20:1e:e5:69:
         8e:d3:cf:5b:c2:71:7d:10:65:ae:b8:39:3c:10:41:58:d6:81:
         46:e1:ff:d8:b7:fb:f3:f4:06:9d:42:c4:b0:8b:02:a4:07:63:
         78:cd:da:bf:98:f4:ec:02:82:ac:7a:eb:97:a1:3f:92:c6:61:
         5f:8b:b9:20:a6:bf:7f:06:86:31:35:b3:63:63:3a:67:ba:64:
         9f:58:3e:43:91:ba:84:d8:b9:f8:f3:32:2c:b0:b9:f9:9a:d8:
         96:e2:ed:e5:29:b7:00:10:94:81:9d:23:cf:c0:ff:f0:2d:b1:
         15:ae:8e:8c:05:3e:53:a4:5c:c0:b5:e6:7c:8f:54:16:86:59:
         4c:70:bd:31:35:f7:62:27:78:bc:99:0c:99:af:9d:ef:37:5b:
         d0:30:ba:74:50:9d:f1:3f:cd:da:25:71:6b:e1:17:60:fb:1a:
         8f:de:a5:81:85:c5:72:ba:c1:58:a4:6e:67:4a:85:d3:fe:b7:
         7f:9e:60:73:87:90:0f:70:4e:6d:67:6c:0a:d3:a1:db:eb:7a:
         cb:ad:ba:67:63:00:f0:30:dd:5f:83:9b:1e:88:20:89:77:3a:
         22:e7:1d:fe:de:47:65:d9:2e:fc:d9:c3:04:26:c5:dc:71:ec:
         ab:73:21:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pUWqz9gO6NwEFJOJCafaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjYwMTAyMTIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI0N2E2NmIwMzc1Y2E5OGUzMWQ0OTg5ZjU5ZGI5MmZhMDk3ZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01ntL597Gvrh0llgtyf5b72e1q/e
4ldJWLfi1mfd6regm4uijNdZfqmb+eT8oj3mKug5SvtOy/0DubYUmPmEq62+MGS6
aLT524aAKF1YnIh1EBP5RhYvnnufoVzyYkRcAvq18d8eVga6GnzRNEF/GSjZTRN0
dXUizKZPZhockEXP1h26lZ0km2PFgsAhJVVA7AFMeaPOY0tuPHWd6Wq0A8bvbZnt
uMFhqL8bbCnP2NrSmUoKY5PErs+ESRMB9OAD2L9OqhHEOMzQcVu8ESVOQv7FIH1C
saaXUOI5GpFeqtTg9wHHrO1wfb6CbNfxsW+uFQak08gOUTS76NzXWcEW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYkemawN1ypjjHUmJ9Z25L6CX7nMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvWmlSNlpyQTNYS21PTWRTWW4xbmJrdm9KZnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZmnMA0G
CSqGSIb3DQEBCwUAA4IBAQBpoADVNMS+juMNYpeFsyAe5WmO089bwnF9EGWuuDk8
EEFY1oFG4f/Yt/vz9AadQsSwiwKkB2N4zdq/mPTsAoKseuuXoT+SxmFfi7kgpr9/
BoYxNbNjYzpnumSfWD5DkbqE2Ln48zIssLn5mtiW4u3lKbcAEJSBnSPPwP/wLbEV
ro6MBT5TpFzAteZ8j1QWhllMcL0xNfdiJ3i8mQyZr53vN1vQMLp0UJ3xP83aJXFr
4Rdg+xqP3qWBhcVyusFYpG5nSoXT/rd/nmBzh5APcE5tZ2wK06Hb63rLrbpnYwDw
MN1fg5seiCCJdzoi5x3+3kdl2S782cMEJsXcceyrcyEK
-----END CERTIFICATE-----