This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IZR-cdRVvz3hV1Y0kpYhnLDh9C0.roa
File:                     IZR-cdRVvz3hV1Y0kpYhnLDh9C0.roa (raw, json)
Hash identifier:          vD1MZa3deChochouvJ+X86rH4s9X9syrG8V+44alxw8=
Subject key identifier:   21:94:7E:71:D4:55:BF:3D:E1:57:56:34:92:96:21:9C:B0:E1:F4:2D
Certificate issuer:       /CN=d947b281348abdac24c2bd16da06775ca755f410
Certificate serial:       019BC72CC793CC70225A0BA7B90E7D5A61C8
Authority key identifier: D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IZR-cdRVvz3hV1Y0kpYhnLDh9C0.roa
Signing time:             Fri 16 Jan 2026 14:19:19 +0000
ROA not before:           Fri 16 Jan 2026 14:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        185.161.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 Jan 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c7:2c:c7:93:cc:70:22:5a:0b:a7:b9:0e:7d:5a:61:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d947b281348abdac24c2bd16da06775ca755f410
        Validity
            Not Before: Jan 16 14:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21947e71d455bf3de15756349296219cb0e1f42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:33:60:af:66:4e:ad:a9:70:c4:b7:b9:da:
                    2f:b2:43:e1:03:57:40:7c:1e:9b:d9:43:23:38:21:
                    aa:e0:8a:dd:b8:da:7c:8b:5e:92:81:af:89:a1:21:
                    12:17:a5:2d:0c:c6:60:0c:ea:06:a9:18:33:ed:1c:
                    2a:f5:a2:03:9a:70:a1:6c:67:2b:0c:f4:c2:bf:3f:
                    8c:5c:0d:4b:57:b5:b5:89:5b:14:df:69:75:97:a9:
                    9b:00:0f:f7:71:ae:5b:92:b7:33:e1:d6:f8:41:6e:
                    22:6c:ae:41:7e:1d:3c:7d:8c:6c:d0:0f:e3:94:97:
                    1e:e4:3b:e8:c7:46:0a:54:b3:36:2c:2c:17:4e:1a:
                    fd:80:b3:44:21:2a:bd:e3:50:1f:56:a7:70:63:d0:
                    eb:e0:20:72:24:55:bd:8b:40:6c:bc:21:82:66:3b:
                    b8:ed:59:24:19:65:1c:30:f6:00:e2:29:28:f2:b8:
                    a1:85:85:61:c7:5c:f0:55:ed:cf:26:c7:04:79:50:
                    19:da:eb:df:65:b7:96:c7:dd:2c:80:3d:ff:fd:60:
                    6b:58:c3:43:25:8f:c8:7d:0c:3b:8f:0c:18:c0:70:
                    1e:c7:d1:c9:9a:06:98:56:5e:9a:cc:8d:92:e4:ef:
                    41:7f:d2:ac:b6:05:18:05:5b:9a:3f:94:ef:a6:0c:
                    33:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:94:7E:71:D4:55:BF:3D:E1:57:56:34:92:96:21:9C:B0:E1:F4:2D
            X509v3 Authority Key Identifier:
                keyid:D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IZR-cdRVvz3hV1Y0kpYhnLDh9C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:33:58:68:88:2b:ff:0e:0f:ef:f2:fa:2e:d5:4d:9d:d6:2d:
         62:6d:09:f8:ac:52:e9:1b:ed:08:c9:7f:10:2f:54:98:24:c0:
         c2:63:12:f6:43:89:ab:c5:e9:f4:c9:7f:bd:52:7c:df:9a:b3:
         3a:16:50:71:a6:90:d5:3d:23:be:2d:7b:15:e6:ea:32:be:3f:
         ff:63:82:98:5d:cc:9c:1b:90:9d:dd:16:98:ec:88:41:d6:0d:
         cb:62:a2:00:4c:0a:53:31:c9:07:54:9e:00:eb:5e:7d:ca:36:
         f7:41:9a:87:ee:d9:03:32:74:fd:c7:15:86:b9:3b:f1:30:99:
         2a:06:24:9c:28:70:8f:2a:3d:ff:5b:d3:a5:4a:47:65:e2:33:
         bd:37:0c:ff:88:db:b1:05:0a:80:91:e2:9b:f6:56:e5:d5:de:
         5c:78:2a:d6:87:0b:61:7c:87:3b:9b:d3:2a:da:ab:6e:ec:11:
         93:72:bb:0c:f3:40:3a:fd:bd:79:14:0d:52:c0:52:fa:c0:f1:
         be:78:20:c7:e5:40:23:8f:d2:be:3f:57:f6:f5:d4:88:2c:53:
         2d:7d:8b:48:14:43:82:53:39:07:e9:b1:a7:7d:8a:3e:eb:5e:
         1c:00:25:36:64:1e:2d:c4:d5:c9:b3:54:25:9f:ae:fd:d4:1d:
         bd:20:3e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvHLMeTzHAiWgunuQ59WmHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDdiMjgxMzQ4YWJkYWMyNGMyYmQxNmRhMDY3NzVjYTc1
NWY0MTAwHhcNMjYwMTE2MTQxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk0N2U3MWQ0NTViZjNkZTE1NzU2MzQ5Mjk2MjE5Y2IwZTFmNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9gzYK9mTq2pcMS3udovskPhA1dA
fB6b2UMjOCGq4IrduNp8i16Sga+JoSESF6UtDMZgDOoGqRgz7Rwq9aIDmnChbGcr
DPTCvz+MXA1LV7W1iVsU32l1l6mbAA/3ca5bkrcz4db4QW4ibK5Bfh08fYxs0A/j
lJce5Dvox0YKVLM2LCwXThr9gLNEISq941AfVqdwY9Dr4CByJFW9i0BsvCGCZju4
7VkkGWUcMPYA4iko8rihhYVhx1zwVe3PJscEeVAZ2uvfZbeWx90sgD3//WBrWMND
JY/IfQw7jwwYwHAex9HJmgaYVl6azI2S5O9Bf9KstgUYBVuaP5Tvpgwz7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGUfnHUVb894VdWNJKWIZyw4fQtMB8GA1UdIwQY
MBaAFNlHsoE0ir2sJMK9FtoGd1ynVfQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYt
NjZhYzBkYmE1YmYyLzEvSVpSLWNkUlZ2ejNoVjFZMGtwWWhuTERoOUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYtNjZhYzBkYmE1YmYy
LzEvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaGhMA0G
CSqGSIb3DQEBCwUAA4IBAQAhM1hoiCv/Dg/v8vou1U2d1i1ibQn4rFLpG+0IyX8Q
L1SYJMDCYxL2Q4mrxen0yX+9UnzfmrM6FlBxppDVPSO+LXsV5uoyvj//Y4KYXcyc
G5Cd3RaY7IhB1g3LYqIATApTMckHVJ4A6159yjb3QZqH7tkDMnT9xxWGuTvxMJkq
BiScKHCPKj3/W9OlSkdl4jO9Nwz/iNuxBQqAkeKb9lbl1d5ceCrWhwthfIc7m9Mq
2qtu7BGTcrsM80A6/b15FA1SwFL6wPG+eCDH5UAjj9K+P1f29dSILFMtfYtIFEOC
UzkH6bGnfYo+614cACU2ZB4txNXJs1Qln6791B29ID7O
-----END CERTIFICATE-----