This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ZRvaOIKbkQZVgME249WBTrRDkgI.roa
File:                     ZRvaOIKbkQZVgME249WBTrRDkgI.roa (raw, json)
Hash identifier:          Vfmj/d1ZlRtReUQUhXjbyyqxCLiadjALzJAOMXE59uw=
Subject key identifier:   65:1B:DA:38:82:9B:91:06:55:80:C1:36:E3:D5:81:4E:B4:43:92:02
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019B7AC84E566AE1D7A27A8EDAA5F00F1AE4
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ZRvaOIKbkQZVgME249WBTrRDkgI.roa
Signing time:             Thu 01 Jan 2026 18:18:26 +0000
ROA not before:           Thu 01 Jan 2026 18:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        89.106.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:4e:56:6a:e1:d7:a2:7a:8e:da:a5:f0:0f:1a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 18:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=651bda38829b91065580c136e3d5814eb4439202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4f:78:d4:92:b3:43:f6:c7:cf:3c:58:0a:fb:
                    a7:27:63:e8:51:03:d7:f3:56:cd:27:05:78:eb:46:
                    07:5a:a2:4a:8c:78:32:12:ee:82:59:0f:34:9b:23:
                    ee:9d:02:95:2a:c4:6d:76:f6:d9:65:e5:13:c6:9f:
                    88:e6:0a:b2:a9:41:56:b9:87:4f:72:e0:4f:1d:94:
                    53:6d:f8:fa:38:dc:57:33:18:f5:63:d8:26:89:9e:
                    58:0a:74:78:d8:1d:d5:10:b2:9a:70:82:08:ce:e4:
                    e6:24:de:7c:8e:6a:bb:a8:83:7e:a1:c9:9d:fb:5d:
                    7e:f6:a6:1e:2c:e0:1a:f1:1c:a8:e1:2a:98:90:61:
                    d4:46:6f:0e:da:c6:dd:c5:a4:2d:18:9b:48:0f:6e:
                    eb:79:32:0f:34:9d:da:ac:a9:62:13:74:05:8e:8a:
                    a1:81:52:9f:15:5b:d5:7d:71:b7:f3:b7:b3:99:88:
                    eb:f1:b9:96:d3:74:af:0e:af:d4:3f:cd:32:a2:e6:
                    cd:7d:f5:57:0f:a6:23:98:15:d5:3c:e2:f1:2a:ca:
                    13:62:8a:3b:05:a8:2e:29:7a:aa:d7:fa:90:ad:24:
                    12:6b:1d:2d:e3:85:de:1f:74:ea:6e:5d:91:9a:1e:
                    59:07:13:58:ca:06:5b:6b:61:b6:85:60:21:63:62:
                    10:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1B:DA:38:82:9B:91:06:55:80:C1:36:E3:D5:81:4E:B4:43:92:02
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ZRvaOIKbkQZVgME249WBTrRDkgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:10:2d:77:4a:b6:b2:ab:ef:15:bb:2a:dd:84:f4:d2:01:3d:
         a8:b1:76:ef:d3:7a:e2:7c:65:c2:f4:87:ed:31:4a:30:1f:28:
         ba:25:00:bb:25:d0:6a:7f:40:04:51:3f:d1:2c:9f:a6:13:8b:
         2e:bd:4b:7a:ea:8d:88:c0:f7:24:08:84:65:84:0b:f5:df:3e:
         63:2c:4e:56:3a:b3:80:6d:27:d9:67:ea:68:9e:0c:b4:fe:d7:
         14:b5:75:3c:6e:b8:fb:37:ae:b5:93:8c:20:1f:5d:20:c5:4a:
         fc:70:ba:4e:f2:77:cc:58:bf:80:9f:f4:16:20:e9:27:70:f5:
         4c:a2:91:b8:4a:2c:03:eb:b8:7d:0f:55:f6:05:64:55:48:32:
         f8:7f:c7:1f:2b:f5:f3:a9:4f:54:af:fa:cc:05:6d:e6:03:50:
         b3:be:d2:6c:80:50:c2:ac:05:8d:71:f3:4a:7c:cf:50:cf:7e:
         d7:93:67:c5:4b:a4:a3:2e:63:6c:66:c8:46:45:3a:f5:96:6c:
         1b:6d:9d:71:c0:4a:14:f6:e5:27:38:81:c6:2c:97:8f:a7:4b:
         f6:9a:35:10:b0:58:38:f8:53:7c:2e:68:8b:81:7a:98:ed:fc:
         47:62:e8:2c:27:9d:f0:84:c3:b7:7a:da:58:cb:5e:20:fa:92:
         14:c7:22:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yE5WauHXonqO2qXwDxrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMTAxMTgxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFiZGEzODgyOWI5MTA2NTU4MGMxMzZlM2Q1ODE0ZWI0NDM5MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU941JKzQ/bHzzxYCvunJ2PoUQPX
81bNJwV460YHWqJKjHgyEu6CWQ80myPunQKVKsRtdvbZZeUTxp+I5gqyqUFWuYdP
cuBPHZRTbfj6ONxXMxj1Y9gmiZ5YCnR42B3VELKacIIIzuTmJN58jmq7qIN+ocmd
+11+9qYeLOAa8Ryo4SqYkGHURm8O2sbdxaQtGJtID27reTIPNJ3arKliE3QFjoqh
gVKfFVvVfXG387ezmYjr8bmW03SvDq/UP80youbNffVXD6YjmBXVPOLxKsoTYoo7
BaguKXqq1/qQrSQSax0t44XeH3Tqbl2Rmh5ZBxNYygZba2G2hWAhY2IQRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUb2jiCm5EGVYDBNuPVgU60Q5ICMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvWlJ2YU9JS2JrUVpWZ01FMjQ5V0JUclJEa2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoBMA0G
CSqGSIb3DQEBCwUAA4IBAQCMEC13Srayq+8VuyrdhPTSAT2osXbv03rifGXC9Ift
MUowHyi6JQC7JdBqf0AEUT/RLJ+mE4suvUt66o2IwPckCIRlhAv13z5jLE5WOrOA
bSfZZ+pongy0/tcUtXU8brj7N661k4wgH10gxUr8cLpO8nfMWL+An/QWIOkncPVM
opG4SiwD67h9D1X2BWRVSDL4f8cfK/XzqU9Ur/rMBW3mA1CzvtJsgFDCrAWNcfNK
fM9Qz37Xk2fFS6SjLmNsZshGRTr1lmwbbZ1xwEoU9uUnOIHGLJePp0v2mjUQsFg4
+FN8LmiLgXqY7fxHYugsJ53whMO3etpYy14g+pIUxyJr
-----END CERTIFICATE-----