This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/zjfJO2RH5SIxJF2laNjzaWPFUmE.roa
File:                     zjfJO2RH5SIxJF2laNjzaWPFUmE.roa (raw, json)
Hash identifier:          CH64B9ZYUzeZok1rFlTbLuLN/vSRqUxl6QpPK+7D75o=
Subject key identifier:   CE:37:C9:3B:64:47:E5:22:31:24:5D:A5:68:D8:F3:69:63:C5:52:61
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       019B7C7F13F808E4992CC36B523B25A98E23
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/zjfJO2RH5SIxJF2laNjzaWPFUmE.roa
Signing time:             Fri 02 Jan 2026 02:17:41 +0000
ROA not before:           Fri 02 Jan 2026 02:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        176.52.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:20:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:13:f8:08:e4:99:2c:c3:6b:52:3b:25:a9:8e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 02:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce37c93b6447e52231245da568d8f36963c55261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e9:a6:d1:92:9d:48:5d:aa:5c:9a:54:df:1d:
                    6e:15:3b:78:7b:e4:9a:ba:1d:90:b3:05:f2:0f:70:
                    63:4f:d1:97:88:0a:64:a0:9d:99:00:fa:b1:0b:9c:
                    01:45:63:cf:85:59:b7:ca:e9:9a:cd:ad:67:76:3b:
                    b8:58:53:17:33:5b:d5:30:59:c1:3f:ab:e0:79:de:
                    a8:15:52:b8:38:39:8b:92:0a:57:d6:a6:41:07:e5:
                    b2:d0:04:0b:e5:d1:2c:38:ee:70:0a:a4:1f:1f:ef:
                    aa:23:84:b2:6f:a6:a8:67:a6:2a:f4:a3:7e:8b:e7:
                    40:42:f5:8a:22:08:04:2f:18:20:f4:7f:b9:75:02:
                    d4:9d:67:b1:25:7c:32:6b:15:fc:13:55:61:fd:d9:
                    bb:1f:2f:d3:41:78:0a:e7:5b:29:0d:d8:7f:65:b4:
                    66:07:e3:98:77:a9:b6:ec:b1:40:3e:97:68:3f:53:
                    b6:49:f3:b8:7c:51:e4:a8:33:85:35:70:24:35:e2:
                    87:0d:e0:a7:c8:dc:13:91:c9:9c:97:4b:7f:20:31:
                    11:6a:15:6d:b9:55:ad:e3:2e:f9:3b:bd:f9:b5:36:
                    7a:6c:22:93:7d:4d:f1:a9:f4:e4:cd:9c:cf:22:b6:
                    c6:c9:c2:7a:c7:fe:41:ef:a1:9a:5f:1b:77:69:d0:
                    06:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:37:C9:3B:64:47:E5:22:31:24:5D:A5:68:D8:F3:69:63:C5:52:61
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/zjfJO2RH5SIxJF2laNjzaWPFUmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f2:c4:5a:69:1b:ce:67:75:c5:cd:c9:f8:d2:2b:fb:80:ba:
         66:1a:d2:2c:db:69:0f:08:62:8e:c8:4a:27:fd:e6:8d:28:be:
         09:de:c2:2e:00:5d:11:98:d1:42:6a:32:6d:0e:77:b1:5d:4e:
         b9:1d:c3:13:08:c7:44:98:4f:9c:fa:99:d4:bd:c4:b4:35:3b:
         5a:b3:74:88:7b:11:38:53:08:54:f1:d3:ed:dc:12:97:64:a4:
         cf:81:52:56:13:b5:d6:b5:b2:57:d8:8a:ce:42:27:66:19:35:
         26:5f:f8:e1:92:bb:a2:cc:b8:cd:87:b8:50:fe:ab:30:e5:25:
         5e:f3:b9:30:20:d5:d4:a0:0b:c1:dc:0e:22:22:a1:df:48:01:
         5f:5d:89:b2:97:73:06:4c:da:81:75:46:95:ca:1e:b1:98:2c:
         0b:5f:df:39:eb:5d:ad:ab:ed:26:25:8e:02:86:f7:b5:5f:76:
         73:a0:c7:39:fd:78:d1:b9:39:b1:9b:af:93:57:b0:75:49:16:
         fb:4e:8f:d0:fd:2b:47:16:e7:63:65:f4:8f:b6:e2:23:1c:20:
         2b:95:02:a6:a3:d2:f7:9c:de:c5:55:86:7b:13:17:6c:b1:68:
         20:e7:9e:ce:cc:b3:d2:98:05:fd:c7:01:21:6a:c2:ed:83:aa:
         75:4c:aa:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fxP4COSZLMNrUjslqY4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjYwMTAyMDIxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTM3YzkzYjY0NDdlNTIyMzEyNDVkYTU2OGQ4ZjM2OTYzYzU1MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Omm0ZKdSF2qXJpU3x1uFTt4e+Sa
uh2QswXyD3BjT9GXiApkoJ2ZAPqxC5wBRWPPhVm3yumaza1ndju4WFMXM1vVMFnB
P6vged6oFVK4ODmLkgpX1qZBB+Wy0AQL5dEsOO5wCqQfH++qI4Syb6aoZ6Yq9KN+
i+dAQvWKIggELxgg9H+5dQLUnWexJXwyaxX8E1Vh/dm7Hy/TQXgK51spDdh/ZbRm
B+OYd6m27LFAPpdoP1O2SfO4fFHkqDOFNXAkNeKHDeCnyNwTkcmcl0t/IDERahVt
uVWt4y75O735tTZ6bCKTfU3xqfTkzZzPIrbGycJ6x/5B76GaXxt3adAGZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM43yTtkR+UiMSRdpWjY82ljxVJhMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvempmSk8yUkg1U0l4SkYybGFOanphV1BGVW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDS7MA0G
CSqGSIb3DQEBCwUAA4IBAQBo8sRaaRvOZ3XFzcn40iv7gLpmGtIs22kPCGKOyEon
/eaNKL4J3sIuAF0RmNFCajJtDnexXU65HcMTCMdEmE+c+pnUvcS0NTtas3SIexE4
UwhU8dPt3BKXZKTPgVJWE7XWtbJX2IrOQidmGTUmX/jhkruizLjNh7hQ/qsw5SVe
87kwINXUoAvB3A4iIqHfSAFfXYmyl3MGTNqBdUaVyh6xmCwLX985612tq+0mJY4C
hve1X3ZzoMc5/XjRuTmxm6+TV7B1SRb7To/Q/StHFudjZfSPtuIjHCArlQKmo9L3
nN7FVYZ7ExdssWgg557OzLPSmAX9xwEhasLtg6p1TKre
-----END CERTIFICATE-----