This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/CZCLA3Cj6YYp_k_a7y0b2rbgyzo.roa
File:                     CZCLA3Cj6YYp_k_a7y0b2rbgyzo.roa (raw, json)
Hash identifier:          SaDoVmzs9e3hbWzh+uCnOLVQP2mnuXiNzqqPyyTBq2o=
Subject key identifier:   09:90:8B:03:70:A3:E9:86:29:FE:4F:DA:EF:2D:1B:DA:B6:E0:CB:3A
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       019B77C6EF7DB4ABE40028115F0A784F1D2E
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/CZCLA3Cj6YYp_k_a7y0b2rbgyzo.roa
Signing time:             Thu 01 Jan 2026 04:18:04 +0000
ROA not before:           Thu 01 Jan 2026 04:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6461
IP address blocks:        95.164.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:ef:7d:b4:ab:e4:00:28:11:5f:0a:78:4f:1d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jan  1 04:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09908b0370a3e98629fe4fdaef2d1bdab6e0cb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0a:dd:b1:18:5d:b5:e8:a9:91:21:7a:5c:95:
                    52:ae:a8:0a:06:6e:e9:37:c5:9a:08:5c:1a:00:4c:
                    90:52:e6:ad:a5:9a:c7:7a:8d:5c:9f:0b:87:9c:b3:
                    91:e8:37:0c:1e:23:16:85:b4:5d:2f:3e:52:fc:3a:
                    d5:84:e3:31:ea:1d:e1:69:b9:06:27:46:e7:07:40:
                    21:7b:49:e4:7c:46:5f:a2:2e:b2:b1:ef:26:ef:83:
                    1b:e2:98:f9:f2:e3:31:0e:57:c1:04:fa:9e:16:65:
                    84:95:1b:d1:5c:7f:87:97:22:07:de:73:1f:1d:11:
                    ac:13:b3:68:08:6e:c8:d4:13:ec:c3:bf:cc:cc:f1:
                    49:02:9b:75:a5:63:27:33:45:3f:d8:f2:6f:35:b7:
                    14:b1:5d:62:5a:7a:d1:de:f7:41:d3:94:a0:85:de:
                    af:79:22:be:14:a1:e4:ad:41:b7:fe:43:d8:af:b1:
                    cd:c4:24:22:cd:d7:90:f8:9d:d0:5a:af:ad:2c:76:
                    94:0a:e5:3c:4a:cc:62:e4:3f:0a:78:d2:06:48:5d:
                    71:14:1c:bf:46:a1:e9:2d:c7:99:08:1b:b8:af:9e:
                    53:b0:61:52:69:ab:31:92:92:c7:58:fb:75:2c:f3:
                    35:2f:31:c0:70:e4:e1:80:40:72:d1:58:b0:7e:da:
                    42:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:90:8B:03:70:A3:E9:86:29:FE:4F:DA:EF:2D:1B:DA:B6:E0:CB:3A
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/CZCLA3Cj6YYp_k_a7y0b2rbgyzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5b:eb:b5:79:2b:b4:26:22:0e:e1:32:fc:a2:47:9f:37:7d:73:
         43:59:f8:39:38:90:6c:b9:31:1e:8b:44:22:fd:97:70:86:63:
         c1:b1:58:57:7f:60:24:71:21:92:ac:a2:eb:70:d5:0d:3c:ce:
         19:cd:59:f8:b2:75:0a:fc:c9:c4:19:88:0b:ec:18:8a:82:1c:
         6c:78:9b:0c:47:8a:6c:30:c1:7c:f0:48:e3:cb:28:56:e6:ae:
         e2:10:28:f3:c5:af:f0:ef:6b:38:e1:30:4a:7a:c5:6b:6a:7a:
         47:b0:7a:d5:ab:7b:89:0d:5c:8d:62:d7:e2:97:41:9c:67:fe:
         70:b8:ba:1c:19:7b:0d:49:0c:f3:8d:2b:e3:6d:50:7d:1c:87:
         61:b1:dd:2b:74:02:7b:a6:7a:17:91:ba:db:9f:5e:4f:2b:54:
         1c:4b:8a:0f:1c:12:c3:d7:89:0c:3e:b9:13:c3:a0:27:47:d4:
         fd:6e:08:11:c2:b4:7f:d2:85:3e:69:fc:d9:27:07:5c:ff:01:
         28:22:b6:be:62:98:87:c7:2e:e9:2d:eb:9d:a7:e8:b6:98:af:
         02:17:50:ff:50:cc:a6:1e:08:ce:cb:7b:f1:bf:db:19:42:40:
         64:15:ec:32:0b:aa:ca:cd:49:80:a0:c9:b3:57:29:4c:be:3d:
         97:eb:24:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xu99tKvkACgRXwp4Tx0uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMTAxMDQxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTkwOGIwMzcwYTNlOTg2MjlmZTRmZGFlZjJkMWJkYWI2ZTBjYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwrdsRhdteipkSF6XJVSrqgKBm7p
N8WaCFwaAEyQUuatpZrHeo1cnwuHnLOR6DcMHiMWhbRdLz5S/DrVhOMx6h3habkG
J0bnB0Ahe0nkfEZfoi6yse8m74Mb4pj58uMxDlfBBPqeFmWElRvRXH+HlyIH3nMf
HRGsE7NoCG7I1BPsw7/MzPFJApt1pWMnM0U/2PJvNbcUsV1iWnrR3vdB05Sghd6v
eSK+FKHkrUG3/kPYr7HNxCQizdeQ+J3QWq+tLHaUCuU8Ssxi5D8KeNIGSF1xFBy/
RqHpLceZCBu4r55TsGFSaasxkpLHWPt1LPM1LzHAcOThgEBy0ViwftpCVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmQiwNwo+mGKf5P2u8tG9q24Ms6MB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvQ1pDTEEzQ2o2WVlwX2tfYTd5MGIycmJneXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEX6RgMA0G
CSqGSIb3DQEBCwUAA4IBAQBb67V5K7QmIg7hMvyiR583fXNDWfg5OJBsuTEei0Qi
/ZdwhmPBsVhXf2AkcSGSrKLrcNUNPM4ZzVn4snUK/MnEGYgL7BiKghxseJsMR4ps
MMF88EjjyyhW5q7iECjzxa/w72s44TBKesVranpHsHrVq3uJDVyNYtfil0GcZ/5w
uLocGXsNSQzzjSvjbVB9HIdhsd0rdAJ7pnoXkbrbn15PK1QcS4oPHBLD14kMPrkT
w6AnR9T9bggRwrR/0oU+afzZJwdc/wEoIra+YpiHxy7pLeudp+i2mK8CF1D/UMym
HgjOy3vxv9sZQkBkFewyC6rKzUmAoMmzVylMvj2X6yTG
-----END CERTIFICATE-----