This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/SzDjXmkPc81OxUH-J5X5s68f_Jg.roa
File:                     SzDjXmkPc81OxUH-J5X5s68f_Jg.roa (raw, json)
Hash identifier:          uY/BmEoUTgPIr21DkbWh/gHnXF9vEuYAHGIFIehB+YQ=
Subject key identifier:   4B:30:E3:5E:69:0F:73:CD:4E:C5:41:FE:27:95:F9:B3:AF:1F:FC:98
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       019B7DCA737AC4A4D78C505307E18297ACA5
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/SzDjXmkPc81OxUH-J5X5s68f_Jg.roa
Signing time:             Fri 02 Jan 2026 08:19:38 +0000
ROA not before:           Fri 02 Jan 2026 08:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399989
IP address blocks:        86.109.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:73:7a:c4:a4:d7:8c:50:53:07:e1:82:97:ac:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Jan  2 08:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b30e35e690f73cd4ec541fe2795f9b3af1ffc98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e0:13:3b:c3:4b:ef:51:c8:8e:74:d1:b6:03:
                    ac:d5:d5:cf:43:96:1b:89:93:d1:7a:43:2c:38:e9:
                    a4:85:d4:46:33:9c:0f:2d:9c:31:77:01:c7:aa:c0:
                    db:50:34:5d:97:cb:2f:71:3a:c4:4a:16:43:8d:41:
                    57:a9:a6:c3:8b:38:69:1d:bd:c8:e1:01:28:f4:73:
                    de:97:3b:b4:aa:a6:a4:67:c0:69:06:0a:4f:68:cb:
                    d2:97:de:41:35:82:15:12:b6:83:22:4b:e3:6c:69:
                    33:5b:96:c0:7b:7c:06:3e:86:58:6d:69:a9:ed:56:
                    d7:bd:d9:54:e4:a4:f8:2f:3e:49:f1:e2:93:20:dc:
                    9e:c5:c1:c7:e2:ca:84:f9:b7:1b:75:2b:da:fb:47:
                    44:8b:e3:b5:4c:02:43:b8:af:8a:ce:62:15:2c:c2:
                    2b:68:75:73:ac:43:a2:bc:ac:e9:33:81:2f:55:36:
                    d5:ca:24:1c:cf:1c:49:3a:31:31:00:37:14:cd:ed:
                    19:d9:bd:70:fb:51:9e:2c:98:b7:4c:6a:8d:97:53:
                    88:ee:20:67:9e:6e:0b:5b:c4:b2:59:66:b2:28:7f:
                    1c:08:4a:f4:4b:7e:be:cd:ee:e5:37:af:a5:cc:87:
                    b1:b4:40:7c:23:dc:44:e1:60:b6:49:d2:fc:1e:d4:
                    4f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:30:E3:5E:69:0F:73:CD:4E:C5:41:FE:27:95:F9:B3:AF:1F:FC:98
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/SzDjXmkPc81OxUH-J5X5s68f_Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:36:a2:d6:1a:6e:ff:3c:ad:30:75:e4:fb:7e:b9:3e:69:eb:
         0e:fa:4b:10:17:4b:57:77:66:3a:e4:5e:58:61:10:4a:e4:ed:
         cf:40:4c:96:67:9b:30:09:28:f8:a0:fa:8b:66:f2:74:84:9f:
         79:a3:94:b3:2d:99:77:15:d1:a9:88:0f:d8:48:33:5c:b9:e1:
         aa:e3:43:39:9a:41:67:5b:e7:9a:dd:20:c0:52:ae:27:f9:3b:
         7c:51:26:de:86:4a:e9:df:18:1f:0a:da:06:62:3b:e6:aa:0b:
         2c:93:ec:70:ea:ed:70:a3:51:9f:af:f5:6b:cd:0f:1a:46:ef:
         b4:e8:0b:28:2f:6a:dd:62:69:95:d2:24:8c:93:49:f7:6b:b3:
         fb:c0:7b:ee:71:ef:84:1c:b1:12:52:3d:6e:5c:05:11:fd:81:
         6f:69:dd:62:e7:d6:36:e1:5f:29:ee:da:67:a2:ab:f1:2d:0e:
         30:af:57:f8:c7:8f:e5:00:4a:39:f1:ff:87:01:8a:e2:2c:cf:
         0d:47:a3:6c:f9:5f:0d:8c:2f:60:21:e8:33:88:09:4f:f9:fb:
         9b:fe:50:f2:0e:78:e3:bc:79:43:5b:1e:cc:7a:c7:18:c5:bf:
         20:55:f0:31:6b:c1:54:1d:1d:b1:91:41:d1:9b:41:33:a2:c1:
         96:e9:5c:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ynN6xKTXjFBTB+GCl6ylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjYwMTAyMDgxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjMwZTM1ZTY5MGY3M2NkNGVjNTQxZmUyNzk1ZjliM2FmMWZmYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOATO8NL71HIjnTRtgOs1dXPQ5Yb
iZPRekMsOOmkhdRGM5wPLZwxdwHHqsDbUDRdl8svcTrEShZDjUFXqabDizhpHb3I
4QEo9HPelzu0qqakZ8BpBgpPaMvSl95BNYIVEraDIkvjbGkzW5bAe3wGPoZYbWmp
7VbXvdlU5KT4Lz5J8eKTINyexcHH4sqE+bcbdSva+0dEi+O1TAJDuK+KzmIVLMIr
aHVzrEOivKzpM4EvVTbVyiQczxxJOjExADcUze0Z2b1w+1GeLJi3TGqNl1OI7iBn
nm4LW8SyWWayKH8cCEr0S36+ze7lN6+lzIextEB8I9xE4WC2SdL8HtRPkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsw415pD3PNTsVB/ieV+bOvH/yYMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvU3pEalhta1BjODFPeFVILUo1WDVzNjhmX0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm1MMA0G
CSqGSIb3DQEBCwUAA4IBAQCPNqLWGm7/PK0wdeT7frk+aesO+ksQF0tXd2Y65F5Y
YRBK5O3PQEyWZ5swCSj4oPqLZvJ0hJ95o5SzLZl3FdGpiA/YSDNcueGq40M5mkFn
W+ea3SDAUq4n+Tt8USbehkrp3xgfCtoGYjvmqgssk+xw6u1wo1Gfr/VrzQ8aRu+0
6AsoL2rdYmmV0iSMk0n3a7P7wHvuce+EHLESUj1uXAUR/YFvad1i59Y24V8p7tpn
oqvxLQ4wr1f4x4/lAEo58f+HAYriLM8NR6Ns+V8NjC9gIegziAlP+fub/lDyDnjj
vHlDWx7MescYxb8gVfAxa8FUHR2xkUHRm0EzosGW6VzF
-----END CERTIFICATE-----