This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/ZMQkud9K3mvXdpjh-yoqav-Fm2A.roa
File:                     ZMQkud9K3mvXdpjh-yoqav-Fm2A.roa (raw, json)
Hash identifier:          rezLl6nocyRRaT4FpZnJ5CHwHhiv5ot72qwHgOZEFQY=
Subject key identifier:   64:C4:24:B9:DF:4A:DE:6B:D7:76:98:E1:FB:2A:2A:6A:FF:85:9B:60
Certificate issuer:       /CN=ddfdb472b1ed59ec2f370f20fab4879439c5318f
Certificate serial:       019BF9CE5D088515BE3BB9863863BE05B7E5
Authority key identifier: DD:FD:B4:72:B1:ED:59:EC:2F:37:0F:20:FA:B4:87:94:39:C5:31:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3f20crHtWewvNw8g-rSHlDnFMY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/ZMQkud9K3mvXdpjh-yoqav-Fm2A.roa
Signing time:             Mon 26 Jan 2026 10:16:49 +0000
ROA not before:           Mon 26 Jan 2026 10:16:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        193.22.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/3f20crHtWewvNw8g-rSHlDnFMY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/3f20crHtWewvNw8g-rSHlDnFMY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3f20crHtWewvNw8g-rSHlDnFMY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Feb 2026 12:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:ce:5d:08:85:15:be:3b:b9:86:38:63:be:05:b7:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddfdb472b1ed59ec2f370f20fab4879439c5318f
        Validity
            Not Before: Jan 26 10:16:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64c424b9df4ade6bd77698e1fb2a2a6aff859b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:19:d8:a8:61:00:03:b2:2f:33:7f:72:84:
                    e4:58:8e:eb:12:8a:3d:7a:05:58:d7:ea:67:f3:43:
                    1f:9e:fc:70:b7:c7:4b:db:e6:f0:f5:97:28:b3:90:
                    a9:cb:f0:9e:24:1c:5b:34:be:19:cd:f5:6d:93:ac:
                    d8:5c:0c:50:14:ca:87:30:e9:11:a7:21:12:0e:60:
                    4e:11:eb:cc:78:07:d3:69:32:26:64:87:a2:82:8c:
                    b4:90:e8:11:de:dc:a0:bc:e1:9f:e3:fe:87:59:4d:
                    af:0f:1c:82:74:73:18:5e:1f:50:0c:50:66:9e:48:
                    86:6e:ec:07:33:6e:c9:5c:32:a1:b5:b8:db:f4:ee:
                    fb:20:a1:63:12:6a:dc:28:ad:11:07:bc:e3:8b:b4:
                    03:29:45:61:ed:bb:ae:06:4e:28:16:19:01:f2:be:
                    20:b8:d2:ab:48:66:17:92:d4:ff:e0:f7:5e:14:bc:
                    a5:82:e7:08:b2:7c:d3:b4:da:e8:68:de:a2:f0:e3:
                    9a:d6:37:e8:1a:27:3f:91:a9:d9:b6:4b:ea:e7:3a:
                    c6:d4:29:63:4f:7e:f4:66:55:b9:b3:f4:1e:50:35:
                    1b:72:37:6f:04:24:35:fa:ef:be:18:eb:a4:d9:60:
                    1d:4f:12:4e:69:99:a1:71:70:4f:9e:1e:ae:91:98:
                    1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C4:24:B9:DF:4A:DE:6B:D7:76:98:E1:FB:2A:2A:6A:FF:85:9B:60
            X509v3 Authority Key Identifier:
                keyid:DD:FD:B4:72:B1:ED:59:EC:2F:37:0F:20:FA:B4:87:94:39:C5:31:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f20crHtWewvNw8g-rSHlDnFMY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/ZMQkud9K3mvXdpjh-yoqav-Fm2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8d4107-3c59-44d4-816f-3a4e8b9da5be/1/3f20crHtWewvNw8g-rSHlDnFMY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:f4:29:b2:81:22:1e:8c:d0:c8:dc:c3:24:9b:99:47:03:a9:
         12:d7:e2:4e:3d:98:a7:04:07:2c:86:ec:b4:3c:82:ab:b8:6c:
         2c:c9:35:3a:60:3f:f4:05:b1:5c:f2:0b:0d:20:ac:b3:9f:b3:
         16:cd:2e:42:35:35:ab:a1:50:4d:9f:12:5c:76:45:c0:7b:a2:
         06:59:b1:98:91:dc:20:71:4b:f6:86:b3:62:0b:88:53:78:ec:
         3b:70:87:00:74:13:8b:7d:a0:a0:5f:de:1b:78:67:7e:36:33:
         75:b9:d3:eb:f9:c1:ed:90:9e:f1:19:03:60:7c:d2:d4:a1:3a:
         16:2b:d7:30:8f:fb:62:12:62:e2:d1:35:46:ba:15:8f:ee:48:
         7c:5f:53:cd:c7:21:25:58:b1:7c:a0:fa:9e:dd:03:dc:65:d3:
         a8:b7:fd:c5:d1:4b:61:98:77:25:28:17:40:5b:43:c9:97:af:
         91:1d:5c:e4:a2:32:87:6a:67:47:32:96:24:58:22:9f:68:0a:
         60:d7:30:ad:53:d9:ad:70:47:06:8a:76:1a:ad:2b:f9:c7:60:
         0c:61:ab:2f:9a:68:d4:ce:cb:8d:b5:d8:c9:29:39:8a:6d:6a:
         ec:fb:87:8a:72:3d:60:23:ce:17:2c:15:a2:15:df:a6:7e:45:
         3d:06:9d:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5zl0IhRW+O7mGOGO+BbflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZmRiNDcyYjFlZDU5ZWMyZjM3MGYyMGZhYjQ4Nzk0Mzlj
NTMxOGYwHhcNMjYwMTI2MTAxNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGM0MjRiOWRmNGFkZTZiZDc3Njk4ZTFmYjJhMmE2YWZmODU5YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KQZ2KhhAAOyLzN/coTkWI7rEoo9
egVY1+pn80Mfnvxwt8dL2+bw9Zcos5Cpy/CeJBxbNL4ZzfVtk6zYXAxQFMqHMOkR
pyESDmBOEevMeAfTaTImZIeigoy0kOgR3tygvOGf4/6HWU2vDxyCdHMYXh9QDFBm
nkiGbuwHM27JXDKhtbjb9O77IKFjEmrcKK0RB7zji7QDKUVh7buuBk4oFhkB8r4g
uNKrSGYXktT/4PdeFLylgucIsnzTtNroaN6i8OOa1jfoGic/kanZtkvq5zrG1Clj
T370ZlW5s/QeUDUbcjdvBCQ1+u++GOuk2WAdTxJOaZmhcXBPnh6ukZgfIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTEJLnfSt5r13aY4fsqKmr/hZtgMB8GA1UdIwQY
MBaAFN39tHKx7VnsLzcPIPq0h5Q5xTGPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2YyMGNySHRXZXd2Tnc4Zy1yU0hsRG5GTVk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84ZDQxMDctM2M1OS00NGQ0LTgxNmYt
M2E0ZThiOWRhNWJlLzEvWk1Ra3VkOUszbXZYZHBqaC15b3Fhdi1GbTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84ZDQxMDctM2M1OS00NGQ0LTgxNmYtM2E0ZThiOWRhNWJl
LzEvM2YyMGNySHRXZXd2Tnc4Zy1yU0hsRG5GTVk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRYDMA0G
CSqGSIb3DQEBCwUAA4IBAQBU9CmygSIejNDI3MMkm5lHA6kS1+JOPZinBAcshuy0
PIKruGwsyTU6YD/0BbFc8gsNIKyzn7MWzS5CNTWroVBNnxJcdkXAe6IGWbGYkdwg
cUv2hrNiC4hTeOw7cIcAdBOLfaCgX94beGd+NjN1udPr+cHtkJ7xGQNgfNLUoToW
K9cwj/tiEmLi0TVGuhWP7kh8X1PNxyElWLF8oPqe3QPcZdOot/3F0UthmHclKBdA
W0PJl6+RHVzkojKHamdHMpYkWCKfaApg1zCtU9mtcEcGinYarSv5x2AMYasvmmjU
zsuNtdjJKTmKbWrs+4eKcj1gI84XLBWiFd+mfkU9Bp3n
-----END CERTIFICATE-----