This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/zyxH_ZayU87vTJX81fgX-DVJmTk.roa
File:                     zyxH_ZayU87vTJX81fgX-DVJmTk.roa (raw, json)
Hash identifier:          v7IX/ua2uQXhjGalwVPCerFWeIG3hQEbj9ssotgdfjM=
Subject key identifier:   CF:2C:47:FD:96:B2:53:CE:EF:4C:95:FC:D5:F8:17:F8:35:49:99:39
Certificate issuer:       /CN=cb66e766345573d7159d6794edaedb739a241f8f
Certificate serial:       019B7C7FFFFC936F73C0B669C84D56C27A1F
Authority key identifier: CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/zyxH_ZayU87vTJX81fgX-DVJmTk.roa
Signing time:             Fri 02 Jan 2026 02:18:41 +0000
ROA not before:           Fri 02 Jan 2026 02:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48551
IP address blocks:        185.161.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:ff:fc:93:6f:73:c0:b6:69:c8:4d:56:c2:7a:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb66e766345573d7159d6794edaedb739a241f8f
        Validity
            Not Before: Jan  2 02:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf2c47fd96b253ceef4c95fcd5f817f835499939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0f:60:15:4d:c6:a7:c0:85:76:54:5e:87:51:
                    78:97:f8:72:7c:0f:54:97:65:6b:59:cc:e3:c2:32:
                    6d:77:3a:c2:d7:01:e5:08:78:c0:bf:16:05:03:4a:
                    66:ac:28:89:98:74:00:ac:c4:3e:8d:96:e4:20:da:
                    eb:ee:94:59:8d:08:fd:69:9f:93:b5:5c:7c:d4:b0:
                    e5:30:a3:cf:32:0c:76:57:f3:b4:55:30:1e:fa:3f:
                    3f:64:6c:1b:3c:9b:cb:30:a9:39:11:b1:b5:8c:3a:
                    ae:32:9c:b8:5b:a4:e0:3c:98:ce:cd:94:84:da:d0:
                    70:7d:81:f3:81:0b:e3:ca:09:ac:7c:6e:09:f6:26:
                    4b:df:1e:6e:c2:34:cc:36:7c:44:ad:f3:51:71:3b:
                    d1:fd:d9:b2:cf:37:d8:e2:09:f3:1a:1f:87:d7:48:
                    8f:52:88:c9:93:70:dd:48:bf:b7:d0:ef:c0:5e:51:
                    8e:99:32:94:23:c1:8b:01:40:fe:97:cc:cb:4d:fe:
                    a6:ff:59:9b:e3:2b:30:d6:12:15:08:ce:70:9f:b4:
                    32:92:8e:6f:85:88:a6:10:35:12:3b:05:0f:7f:02:
                    6e:52:63:49:0e:1c:1c:03:7b:1a:18:69:f3:16:3d:
                    d2:e2:d3:b1:57:af:3d:5a:7b:c5:8e:03:8d:29:15:
                    5f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2C:47:FD:96:B2:53:CE:EF:4C:95:FC:D5:F8:17:F8:35:49:99:39
            X509v3 Authority Key Identifier:
                keyid:CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/zyxH_ZayU87vTJX81fgX-DVJmTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a4:52:22:0e:11:55:0e:ab:92:93:cd:3b:7d:bf:88:41:14:
         14:ab:a0:8c:68:9f:d4:4a:65:c3:84:1f:5b:76:6c:44:8e:3a:
         47:cc:cb:52:75:7a:e5:e6:bf:c4:a8:7e:e7:cf:51:21:57:7c:
         a5:40:46:80:dd:40:3e:fe:78:9f:b7:55:35:43:85:32:8e:40:
         45:ae:e2:81:ab:63:74:8b:23:52:09:6f:3f:80:37:db:e2:b8:
         d4:cc:3e:8b:a9:97:c0:bd:c0:e2:53:2b:0c:a3:95:91:d2:d2:
         ef:82:ab:d9:a9:e8:5d:d5:77:d7:88:12:ba:76:56:29:62:db:
         8b:5f:f3:3c:f6:87:d8:62:32:ff:7c:28:db:a2:f2:0d:bc:d3:
         52:13:89:28:9f:77:ec:fe:4b:9d:d3:63:14:d2:2b:6b:14:ae:
         c3:30:af:5a:7f:a6:dd:04:be:ee:cf:65:88:37:03:16:2e:81:
         4e:85:0c:33:e3:30:1e:06:c6:8d:a6:98:c4:c9:9f:e9:ad:a0:
         36:40:45:08:c4:89:70:d6:6a:c2:ae:94:09:d7:10:56:af:c6:
         6f:ee:38:37:7c:26:7c:af:1e:5d:13:f3:72:e5:55:88:ac:99:
         f1:2c:31:ba:18:f9:0d:ad:c7:22:94:e8:64:a7:ed:98:e7:90:
         7a:e6:86:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f//8k29zwLZpyE1WwnofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjZlNzY2MzQ1NTczZDcxNTlkNjc5NGVkYWVkYjczOWEy
NDFmOGYwHhcNMjYwMTAyMDIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJjNDdmZDk2YjI1M2NlZWY0Yzk1ZmNkNWY4MTdmODM1NDk5OTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA9gFU3Gp8CFdlReh1F4l/hyfA9U
l2VrWczjwjJtdzrC1wHlCHjAvxYFA0pmrCiJmHQArMQ+jZbkINrr7pRZjQj9aZ+T
tVx81LDlMKPPMgx2V/O0VTAe+j8/ZGwbPJvLMKk5EbG1jDquMpy4W6TgPJjOzZSE
2tBwfYHzgQvjygmsfG4J9iZL3x5uwjTMNnxErfNRcTvR/dmyzzfY4gnzGh+H10iP
UojJk3DdSL+30O/AXlGOmTKUI8GLAUD+l8zLTf6m/1mb4ysw1hIVCM5wn7Qyko5v
hYimEDUSOwUPfwJuUmNJDhwcA3saGGnzFj3S4tOxV689WnvFjgONKRVfaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8sR/2WslPO70yV/NX4F/g1SZk5MB8GA1UdIwQY
MBaAFMtm52Y0VXPXFZ1nlO2u23OaJB+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEt
NjViZjc5YjBhOTg5LzEvenl4SF9aYXlVODd2VEpYODFmZ1gtRFZKbVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEtNjViZjc5YjBhOTg5
LzEveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF5MA0G
CSqGSIb3DQEBCwUAA4IBAQCDpFIiDhFVDquSk807fb+IQRQUq6CMaJ/USmXDhB9b
dmxEjjpHzMtSdXrl5r/EqH7nz1EhV3ylQEaA3UA+/nift1U1Q4UyjkBFruKBq2N0
iyNSCW8/gDfb4rjUzD6LqZfAvcDiUysMo5WR0tLvgqvZqehd1XfXiBK6dlYpYtuL
X/M89ofYYjL/fCjbovINvNNSE4kon3fs/kud02MU0itrFK7DMK9af6bdBL7uz2WI
NwMWLoFOhQwz4zAeBsaNppjEyZ/praA2QEUIxIlw1mrCrpQJ1xBWr8Zv7jg3fCZ8
rx5dE/Ny5VWIrJnxLDG6GPkNrccilOhkp+2Y55B65oYD
-----END CERTIFICATE-----