This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/ZYVhpFZbN06CUe59j1pMT24apfY.roa
File:                     ZYVhpFZbN06CUe59j1pMT24apfY.roa (raw, json)
Hash identifier:          9KVaBH7C5jrjUC4AJ6bt9vp9SMTJAC7tn9CsEVo1BYE=
Subject key identifier:   65:85:61:A4:56:5B:37:4E:82:51:EE:7D:8F:5A:4C:4F:6E:1A:A5:F6
Certificate issuer:       /CN=144b315ae0f24c891fca18456c66917792af165e
Certificate serial:       019B7DCAE48FCFE9D29D84363BEE47032422
Authority key identifier: 14:4B:31:5A:E0:F2:4C:89:1F:CA:18:45:6C:66:91:77:92:AF:16:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/ZYVhpFZbN06CUe59j1pMT24apfY.roa
Signing time:             Fri 02 Jan 2026 08:20:07 +0000
ROA not before:           Fri 02 Jan 2026 08:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8412
IP address blocks:        194.113.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:e4:8f:cf:e9:d2:9d:84:36:3b:ee:47:03:24:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=144b315ae0f24c891fca18456c66917792af165e
        Validity
            Not Before: Jan  2 08:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=658561a4565b374e8251ee7d8f5a4c4f6e1aa5f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ca:62:e7:b2:cd:8f:c7:23:8b:bd:67:5a:b7:
                    4f:dd:3b:b8:4a:b0:74:d3:7c:71:fe:07:79:5a:01:
                    66:aa:28:d8:1f:8a:ac:6b:47:da:2c:e7:7b:12:e4:
                    7d:6b:64:6d:ac:db:3e:6e:a2:ba:09:3d:e4:cd:2d:
                    3f:8b:17:59:cf:68:9c:58:2e:b0:fd:89:02:e1:52:
                    dc:b2:ab:e0:a4:a0:9c:e7:46:ca:67:e5:75:0f:0a:
                    b9:e3:da:69:bc:6b:71:10:1f:76:5e:72:af:f5:97:
                    d6:dc:0e:d0:7c:ee:fa:65:3a:c2:29:06:f4:b2:99:
                    61:8e:86:1c:64:02:4c:ed:7f:c8:81:c1:82:02:d3:
                    24:e0:de:ef:cc:6c:89:38:cc:64:f5:a4:52:e8:f0:
                    52:d6:1b:b4:63:18:b4:c8:b1:6c:86:0f:06:5f:89:
                    ad:77:64:7e:d4:37:09:56:bd:95:ee:71:58:bc:49:
                    c0:7b:e7:4c:2e:5a:2e:6c:6d:3c:ce:a1:61:48:74:
                    f6:6b:61:ce:b3:0a:4c:bb:e7:2c:44:7d:c9:41:14:
                    bf:f0:f4:1d:48:cb:bd:7e:00:09:52:a7:97:53:b3:
                    62:87:6d:be:40:02:bc:a7:7b:a1:0b:02:f5:5c:8a:
                    4e:e2:b8:eb:22:c2:50:88:62:c7:4f:df:ea:fe:40:
                    7b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:85:61:A4:56:5B:37:4E:82:51:EE:7D:8F:5A:4C:4F:6E:1A:A5:F6
            X509v3 Authority Key Identifier:
                keyid:14:4B:31:5A:E0:F2:4C:89:1F:CA:18:45:6C:66:91:77:92:AF:16:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/ZYVhpFZbN06CUe59j1pMT24apfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:81:5a:9e:77:b7:ac:bf:3c:51:4f:db:bd:ca:d2:4b:ba:1e:
         70:5c:8b:41:23:39:88:76:47:50:a9:19:20:3c:b8:3a:6e:a5:
         c5:96:be:8d:76:77:0c:47:57:d2:3f:cc:f9:ce:0e:94:b5:44:
         12:57:74:a2:c9:66:f3:3a:22:ff:39:1d:de:ce:b9:52:9a:c0:
         43:94:6d:dc:7a:90:e6:5d:25:85:d4:4e:84:41:ad:14:33:8c:
         a5:b6:3e:1b:2b:7b:45:f0:ae:51:0e:42:52:4d:b2:c3:5a:af:
         b4:16:8b:90:37:6b:ce:84:00:be:4e:26:af:df:b6:5c:6d:9d:
         a6:4b:a8:66:2e:f3:aa:1e:81:ae:c7:29:ff:31:9a:9b:e1:64:
         6d:b1:e5:3a:b2:e5:29:ff:8f:31:50:f2:b6:7c:64:2d:cc:c0:
         e6:74:30:75:cd:21:79:46:d9:de:a6:54:5e:1f:ca:80:35:8a:
         1a:00:88:40:76:37:1c:0e:f1:de:47:55:91:7c:e2:22:d9:a4:
         c3:8b:c2:4b:4a:c6:4f:48:fc:fb:5e:48:85:56:0d:dd:69:8e:
         1f:db:b4:86:4e:f2:c2:85:47:c3:be:95:5b:99:f1:6e:1f:82:
         e5:36:7d:17:8c:16:72:7c:cc:2e:2c:f3:d5:79:c0:b6:50:de:
         2c:87:5d:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yuSPz+nSnYQ2O+5HAyQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NGIzMTVhZTBmMjRjODkxZmNhMTg0NTZjNjY5MTc3OTJh
ZjE2NWUwHhcNMjYwMTAyMDgyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg1NjFhNDU2NWIzNzRlODI1MWVlN2Q4ZjVhNGM0ZjZlMWFhNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8pi57LNj8cji71nWrdP3Tu4SrB0
03xx/gd5WgFmqijYH4qsa0faLOd7EuR9a2RtrNs+bqK6CT3kzS0/ixdZz2icWC6w
/YkC4VLcsqvgpKCc50bKZ+V1Dwq549ppvGtxEB92XnKv9ZfW3A7QfO76ZTrCKQb0
splhjoYcZAJM7X/IgcGCAtMk4N7vzGyJOMxk9aRS6PBS1hu0Yxi0yLFshg8GX4mt
d2R+1DcJVr2V7nFYvEnAe+dMLloubG08zqFhSHT2a2HOswpMu+csRH3JQRS/8PQd
SMu9fgAJUqeXU7Nih22+QAK8p3uhCwL1XIpO4rjrIsJQiGLHT9/q/kB7YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWFYaRWWzdOglHufY9aTE9uGqX2MB8GA1UdIwQY
MBaAFBRLMVrg8kyJH8oYRWxmkXeSrxZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkVzeFd1RHlUSWtmeWhoRmJHYVJkNUt2Rmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82MTE4ZjQtY2ExMS00NThkLWJjNjAt
MTE4MjhlMGU0MjdiLzEvWllWaHBGWmJOMDZDVWU1OWoxcE1UMjRhcGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82MTE4ZjQtY2ExMS00NThkLWJjNjAtMTE4MjhlMGU0Mjdi
LzEvRkVzeFd1RHlUSWtmeWhoRmJHYVJkNUt2Rmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnGaMA0G
CSqGSIb3DQEBCwUAA4IBAQBZgVqed7esvzxRT9u9ytJLuh5wXItBIzmIdkdQqRkg
PLg6bqXFlr6NdncMR1fSP8z5zg6UtUQSV3SiyWbzOiL/OR3ezrlSmsBDlG3cepDm
XSWF1E6EQa0UM4yltj4bK3tF8K5RDkJSTbLDWq+0FouQN2vOhAC+Tiav37ZcbZ2m
S6hmLvOqHoGuxyn/MZqb4WRtseU6suUp/48xUPK2fGQtzMDmdDB1zSF5RtneplRe
H8qANYoaAIhAdjccDvHeR1WRfOIi2aTDi8JLSsZPSPz7XkiFVg3daY4f27SGTvLC
hUfDvpVbmfFuH4LlNn0XjBZyfMwuLPPVecC2UN4sh10x
-----END CERTIFICATE-----