This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ZhLOPZS2djxo9kaXYQIfR_kyAKU.roa
File:                     ZhLOPZS2djxo9kaXYQIfR_kyAKU.roa (raw, json)
Hash identifier:          Bnm6f6+aPxt7GQzmzYrl7xlk1RGOaopkDzFbv5hsmMk=
Subject key identifier:   66:12:CE:3D:94:B6:76:3C:68:F6:46:97:61:02:1F:47:F9:32:00:A5
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       019B3735792F115F87C82C7B95C262533D21
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ZhLOPZS2djxo9kaXYQIfR_kyAKU.roa
Signing time:             Fri 19 Dec 2025 15:23:29 +0000
ROA not before:           Fri 19 Dec 2025 15:23:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211895
IP address blocks:        2a10:1fc0:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 18:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:37:35:79:2f:11:5f:87:c8:2c:7b:95:c2:62:53:3d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Dec 19 15:23:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6612ce3d94b6763c68f6469761021f47f93200a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f8:fd:58:09:1b:bb:b2:ae:b8:52:d2:42:99:
                    ad:69:c7:78:ea:a9:8b:0d:3b:00:47:06:09:f3:a1:
                    de:bb:6c:d4:85:71:e5:a9:a2:41:8f:23:d5:1d:ec:
                    ac:c7:e6:f6:9f:bb:e0:42:2f:39:79:91:64:25:ec:
                    64:e3:c1:1e:ac:a7:47:21:7b:61:a7:fd:13:a2:16:
                    90:a2:78:9c:88:5f:6b:8a:ad:42:5c:25:4b:a0:68:
                    88:4a:c1:1c:0a:76:6b:49:f2:74:1b:a2:ce:60:59:
                    08:d6:2f:d0:84:42:cb:a4:af:38:86:10:87:a0:da:
                    b6:02:ce:06:a3:9f:6c:72:29:ba:a9:95:b6:0a:0a:
                    f5:b4:a7:fc:5e:30:b8:c6:85:b2:83:b5:a8:73:d2:
                    c0:83:e8:ec:80:d4:6d:96:5e:f6:05:81:e7:14:2b:
                    9e:2a:5a:f8:94:3d:bd:af:43:17:65:cf:26:4c:0d:
                    a3:5d:04:28:f3:ec:5f:88:6a:eb:bf:3f:05:75:af:
                    f8:a9:4b:43:a9:40:d6:c7:6f:8b:67:4c:a5:a4:7f:
                    15:8c:31:05:12:d4:b9:9f:79:37:26:73:ef:88:5d:
                    3f:03:af:cc:8e:77:6d:fc:68:0c:aa:97:59:13:b8:
                    74:f7:c1:80:bb:d4:b0:bd:92:b7:35:01:f5:39:89:
                    cc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:12:CE:3D:94:B6:76:3C:68:F6:46:97:61:02:1F:47:F9:32:00:A5
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ZhLOPZS2djxo9kaXYQIfR_kyAKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:1fc0:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:ac:40:c7:33:a3:d9:d3:34:49:50:6f:cf:93:51:7f:bb:0f:
         90:16:4a:49:1d:c1:a7:87:ae:1f:d0:8b:5b:cc:69:cd:77:11:
         85:b7:6d:24:3b:02:07:f7:b0:3f:ee:c9:27:e8:02:83:da:88:
         f4:c7:0d:ce:6e:7e:da:04:1b:6b:a8:bc:a6:fa:89:ed:e1:d3:
         3b:c0:ea:94:55:15:9e:e1:b7:56:14:18:a3:43:07:ed:51:7c:
         d6:55:33:ae:d0:e2:f0:2e:80:e3:45:10:0c:94:c0:84:0a:cc:
         c6:71:45:4c:31:d7:ce:e5:02:c7:84:1e:6a:19:53:1e:5c:5d:
         35:d9:4e:15:66:61:4f:8c:ac:81:6e:bf:cf:3b:98:23:20:de:
         0f:1e:55:f7:46:7e:0d:e4:22:d8:37:ce:46:11:4c:ce:3a:b9:
         68:79:f6:62:a1:1b:f5:22:07:a5:9e:02:5d:f3:64:c2:df:54:
         ba:1c:54:eb:e4:cf:69:4a:ad:c7:11:b7:f5:8b:d8:44:c1:a4:
         83:19:5e:be:fe:89:d2:b7:c8:6e:a0:16:36:9a:74:00:bf:a5:
         6d:e6:5c:ed:08:22:77:64:ae:5d:da:b8:d0:5a:fe:31:ac:e7:
         f5:67:8e:ee:6f:64:9b:ce:f5:43:02:9f:c0:59:a3:53:73:b4:
         75:a5:6d:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZs3NXkvEV+HyCx7lcJiUz0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjUxMjE5MTUyMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjEyY2UzZDk0YjY3NjNjNjhmNjQ2OTc2MTAyMWY0N2Y5MzIwMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vj9WAkbu7KuuFLSQpmtacd46qmL
DTsARwYJ86Heu2zUhXHlqaJBjyPVHeysx+b2n7vgQi85eZFkJexk48EerKdHIXth
p/0TohaQoniciF9riq1CXCVLoGiISsEcCnZrSfJ0G6LOYFkI1i/QhELLpK84hhCH
oNq2As4Go59scim6qZW2Cgr1tKf8XjC4xoWyg7Woc9LAg+jsgNRtll72BYHnFCue
Klr4lD29r0MXZc8mTA2jXQQo8+xfiGrrvz8Fda/4qUtDqUDWx2+LZ0ylpH8VjDEF
EtS5n3k3JnPviF0/A6/Mjndt/GgMqpdZE7h098GAu9SwvZK3NQH1OYnMGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGYSzj2UtnY8aPZGl2ECH0f5MgClMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvWmhMT1BaUzJkanhvOWthWFlRSWZSX2t5QUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAfwAAM
MA0GCSqGSIb3DQEBCwUAA4IBAQARrEDHM6PZ0zRJUG/Pk1F/uw+QFkpJHcGnh64f
0ItbzGnNdxGFt20kOwIH97A/7skn6AKD2oj0xw3Obn7aBBtrqLym+ont4dM7wOqU
VRWe4bdWFBijQwftUXzWVTOu0OLwLoDjRRAMlMCECszGcUVMMdfO5QLHhB5qGVMe
XF012U4VZmFPjKyBbr/PO5gjIN4PHlX3Rn4N5CLYN85GEUzOOrloefZioRv1Igel
ngJd82TC31S6HFTr5M9pSq3HEbf1i9hEwaSDGV6+/onSt8huoBY2mnQAv6Vt5lzt
CCJ3ZK5d2rjQWv4xrOf1Z47ub2SbzvVDAp/AWaNTc7R1pW1k
-----END CERTIFICATE-----