This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/arYbsmHMLp68opVFXUgmexOos7Q.roa
File:                     arYbsmHMLp68opVFXUgmexOos7Q.roa (raw, json)
Hash identifier:          EyjCYTBY5yfVRQNpW/QZujO7n/00DW+WwAKCGXAlXl0=
Subject key identifier:   6A:B6:1B:B2:61:CC:2E:9E:BC:A2:95:45:5D:48:26:7B:13:A8:B3:B4
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019AC3D7438C283084257F9843D759B091A2
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/arYbsmHMLp68opVFXUgmexOos7Q.roa
Signing time:             Thu 27 Nov 2025 05:44:15 +0000
ROA not before:           Thu 27 Nov 2025 05:44:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        2a14:67c2:4ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 00:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c3:d7:43:8c:28:30:84:25:7f:98:43:d7:59:b0:91:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Nov 27 05:44:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ab61bb261cc2e9ebca295455d48267b13a8b3b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:58:1a:59:ae:93:d0:e3:2e:0e:d6:a7:45:fb:
                    0b:2c:e6:ad:af:ce:dc:b6:ef:66:ab:f9:c2:cf:b1:
                    d3:1e:5d:66:6d:f4:65:9d:50:fe:3a:ac:c4:e8:12:
                    96:fc:07:0d:68:82:91:c0:79:af:fc:bc:35:69:18:
                    4f:d6:16:f3:5c:44:a3:32:f2:75:f3:61:d2:2c:c6:
                    26:d4:1c:35:5b:e0:fb:f0:40:ec:66:68:10:88:7a:
                    ca:a6:4b:53:f3:a9:a2:30:9b:75:dd:d0:3b:ec:32:
                    eb:0c:8f:dd:d0:55:42:a7:6f:04:14:98:8f:43:ee:
                    2e:3b:cf:cb:bd:0b:97:da:c6:b7:2f:83:51:10:62:
                    f7:32:7b:8a:74:18:a0:fd:7b:42:39:9c:4e:c9:07:
                    f6:fc:f7:e3:3e:84:c4:a3:7f:c5:c7:27:80:e9:2e:
                    40:80:3b:95:f2:49:05:2c:4b:92:48:46:bc:29:7c:
                    fa:19:bd:f5:18:8d:49:5b:ca:fb:4b:c0:f4:19:0a:
                    d7:01:55:93:3d:71:51:9e:7c:57:b0:6a:67:ea:79:
                    10:01:fa:db:fb:1b:90:60:9c:20:af:07:f9:bd:6d:
                    5f:be:d8:f4:ed:26:f2:3a:3f:48:83:c5:63:84:41:
                    07:02:96:f8:cf:47:dc:23:3c:98:80:ba:0a:c5:d7:
                    da:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B6:1B:B2:61:CC:2E:9E:BC:A2:95:45:5D:48:26:7B:13:A8:B3:B4
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/arYbsmHMLp68opVFXUgmexOos7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:4ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:a0:33:6c:18:29:5a:53:1b:11:c4:e0:96:1c:e7:4b:a7:e8:
         af:04:be:7a:30:40:de:7c:a8:89:b9:3a:f2:0e:39:fc:41:c0:
         95:fc:00:eb:20:af:5b:ac:a1:b6:17:3d:23:d3:bd:ff:b4:28:
         a7:5b:36:5f:f9:e5:bb:dd:09:b2:f9:d2:22:91:a9:05:0e:ef:
         ab:3d:cf:80:f5:6b:06:1c:43:b2:19:d9:1d:1d:c6:39:7e:fe:
         8a:f2:a2:72:96:3b:6f:9d:c2:3d:9b:b7:c8:cb:08:21:e6:ba:
         63:f8:e7:da:0b:cd:63:5d:87:32:f3:a4:d0:9e:07:0c:ee:2f:
         73:76:91:af:75:a4:08:61:de:5c:0a:11:09:1f:2d:6c:e9:da:
         dc:23:c6:24:ae:77:cc:3a:ca:32:bd:16:98:cd:ff:6a:02:9a:
         59:5e:d6:f7:d5:74:c0:c3:29:14:4c:7a:08:2a:46:c6:15:11:
         ff:b0:1d:1f:b0:2b:6e:f4:bb:f6:13:90:06:0a:14:c1:9b:17:
         08:a4:79:9e:a5:8d:a1:a4:a1:48:df:7f:b9:18:e8:a9:cf:f1:
         8a:4f:c0:9c:b3:9e:d7:e5:ab:de:75:15:65:bf:8d:9b:52:fc:
         73:57:0e:a9:a5:a9:f5:ae:24:e8:0c:95:b4:fb:ed:95:1c:20:
         e8:22:72:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZrD10OMKDCEJX+YQ9dZsJGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMTI3MDU0NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWI2MWJiMjYxY2MyZTllYmNhMjk1NDU1ZDQ4MjY3YjEzYThiM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lgaWa6T0OMuDtanRfsLLOatr87c
tu9mq/nCz7HTHl1mbfRlnVD+OqzE6BKW/AcNaIKRwHmv/Lw1aRhP1hbzXESjMvJ1
82HSLMYm1Bw1W+D78EDsZmgQiHrKpktT86miMJt13dA77DLrDI/d0FVCp28EFJiP
Q+4uO8/LvQuX2sa3L4NREGL3MnuKdBig/XtCOZxOyQf2/PfjPoTEo3/FxyeA6S5A
gDuV8kkFLEuSSEa8KXz6Gb31GI1JW8r7S8D0GQrXAVWTPXFRnnxXsGpn6nkQAfrb
+xuQYJwgrwf5vW1fvtj07SbyOj9Ig8VjhEEHApb4z0fcIzyYgLoKxdfaRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGq2G7JhzC6evKKVRV1IJnsTqLO0MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvYXJZYnNtSE1McDY4b3BWRlhVZ21leE9vczdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwgT/
MA0GCSqGSIb3DQEBCwUAA4IBAQAUoDNsGClaUxsRxOCWHOdLp+ivBL56MEDefKiJ
uTryDjn8QcCV/ADrIK9brKG2Fz0j073/tCinWzZf+eW73Qmy+dIikakFDu+rPc+A
9WsGHEOyGdkdHcY5fv6K8qJyljtvncI9m7fIywgh5rpj+OfaC81jXYcy86TQngcM
7i9zdpGvdaQIYd5cChEJHy1s6drcI8YkrnfMOsoyvRaYzf9qAppZXtb31XTAwykU
THoIKkbGFRH/sB0fsCtu9Lv2E5AGChTBmxcIpHmepY2hpKFI33+5GOipz/GKT8Cc
s57X5avedRVlv42bUvxzVw6ppan1riToDJW0++2VHCDoInKk
-----END CERTIFICATE-----