This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/b9wmMcUtcjg4YObHKG8AOC2okYY.roa
File:                     b9wmMcUtcjg4YObHKG8AOC2okYY.roa (raw, json)
Hash identifier:          qumu0K6MTz04INQwPD0E5bnPcl52ngqmhD1z8SigfRI=
Subject key identifier:   6F:DC:26:31:C5:2D:72:38:38:60:E6:C7:28:6F:00:38:2D:A8:91:86
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B7B357BEE4F7AE8FA23A118A4E06C4DD9
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/b9wmMcUtcjg4YObHKG8AOC2okYY.roa
Signing time:             Thu 01 Jan 2026 20:17:41 +0000
ROA not before:           Thu 01 Jan 2026 20:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135671
IP address blocks:        2a14:67c2:519::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 17:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:7b:ee:4f:7a:e8:fa:23:a1:18:a4:e0:6c:4d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  1 20:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fdc2631c52d72383860e6c7286f00382da89186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:28:8b:43:5a:a8:94:a8:69:9f:fd:90:66:42:
                    85:49:9a:87:51:dc:ac:db:3e:c1:35:9e:a8:6a:1a:
                    e7:22:09:2c:80:c7:3c:2e:a9:7b:41:0e:24:93:c5:
                    37:84:c1:4f:6a:9e:8c:40:2f:66:f8:d3:df:60:32:
                    ae:ef:cb:50:54:85:1d:23:14:01:e2:c3:3d:9d:86:
                    52:61:b3:e8:59:30:b8:6b:e3:f3:70:13:ed:4e:33:
                    70:fd:0c:b3:93:81:18:79:8c:30:c6:80:6b:a5:d3:
                    29:ca:a4:92:9f:b1:21:82:8f:69:fb:75:25:63:77:
                    39:49:ec:e4:ce:18:cd:d7:c0:64:59:56:9e:b6:ee:
                    c0:ed:93:ea:b6:68:38:55:2d:eb:f9:e5:f4:d5:7f:
                    b1:a2:2f:31:f9:5d:e8:b2:26:32:75:87:97:c3:3e:
                    ed:fa:d4:37:86:1c:f8:bc:eb:0d:4a:7a:4f:32:4d:
                    c2:ae:78:a0:a8:52:00:b6:93:24:99:b6:4f:98:aa:
                    20:2f:a2:5d:99:cb:5d:37:ba:4f:2b:c0:5a:2f:b4:
                    b5:2f:3d:f8:0f:7b:3d:0e:80:45:8c:2c:6f:84:6b:
                    eb:8d:41:22:98:62:41:b3:57:19:ec:48:9e:5d:06:
                    ee:92:15:2d:35:4d:0b:a7:4a:26:18:27:bb:4e:ed:
                    83:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DC:26:31:C5:2D:72:38:38:60:E6:C7:28:6F:00:38:2D:A8:91:86
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/b9wmMcUtcjg4YObHKG8AOC2okYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:519::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:9b:25:69:e8:33:ae:80:96:bb:6d:68:8c:5e:11:f1:5b:26:
         19:5e:39:ee:86:94:fe:5f:78:e9:44:5c:ad:6e:7b:07:47:7a:
         9b:40:ac:c9:76:a9:55:fd:0d:3d:ba:3d:8e:c3:f6:2a:fb:0d:
         d4:00:72:a1:9e:b5:59:eb:b4:c3:25:38:06:3c:40:e0:9e:44:
         57:1e:f8:cc:f8:32:b2:7b:5e:68:38:e9:c8:f5:fd:73:c0:6c:
         41:36:c4:4b:c3:f2:de:5b:82:5f:d2:5d:d1:6e:ef:6a:bc:a5:
         0f:f2:2b:31:4c:3b:2a:55:ec:30:f5:58:fb:b3:58:5d:87:de:
         8f:7d:18:58:52:a4:c8:ea:37:40:13:ee:80:b9:37:05:94:e3:
         c1:61:20:21:d4:6a:52:d4:de:55:4a:70:be:4e:23:c0:69:07:
         a0:d3:70:a8:b6:9a:1e:e0:f8:d5:85:0d:8b:2b:c5:b3:13:05:
         3e:fe:42:fc:35:66:0c:ac:c4:80:da:03:6c:ec:8d:c3:7f:f1:
         f7:55:41:e6:23:2f:65:e3:b1:76:0c:b9:a6:d0:e0:32:6d:a4:
         80:f7:ec:93:41:f8:e6:10:03:87:3e:05:82:a1:8d:5e:c2:16:
         3f:a5:4d:a7:3b:66:09:0b:31:3c:a3:68:06:29:a8:29:c4:da:
         71:c6:04:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NXvuT3ro+iOhGKTgbE3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTAxMjAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRjMjYzMWM1MmQ3MjM4Mzg2MGU2YzcyODZmMDAzODJkYTg5MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CiLQ1qolKhpn/2QZkKFSZqHUdys
2z7BNZ6oahrnIgksgMc8Lql7QQ4kk8U3hMFPap6MQC9m+NPfYDKu78tQVIUdIxQB
4sM9nYZSYbPoWTC4a+PzcBPtTjNw/Qyzk4EYeYwwxoBrpdMpyqSSn7Ehgo9p+3Ul
Y3c5SezkzhjN18BkWVaetu7A7ZPqtmg4VS3r+eX01X+xoi8x+V3osiYydYeXwz7t
+tQ3hhz4vOsNSnpPMk3CrnigqFIAtpMkmbZPmKogL6JdmctdN7pPK8BaL7S1Lz34
D3s9DoBFjCxvhGvrjUEimGJBs1cZ7EieXQbukhUtNU0Lp0omGCe7Tu2DNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG/cJjHFLXI4OGDmxyhvADgtqJGGMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvYjl3bU1jVXRjamc0WU9iSEtHOEFPQzJva1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwgUZ
MA0GCSqGSIb3DQEBCwUAA4IBAQB9myVp6DOugJa7bWiMXhHxWyYZXjnuhpT+X3jp
RFytbnsHR3qbQKzJdqlV/Q09uj2Ow/Yq+w3UAHKhnrVZ67TDJTgGPEDgnkRXHvjM
+DKye15oOOnI9f1zwGxBNsRLw/LeW4Jf0l3Rbu9qvKUP8isxTDsqVeww9Vj7s1hd
h96PfRhYUqTI6jdAE+6AuTcFlOPBYSAh1GpS1N5VSnC+TiPAaQeg03Cotpoe4PjV
hQ2LK8WzEwU+/kL8NWYMrMSA2gNs7I3Df/H3VUHmIy9l47F2DLmm0OAybaSA9+yT
QfjmEAOHPgWCoY1ewhY/pU2nO2YJCzE8o2gGKagpxNpxxgTJ
-----END CERTIFICATE-----