This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ivx4mCWdZRb5gzUSisSVoksj7WQ.roa
File:                     ivx4mCWdZRb5gzUSisSVoksj7WQ.roa (raw, json)
Hash identifier:          ljpAsBJ6179wkd4U7s9SmEB4spn1e3XogSD8JBT6J5Y=
Subject key identifier:   8A:FC:78:98:25:9D:65:16:F9:83:35:12:8A:C4:95:A2:4B:23:ED:64
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B7B358772E6E424D24A6B0F8539A55687
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ivx4mCWdZRb5gzUSisSVoksj7WQ.roa
Signing time:             Thu 01 Jan 2026 20:17:44 +0000
ROA not before:           Thu 01 Jan 2026 20:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210554
IP address blocks:        2a14:67c1:b300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 07:52:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:87:72:e6:e4:24:d2:4a:6b:0f:85:39:a5:56:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  1 20:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8afc7898259d6516f98335128ac495a24b23ed64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f4:0b:23:40:0a:9a:ab:b3:4c:0d:84:bb:9c:
                    f3:de:b1:f1:64:51:b5:1c:08:1a:9e:e3:ca:e4:2e:
                    15:ca:17:0c:81:bc:c1:de:5b:26:2a:29:92:50:9f:
                    ba:5e:c2:4f:fc:c5:b5:a2:3b:db:1e:2f:4b:e8:b0:
                    97:53:60:75:4a:36:2e:bd:7d:a3:97:ae:25:2c:d9:
                    02:fa:b6:1c:31:31:d3:5b:12:96:3a:5a:0e:1b:04:
                    44:88:fd:50:02:56:e0:80:0a:e4:6d:24:65:be:2d:
                    16:48:2d:d5:35:50:05:dd:f4:01:fb:9f:f8:30:5a:
                    eb:77:54:24:cd:ac:e5:36:1f:81:18:3a:db:03:a4:
                    f8:3c:74:00:9e:14:fa:6a:b6:d7:40:0a:85:ee:10:
                    bb:47:15:50:c0:2d:4b:58:13:99:63:9c:d3:cb:7d:
                    45:2f:98:08:c5:ea:bf:49:96:85:8f:89:b1:71:3c:
                    ca:a0:bc:ac:35:ee:cd:be:f1:83:d6:75:a5:5c:58:
                    67:57:fb:21:ee:4f:92:d2:c0:71:00:43:03:e8:d5:
                    c9:95:a2:5d:a8:96:66:40:a9:41:aa:d0:5d:d5:d4:
                    e1:3b:c0:c0:0d:d8:de:50:0f:67:4c:f3:06:b6:80:
                    60:61:14:9b:6d:b1:27:ac:5f:da:a4:e4:0f:56:17:
                    fd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:FC:78:98:25:9D:65:16:F9:83:35:12:8A:C4:95:A2:4B:23:ED:64
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ivx4mCWdZRb5gzUSisSVoksj7WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b300::/40

    Signature Algorithm: sha256WithRSAEncryption
         73:74:2c:c8:c7:ab:09:b0:58:2f:34:db:26:af:0e:da:ff:12:
         ed:b5:21:8f:49:23:19:42:4c:fe:48:6a:0f:a2:be:bb:a1:97:
         30:8d:5a:27:44:6f:d2:31:e3:63:95:7f:32:a7:06:b9:89:e7:
         4a:29:03:c2:89:42:99:68:7d:da:d5:3c:64:51:a3:06:8a:f0:
         45:53:9a:c2:d8:b6:32:74:f7:b5:c6:18:20:b8:8c:67:c1:5d:
         96:15:f6:5d:33:e1:38:b8:3b:b2:b0:2b:a0:fc:2b:4b:f7:b5:
         3a:29:c5:7c:6a:f4:05:ae:55:d5:65:7b:4a:f7:d7:04:00:56:
         e3:4a:5a:46:0e:db:53:bc:80:c1:3d:eb:31:d2:73:6d:d6:e7:
         1a:9f:04:78:35:be:99:49:ba:c0:3f:7c:37:82:ce:cb:9a:7b:
         a5:b0:50:8a:91:0b:ad:02:eb:27:52:de:90:d3:4f:84:74:d4:
         32:c2:1c:99:57:4e:30:f7:79:9a:4d:cb:e7:d4:53:3d:b8:13:
         57:e6:c2:d5:6b:eb:45:b9:95:d4:b4:5a:38:04:d2:ab:66:de:
         20:33:32:9d:55:5e:53:07:28:84:bf:cb:88:73:b4:a6:8e:2d:
         f1:27:b1:f6:8c:98:11:22:90:5d:e6:94:37:68:30:2d:15:70:
         2e:a9:8c:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7NYdy5uQk0kprD4U5pVaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTAxMjAxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWZjNzg5ODI1OWQ2NTE2Zjk4MzM1MTI4YWM0OTVhMjRiMjNlZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vQLI0AKmquzTA2Eu5zz3rHxZFG1
HAganuPK5C4VyhcMgbzB3lsmKimSUJ+6XsJP/MW1ojvbHi9L6LCXU2B1SjYuvX2j
l64lLNkC+rYcMTHTWxKWOloOGwREiP1QAlbggArkbSRlvi0WSC3VNVAF3fQB+5/4
MFrrd1QkzazlNh+BGDrbA6T4PHQAnhT6arbXQAqF7hC7RxVQwC1LWBOZY5zTy31F
L5gIxeq/SZaFj4mxcTzKoLysNe7NvvGD1nWlXFhnV/sh7k+S0sBxAEMD6NXJlaJd
qJZmQKlBqtBd1dThO8DADdjeUA9nTPMGtoBgYRSbbbEnrF/apOQPVhf91QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIr8eJglnWUW+YM1EorElaJLI+1kMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaXZ4NG1DV2RaUmI1Z3pVU2lzU1Zva3NqN1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwbMw
DQYJKoZIhvcNAQELBQADggEBAHN0LMjHqwmwWC802yavDtr/Eu21IY9JIxlCTP5I
ag+ivruhlzCNWidEb9Ix42OVfzKnBrmJ50opA8KJQplofdrVPGRRowaK8EVTmsLY
tjJ097XGGCC4jGfBXZYV9l0z4Ti4O7KwK6D8K0v3tTopxXxq9AWuVdVle0r31wQA
VuNKWkYO21O8gME96zHSc23W5xqfBHg1vplJusA/fDeCzsuae6WwUIqRC60C6ydS
3pDTT4R01DLCHJlXTjD3eZpNy+fUUz24E1fmwtVr60W5ldS0WjgE0qtm3iAzMp1V
XlMHKIS/y4hztKaOLfEnsfaMmBEikF3mlDdoMC0VcC6pjGo=
-----END CERTIFICATE-----