This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/UZ8MoagtWKlsIsRGsjso-iozLGw.roa
File:                     UZ8MoagtWKlsIsRGsjso-iozLGw.roa (raw, json)
Hash identifier:          dnetz1uWniSUYV1OlTPjy0Ix9dXrnsa95CDJdNzqlUI=
Subject key identifier:   51:9F:0C:A1:A8:2D:58:A9:6C:22:C4:46:B2:3B:28:FA:2A:33:2C:6C
Certificate issuer:       /CN=4367547d851e3cd776cd33290b2454acc0e851bb
Certificate serial:       019B7FF125C6327B4C74EE60AD0B73EBBD66
Authority key identifier: 43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/UZ8MoagtWKlsIsRGsjso-iozLGw.roa
Signing time:             Fri 02 Jan 2026 18:21:08 +0000
ROA not before:           Fri 02 Jan 2026 18:21:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a14:56c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:25:c6:32:7b:4c:74:ee:60:ad:0b:73:eb:bd:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4367547d851e3cd776cd33290b2454acc0e851bb
        Validity
            Not Before: Jan  2 18:21:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=519f0ca1a82d58a96c22c446b23b28fa2a332c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:49:29:d1:18:3d:58:2d:ad:f0:0b:a4:05:2d:
                    82:c2:58:6f:ab:a8:47:f3:b6:95:60:a5:85:f7:ff:
                    b9:87:01:9e:88:29:ae:d5:c5:a7:fd:a1:8c:90:7f:
                    95:4f:94:86:20:e7:5a:92:60:ef:8f:33:2d:93:72:
                    57:bf:8a:85:52:67:bd:a1:be:12:7d:04:f6:9e:46:
                    34:c7:c6:d6:20:f4:24:a6:8e:e9:92:c6:d0:b9:cd:
                    ac:a5:cb:2c:81:d8:47:35:9b:07:82:2e:01:fb:2b:
                    e6:23:71:d4:f5:60:f9:ea:df:6e:65:f9:d2:11:e7:
                    99:18:00:3c:5d:ea:18:3d:13:2c:85:90:fd:45:87:
                    94:38:20:fa:7b:9c:5f:49:64:b7:4a:d6:ea:54:f2:
                    c6:a8:16:06:9d:de:71:f4:dd:98:fc:02:18:31:46:
                    87:1a:53:0d:cf:d4:a3:66:96:af:25:e5:08:7f:ad:
                    e9:93:26:c6:d3:f5:8e:29:3e:6d:75:fe:c2:9a:f7:
                    4e:8d:bb:5c:31:01:fd:72:8e:87:31:11:dd:91:05:
                    8e:fd:35:db:c3:1b:05:df:21:e7:2b:0a:41:78:cb:
                    d5:3f:b6:18:a2:e0:97:91:65:f1:bd:b8:6e:fd:c0:
                    38:04:db:01:d2:b5:b0:00:f0:41:60:3d:6f:68:77:
                    06:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9F:0C:A1:A8:2D:58:A9:6C:22:C4:46:B2:3B:28:FA:2A:33:2C:6C
            X509v3 Authority Key Identifier:
                keyid:43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/UZ8MoagtWKlsIsRGsjso-iozLGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:56c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:27:b0:e2:bc:4d:3e:ee:21:90:2b:b9:41:2e:22:43:03:2a:
         c8:57:15:dc:ac:45:83:d4:9c:ec:17:f6:59:81:76:40:7b:f1:
         30:0a:63:03:65:ff:7c:f4:7b:00:9e:6d:36:98:64:25:98:cf:
         f4:89:3b:05:de:45:2d:38:da:e8:0d:c5:d2:44:e8:4e:46:76:
         73:b6:ae:6e:9b:b3:ba:bf:aa:8b:25:3b:73:4d:30:69:7f:e8:
         14:e5:08:b1:97:74:5f:47:3c:5d:a1:a4:19:e2:74:f3:3e:2b:
         9d:2a:61:50:2c:ca:f7:1b:4f:37:f8:d5:fb:6e:79:a1:70:cb:
         a4:e3:05:60:38:5f:c9:a7:34:72:50:d1:f7:bb:c3:a5:12:bd:
         32:83:9d:8e:89:e0:42:e7:99:82:11:1d:20:10:a4:34:22:1b:
         f9:64:be:03:e5:a3:79:a3:0e:79:73:05:85:6f:84:88:f4:3e:
         44:ed:99:6a:23:f7:b8:42:9f:3a:6b:f2:af:6b:d6:bb:21:72:
         0c:68:e4:8a:58:e3:0c:6a:f3:6f:fb:cf:44:74:85:b9:be:a9:
         7c:d6:d8:04:86:c0:ef:e6:52:6e:dd:26:d1:5d:25:eb:27:60:
         f3:b0:9d:36:29:98:89:7c:b3:b0:e2:e3:07:9d:ad:5b:6f:1d:
         22:ff:85:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/8SXGMntMdO5grQtz671mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjc1NDdkODUxZTNjZDc3NmNkMzMyOTBiMjQ1NGFjYzBl
ODUxYmIwHhcNMjYwMTAyMTgyMTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTlmMGNhMWE4MmQ1OGE5NmMyMmM0NDZiMjNiMjhmYTJhMzMyYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0kp0Rg9WC2t8AukBS2Cwlhvq6hH
87aVYKWF9/+5hwGeiCmu1cWn/aGMkH+VT5SGIOdakmDvjzMtk3JXv4qFUme9ob4S
fQT2nkY0x8bWIPQkpo7pksbQuc2spcssgdhHNZsHgi4B+yvmI3HU9WD56t9uZfnS
EeeZGAA8XeoYPRMshZD9RYeUOCD6e5xfSWS3StbqVPLGqBYGnd5x9N2Y/AIYMUaH
GlMNz9SjZpavJeUIf63pkybG0/WOKT5tdf7CmvdOjbtcMQH9co6HMRHdkQWO/TXb
wxsF3yHnKwpBeMvVP7YYouCXkWXxvbhu/cA4BNsB0rWwAPBBYD1vaHcGGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFGfDKGoLVipbCLERrI7KPoqMyxsMB8GA1UdIwQY
MBaAFENnVH2FHjzXds0zKQskVKzA6FG7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYt
ZGFiN2YwYzhkMjQwLzEvVVo4TW9hZ3RXS2xzSXNSR3Nqc28taW96TEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYtZGFiN2YwYzhkMjQw
LzEvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFiew4rxNPu4hkCu5QS4iQwMqyFcV3KxFg9Sc7Bf2
WYF2QHvxMApjA2X/fPR7AJ5tNphkJZjP9Ik7Bd5FLTja6A3F0kToTkZ2c7aubpuz
ur+qiyU7c00waX/oFOUIsZd0X0c8XaGkGeJ08z4rnSphUCzK9xtPN/jV+255oXDL
pOMFYDhfyac0clDR97vDpRK9MoOdjongQueZghEdIBCkNCIb+WS+A+WjeaMOeXMF
hW+EiPQ+RO2ZaiP3uEKfOmvyr2vWuyFyDGjkiljjDGrzb/vPRHSFub6pfNbYBIbA
7+ZSbt0m0V0l6ydg87CdNimYiXyzsOLjB52tW28dIv+FOg==
-----END CERTIFICATE-----