This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/oCDLp44KeSMJvVZp5T2IShxlL4o.roa
File:                     oCDLp44KeSMJvVZp5T2IShxlL4o.roa (raw, json)
Hash identifier:          OLzEYYayae+FmqrETQJHCGxfQyGvHodRSRrVJfyY0No=
Subject key identifier:   A0:20:CB:A7:8E:0A:79:23:09:BD:56:69:E5:3D:88:4A:1C:65:2F:8A
Certificate issuer:       /CN=04a312ba65e90bf8acf4f57324a30c0b6cbd1c2f
Certificate serial:       019B7C1218093AD68847FEE7312B061E35F4
Authority key identifier: 04:A3:12:BA:65:E9:0B:F8:AC:F4:F5:73:24:A3:0C:0B:6C:BD:1C:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKMSumXpC_is9PVzJKMMC2y9HC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/oCDLp44KeSMJvVZp5T2IShxlL4o.roa
Signing time:             Fri 02 Jan 2026 00:18:39 +0000
ROA not before:           Fri 02 Jan 2026 00:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43591
IP address blocks:        2001:67c:2028::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/BKMSumXpC_is9PVzJKMMC2y9HC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/BKMSumXpC_is9PVzJKMMC2y9HC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKMSumXpC_is9PVzJKMMC2y9HC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:18:09:3a:d6:88:47:fe:e7:31:2b:06:1e:35:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a312ba65e90bf8acf4f57324a30c0b6cbd1c2f
        Validity
            Not Before: Jan  2 00:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a020cba78e0a792309bd5669e53d884a1c652f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6d:03:35:97:4c:d8:a6:35:f6:c8:16:15:72:
                    98:97:18:2f:5f:57:fd:f4:9d:7f:55:96:10:a8:f7:
                    df:a2:bb:92:4d:da:aa:cc:f3:6b:46:07:c8:64:24:
                    30:8c:8a:f5:5c:b3:1e:e0:17:04:50:ea:66:81:98:
                    c7:aa:90:57:0e:1d:bd:48:58:cc:f0:ae:1b:68:88:
                    c0:c3:e4:ba:9c:d7:5e:6d:af:fb:99:3d:88:83:4e:
                    d2:cd:01:5e:af:7d:ff:7e:6d:34:93:ee:eb:fc:9d:
                    95:1b:37:58:2e:74:ae:3f:33:aa:9b:62:7d:2a:60:
                    84:62:77:ef:c3:ff:05:17:94:fc:a7:23:23:ed:f6:
                    92:35:16:1c:a4:88:2b:7d:07:78:b4:8f:e5:bb:95:
                    e7:be:0f:23:75:fb:bb:92:8d:51:72:31:ff:8f:57:
                    45:11:2d:85:54:75:88:09:31:57:a6:81:bc:4d:b5:
                    72:5c:56:33:dc:46:3b:65:5f:40:67:8c:41:a7:67:
                    6d:3a:a8:47:bc:29:88:2f:05:3d:c1:10:fd:ff:6c:
                    b1:81:cf:96:48:05:a6:06:ed:c8:c3:7d:3f:62:e3:
                    d2:e8:e5:4f:48:bb:09:f7:6c:1c:36:3a:f1:4e:b6:
                    46:cd:70:89:13:1e:fd:99:5e:22:5a:f5:89:47:c9:
                    4e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:20:CB:A7:8E:0A:79:23:09:BD:56:69:E5:3D:88:4A:1C:65:2F:8A
            X509v3 Authority Key Identifier:
                keyid:04:A3:12:BA:65:E9:0B:F8:AC:F4:F5:73:24:A3:0C:0B:6C:BD:1C:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKMSumXpC_is9PVzJKMMC2y9HC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/oCDLp44KeSMJvVZp5T2IShxlL4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3cf75-40b9-4034-84b9-cccbc2ae6948/1/BKMSumXpC_is9PVzJKMMC2y9HC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2028::/48

    Signature Algorithm: sha256WithRSAEncryption
         d1:04:78:11:9b:5a:54:d1:4c:77:a9:e0:ea:66:3d:b6:7c:3b:
         09:6f:44:10:8a:bd:26:3d:47:4b:2d:f9:b2:70:ae:bb:e2:41:
         26:d1:b6:b1:d1:39:01:15:2a:f5:86:c3:d0:ff:14:1b:70:8c:
         aa:b6:3c:dc:49:e4:1b:4d:4a:ce:04:a3:dd:54:51:71:24:a7:
         ea:bc:e5:93:33:b3:b6:b0:15:90:3e:87:90:2c:77:4d:e7:f6:
         53:32:35:81:ff:fc:18:ea:86:c9:0d:62:03:61:43:91:e6:92:
         b2:35:5d:a2:da:f8:67:05:49:68:23:f2:1d:03:4c:0d:10:3c:
         66:af:e5:4b:df:17:07:f4:d6:20:ac:b0:b5:e9:45:b1:24:fc:
         89:da:ed:44:a0:c4:23:91:f8:cf:bb:67:9c:cb:d7:84:8f:5b:
         de:8f:f9:df:a2:3c:64:27:af:8f:bb:6a:0e:a2:87:4a:2a:db:
         e9:32:03:7c:6e:94:ed:a5:63:79:d6:f3:07:f1:8e:a6:06:6b:
         cb:8c:26:a2:23:20:22:41:af:4e:b3:d9:3d:a4:fc:20:91:35:
         43:64:b7:1b:2c:fb:8c:46:c3:aa:ad:0d:b6:96:c7:55:00:ac:
         1e:b2:2b:67:bc:3b:11:84:0a:08:ee:b2:8b:23:6b:ef:b5:32:
         56:26:2e:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EhgJOtaIR/7nMSsGHjX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTMxMmJhNjVlOTBiZjhhY2Y0ZjU3MzI0YTMwYzBiNmNi
ZDFjMmYwHhcNMjYwMTAyMDAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDIwY2JhNzhlMGE3OTIzMDliZDU2NjllNTNkODg0YTFjNjUyZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W0DNZdM2KY19sgWFXKYlxgvX1f9
9J1/VZYQqPfforuSTdqqzPNrRgfIZCQwjIr1XLMe4BcEUOpmgZjHqpBXDh29SFjM
8K4baIjAw+S6nNdeba/7mT2Ig07SzQFer33/fm00k+7r/J2VGzdYLnSuPzOqm2J9
KmCEYnfvw/8FF5T8pyMj7faSNRYcpIgrfQd4tI/lu5Xnvg8jdfu7ko1RcjH/j1dF
ES2FVHWICTFXpoG8TbVyXFYz3EY7ZV9AZ4xBp2dtOqhHvCmILwU9wRD9/2yxgc+W
SAWmBu3Iw30/YuPS6OVPSLsJ92wcNjrxTrZGzXCJEx79mV4iWvWJR8lOYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKAgy6eOCnkjCb1WaeU9iEocZS+KMB8GA1UdIwQY
MBaAFASjErpl6Qv4rPT1cySjDAtsvRwvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktNU3VtWHBDX2lzOVBWekpLTU1DMnk5SEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lM2NmNzUtNDBiOS00MDM0LTg0Yjkt
Y2NjYmMyYWU2OTQ4LzEvb0NETHA0NEtlU01KdlZacDVUMklTaHhsTDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lM2NmNzUtNDBiOS00MDM0LTg0YjktY2NjYmMyYWU2OTQ4
LzEvQktNU3VtWHBDX2lzOVBWekpLTU1DMnk5SEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCAo
MA0GCSqGSIb3DQEBCwUAA4IBAQDRBHgRm1pU0Ux3qeDqZj22fDsJb0QQir0mPUdL
LfmycK674kEm0bax0TkBFSr1hsPQ/xQbcIyqtjzcSeQbTUrOBKPdVFFxJKfqvOWT
M7O2sBWQPoeQLHdN5/ZTMjWB//wY6obJDWIDYUOR5pKyNV2i2vhnBUloI/IdA0wN
EDxmr+VL3xcH9NYgrLC16UWxJPyJ2u1EoMQjkfjPu2ecy9eEj1vej/nfojxkJ6+P
u2oOoodKKtvpMgN8bpTtpWN51vMH8Y6mBmvLjCaiIyAiQa9Os9k9pPwgkTVDZLcb
LPuMRsOqrQ22lsdVAKwesitnvDsRhAoI7rKLI2vvtTJWJi6C
-----END CERTIFICATE-----