This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/z585MlMo7mSSr9Hk1ivV-63iY4Q.roa
File:                     z585MlMo7mSSr9Hk1ivV-63iY4Q.roa (raw, json)
Hash identifier:          DZmssWKd0chIvnTRvKAN4jdqih24+ZhEvPT2Hj5FZkI=
Subject key identifier:   CF:9F:39:32:53:28:EE:64:92:AF:D1:E4:D6:2B:D5:FB:AD:E2:63:84
Certificate issuer:       /CN=e109e278c7862254c88755e4717398a552a49040
Certificate serial:       019B79ED5787E8F83C4AAF5F4549DC0C6BCE
Authority key identifier: E1:09:E2:78:C7:86:22:54:C8:87:55:E4:71:73:98:A5:52:A4:90:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/z585MlMo7mSSr9Hk1ivV-63iY4Q.roa
Signing time:             Thu 01 Jan 2026 14:19:16 +0000
ROA not before:           Thu 01 Jan 2026 14:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212226
IP address blocks:        2001:67c:b54::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:57:87:e8:f8:3c:4a:af:5f:45:49:dc:0c:6b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e109e278c7862254c88755e4717398a552a49040
        Validity
            Not Before: Jan  1 14:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf9f39325328ee6492afd1e4d62bd5fbade26384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:55:55:bd:c8:7a:76:ec:e7:7c:f3:6e:a4:60:
                    93:f0:e0:8b:e9:95:85:4f:20:e4:b2:60:6d:85:63:
                    a4:84:d9:f8:02:20:d0:64:59:11:f9:46:c8:be:de:
                    c2:84:c3:c5:1d:aa:b6:e4:f9:43:5d:1e:4f:11:07:
                    fe:35:0e:15:72:d0:8f:8c:93:a3:d3:89:f0:8f:0c:
                    f4:0c:8d:c8:ba:bd:ab:5d:49:cf:a9:f7:4d:ad:25:
                    4e:17:68:8a:9d:48:ce:af:ae:1d:88:9c:2c:d6:2f:
                    63:b9:34:cf:dc:63:a9:a3:67:0a:bc:7d:13:43:ae:
                    b2:a1:31:26:74:4a:fa:c2:15:72:69:95:a3:11:cb:
                    a6:bd:c6:8f:7c:0f:62:53:52:e1:19:34:4d:85:76:
                    47:11:40:46:6c:4d:2f:4d:57:8b:9a:f1:04:fc:94:
                    b6:ea:5b:92:fb:5e:3f:6f:60:b1:d1:2c:19:55:2d:
                    d7:91:ca:a7:cb:e0:26:be:1d:64:fa:50:7c:f4:f8:
                    1e:26:17:52:c1:f8:c0:75:23:3c:7f:38:81:f7:6b:
                    92:68:38:fb:50:88:09:ea:e6:eb:39:04:df:c2:ac:
                    c0:dc:f2:21:6e:79:8d:04:c5:50:02:c1:7f:15:83:
                    1e:d0:c8:e2:34:52:c7:dd:51:47:38:b4:de:9d:4e:
                    56:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9F:39:32:53:28:EE:64:92:AF:D1:E4:D6:2B:D5:FB:AD:E2:63:84
            X509v3 Authority Key Identifier:
                keyid:E1:09:E2:78:C7:86:22:54:C8:87:55:E4:71:73:98:A5:52:A4:90:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/z585MlMo7mSSr9Hk1ivV-63iY4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b54::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:2e:0e:12:9b:f3:25:56:6a:1f:92:1a:ba:1f:a1:d8:56:0f:
         c8:42:20:09:8f:dc:63:49:32:64:64:d3:f7:86:02:85:02:f0:
         23:b4:dc:59:d8:fd:c0:8a:6f:03:df:c3:da:1c:80:2d:57:2c:
         45:19:ea:84:52:02:1a:dc:3a:b8:3e:4f:98:e5:e5:a3:0c:fa:
         c3:27:20:96:46:69:69:13:b4:f0:d4:89:cc:ae:07:e4:aa:dc:
         3b:62:94:40:54:cf:bd:5e:73:89:5a:a8:da:00:1f:77:63:df:
         15:ef:fd:3c:30:61:6a:af:74:9d:24:e4:b1:6a:cf:3d:86:7a:
         58:d3:e7:ec:b4:cc:14:6c:cf:59:d2:1b:7f:15:2f:a7:c8:38:
         bb:dd:b7:b1:55:cc:98:91:72:92:ff:ad:f1:5f:7c:26:87:dd:
         1d:62:77:2a:8f:ae:95:f8:0a:b1:6f:1a:00:77:08:d3:c1:26:
         d2:c4:f1:03:21:c5:08:c6:c0:f4:16:f8:ae:29:b8:23:0f:45:
         65:c9:cf:cf:7c:78:f3:35:b6:65:53:02:6d:c5:7f:71:3a:80:
         d1:b0:8e:4e:c0:10:01:69:49:81:3e:02:a5:75:87:01:18:77:
         8f:94:a3:49:4a:b2:3d:23:11:14:9c:fb:bb:5f:74:59:98:bb:
         7f:c3:d1:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57VeH6Pg8Sq9fRUncDGvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMDllMjc4Yzc4NjIyNTRjODg3NTVlNDcxNzM5OGE1NTJh
NDkwNDAwHhcNMjYwMTAxMTQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjlmMzkzMjUzMjhlZTY0OTJhZmQxZTRkNjJiZDVmYmFkZTI2Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFVVvch6duznfPNupGCT8OCL6ZWF
TyDksmBthWOkhNn4AiDQZFkR+UbIvt7ChMPFHaq25PlDXR5PEQf+NQ4VctCPjJOj
04nwjwz0DI3Iur2rXUnPqfdNrSVOF2iKnUjOr64diJws1i9juTTP3GOpo2cKvH0T
Q66yoTEmdEr6whVyaZWjEcumvcaPfA9iU1LhGTRNhXZHEUBGbE0vTVeLmvEE/JS2
6luS+14/b2Cx0SwZVS3Xkcqny+Amvh1k+lB89PgeJhdSwfjAdSM8fziB92uSaDj7
UIgJ6ubrOQTfwqzA3PIhbnmNBMVQAsF/FYMe0MjiNFLH3VFHOLTenU5WLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM+fOTJTKO5kkq/R5NYr1fut4mOEMB8GA1UdIwQY
MBaAFOEJ4njHhiJUyIdV5HFzmKVSpJBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFFuaWVNZUdJbFRJaDFYa2NYT1lwVktra0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lMDcyZDctODdjMC00YjczLTlhNGQt
MmYwM2UzMmJkMjFhLzEvejU4NU1sTW83bVNTcjlIazFpdlYtNjNpWTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lMDcyZDctODdjMC00YjczLTlhNGQtMmYwM2UzMmJkMjFh
LzEvNFFuaWVNZUdJbFRJaDFYa2NYT1lwVktra0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtU
MA0GCSqGSIb3DQEBCwUAA4IBAQBWLg4Sm/MlVmofkhq6H6HYVg/IQiAJj9xjSTJk
ZNP3hgKFAvAjtNxZ2P3Aim8D38PaHIAtVyxFGeqEUgIa3Dq4Pk+Y5eWjDPrDJyCW
RmlpE7Tw1InMrgfkqtw7YpRAVM+9XnOJWqjaAB93Y98V7/08MGFqr3SdJOSxas89
hnpY0+fstMwUbM9Z0ht/FS+nyDi73bexVcyYkXKS/63xX3wmh90dYncqj66V+Aqx
bxoAdwjTwSbSxPEDIcUIxsD0FviuKbgjD0Vlyc/PfHjzNbZlUwJtxX9xOoDRsI5O
wBABaUmBPgKldYcBGHePlKNJSrI9IxEUnPu7X3RZmLt/w9EC
-----END CERTIFICATE-----