This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/RqlCRGLn8WCi_decwvLY1MH3NJ0.roa
File:                     RqlCRGLn8WCi_decwvLY1MH3NJ0.roa (raw, json)
Hash identifier:          e6wtpCGhTAbBzVr4hSDCQshEk7sSjJ31RaQhsBrVJiY=
Subject key identifier:   46:A9:42:44:62:E7:F1:60:A2:FD:D7:9C:C2:F2:D8:D4:C1:F7:34:9D
Certificate issuer:       /CN=18f27c0c0b35ddd42bb892c16845a63b0027a1c7
Certificate serial:       019B7B364EE281063D79F072A1DAA1D421E9
Authority key identifier: 18:F2:7C:0C:0B:35:DD:D4:2B:B8:92:C1:68:45:A6:3B:00:27:A1:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/RqlCRGLn8WCi_decwvLY1MH3NJ0.roa
Signing time:             Thu 01 Jan 2026 20:18:35 +0000
ROA not before:           Thu 01 Jan 2026 20:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2001:7f8:149::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:4e:e2:81:06:3d:79:f0:72:a1:da:a1:d4:21:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f27c0c0b35ddd42bb892c16845a63b0027a1c7
        Validity
            Not Before: Jan  1 20:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46a9424462e7f160a2fdd79cc2f2d8d4c1f7349d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f6:91:86:b2:90:13:78:9e:f3:ae:c2:0e:3d:
                    07:e1:4f:8e:c2:e0:63:be:c0:a5:b3:e5:51:39:03:
                    92:76:df:79:a8:cb:97:00:fc:da:cc:71:0a:35:11:
                    1d:62:2e:b0:1e:db:35:e0:89:a8:31:92:0b:c1:b4:
                    49:6c:60:43:28:27:60:80:54:ad:a2:ff:23:a4:42:
                    a9:ee:f9:f6:83:b4:11:68:ac:cd:66:c5:5c:f0:59:
                    67:0f:d2:bf:a7:df:ec:c9:f4:ca:87:9f:ea:3f:bf:
                    74:30:82:c3:d2:d0:63:86:05:39:19:6c:00:97:c7:
                    76:72:1d:e0:b9:54:7b:39:d5:31:de:87:8a:fb:84:
                    d1:af:71:c2:06:2f:75:88:53:74:44:c1:64:26:6a:
                    77:d3:17:0d:6a:f0:38:53:8c:70:b3:db:61:00:03:
                    c1:11:63:f2:ee:f9:a3:71:d8:58:72:4b:3d:cd:80:
                    e7:56:9e:65:ee:ac:16:f5:3c:95:a3:ef:83:6f:c7:
                    01:51:b9:2a:bd:67:47:40:cd:86:00:f0:4d:33:2b:
                    36:aa:12:eb:28:fa:12:f3:1a:26:b3:b7:ff:f9:ac:
                    ef:27:5e:02:3e:18:e3:fa:d0:6b:80:34:e2:45:32:
                    32:c0:6b:f8:8b:c3:b8:ff:36:cc:8c:a2:e0:df:19:
                    41:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A9:42:44:62:E7:F1:60:A2:FD:D7:9C:C2:F2:D8:D4:C1:F7:34:9D
            X509v3 Authority Key Identifier:
                keyid:18:F2:7C:0C:0B:35:DD:D4:2B:B8:92:C1:68:45:A6:3B:00:27:A1:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPJ8DAs13dQruJLBaEWmOwAnocc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/RqlCRGLn8WCi_decwvLY1MH3NJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/32bfe3-901c-4685-be0a-afac204d990f/1/GPJ8DAs13dQruJLBaEWmOwAnocc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:149::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:58:4f:08:9a:fd:8d:3e:b2:5a:eb:45:f4:09:bd:a1:c0:13:
         81:2d:ad:c6:00:a6:6f:bb:c8:6f:eb:a9:bf:51:fe:6a:10:1e:
         17:36:dc:2b:53:58:24:4e:52:07:9e:33:06:38:78:61:9d:49:
         14:76:17:a0:47:0a:66:f5:d9:44:c8:c1:47:b9:63:89:c0:f4:
         c9:50:4d:5d:ea:24:e8:05:e5:13:2e:c9:25:89:3e:cc:e9:90:
         d7:cd:6d:42:eb:8b:61:0e:c0:d6:2b:8e:a9:91:71:30:97:fa:
         24:0e:3b:bc:ff:cc:36:e2:f4:47:a0:32:bd:be:40:30:f6:57:
         30:a5:10:52:ef:71:6c:ae:45:68:c0:2e:90:11:07:96:e8:aa:
         6a:0a:9e:a4:45:98:85:76:68:3c:c5:7b:98:cc:a5:67:05:b6:
         1c:d4:5c:6c:b9:39:85:ee:26:4c:51:70:82:c5:7f:7b:d3:03:
         68:80:d3:7f:77:58:ef:35:8b:1b:58:8e:82:c2:60:25:e8:73:
         92:3d:ac:e7:17:bb:19:27:3d:3a:4c:d7:96:80:93:a4:fe:c3:
         43:9b:30:1b:09:ac:b3:a1:c2:3b:1c:42:be:8e:39:fa:45:19:
         e9:2e:f5:6e:44:4a:09:96:12:ac:ea:20:d9:db:2f:13:d3:b3:
         29:df:23:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7Nk7igQY9efByodqh1CHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjI3YzBjMGIzNWRkZDQyYmI4OTJjMTY4NDVhNjNiMDAy
N2ExYzcwHhcNMjYwMTAxMjAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmE5NDI0NDYyZTdmMTYwYTJmZGQ3OWNjMmYyZDhkNGMxZjczNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/aRhrKQE3ie867CDj0H4U+OwuBj
vsCls+VROQOSdt95qMuXAPzazHEKNREdYi6wHts14ImoMZILwbRJbGBDKCdggFSt
ov8jpEKp7vn2g7QRaKzNZsVc8FlnD9K/p9/syfTKh5/qP790MILD0tBjhgU5GWwA
l8d2ch3guVR7OdUx3oeK+4TRr3HCBi91iFN0RMFkJmp30xcNavA4U4xws9thAAPB
EWPy7vmjcdhYcks9zYDnVp5l7qwW9TyVo++Db8cBUbkqvWdHQM2GAPBNMys2qhLr
KPoS8xoms7f/+azvJ14CPhjj+tBrgDTiRTIywGv4i8O4/zbMjKLg3xlBRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEapQkRi5/Fgov3XnMLy2NTB9zSdMB8GA1UdIwQY
MBaAFBjyfAwLNd3UK7iSwWhFpjsAJ6HHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BKOERBczEzZFFydUpMQmFFV21Pd0Fub2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zMmJmZTMtOTAxYy00Njg1LWJlMGEt
YWZhYzIwNGQ5OTBmLzEvUnFsQ1JHTG44V0NpX2RlY3d2TFkxTUgzTkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zMmJmZTMtOTAxYy00Njg1LWJlMGEtYWZhYzIwNGQ5OTBm
LzEvR1BKOERBczEzZFFydUpMQmFFV21Pd0Fub2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+AFJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCLWE8Imv2NPrJa60X0Cb2hwBOBLa3GAKZvu8hv
66m/Uf5qEB4XNtwrU1gkTlIHnjMGOHhhnUkUdhegRwpm9dlEyMFHuWOJwPTJUE1d
6iToBeUTLskliT7M6ZDXzW1C64thDsDWK46pkXEwl/okDju8/8w24vRHoDK9vkAw
9lcwpRBS73FsrkVowC6QEQeW6KpqCp6kRZiFdmg8xXuYzKVnBbYc1FxsuTmF7iZM
UXCCxX970wNogNN/d1jvNYsbWI6CwmAl6HOSPaznF7sZJz06TNeWgJOk/sNDmzAb
CayzocI7HEK+jjn6RRnpLvVuREoJlhKs6iDZ2y8T07Mp3yOw
-----END CERTIFICATE-----