This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/eB9ojJLa3oWBFrlNK0k4b9Cie5I.roa
File:                     eB9ojJLa3oWBFrlNK0k4b9Cie5I.roa (raw, json)
Hash identifier:          ztnCVdjoCnesK+ihroQfAdypwMeqhVL1q+oU4stV8zI=
Subject key identifier:   78:1F:68:8C:92:DA:DE:85:81:16:B9:4D:2B:49:38:6F:D0:A2:7B:92
Certificate issuer:       /CN=a19c643946a059397355420d73bc45f14da2a76b
Certificate serial:       019B791139C078EBBC7BE5C6BA8EB3D28DF1
Authority key identifier: A1:9C:64:39:46:A0:59:39:73:55:42:0D:73:BC:45:F1:4D:A2:A7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/eB9ojJLa3oWBFrlNK0k4b9Cie5I.roa
Signing time:             Thu 01 Jan 2026 10:18:50 +0000
ROA not before:           Thu 01 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213364
IP address blocks:        2001:678:d14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:39:c0:78:eb:bc:7b:e5:c6:ba:8e:b3:d2:8d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19c643946a059397355420d73bc45f14da2a76b
        Validity
            Not Before: Jan  1 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=781f688c92dade858116b94d2b49386fd0a27b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fa:e8:85:5e:2b:a6:9e:f2:b9:cc:6f:1e:ee:
                    d9:ce:42:59:5f:19:cb:b4:98:9d:f7:d4:75:d8:37:
                    60:e2:95:b9:0b:12:fa:e6:77:f8:82:23:15:48:90:
                    57:e9:62:4b:8b:96:84:fd:77:ef:69:0d:8a:10:a9:
                    b6:16:33:9d:0a:61:da:88:12:a6:18:d0:5e:42:9c:
                    ec:00:13:d3:5b:66:91:9d:c5:9a:ae:8c:b3:56:a8:
                    fa:87:8a:42:d2:0d:a1:9a:36:13:62:81:81:48:33:
                    a7:84:0f:1e:7d:1c:0f:c0:e4:d8:e1:ae:0e:dd:fb:
                    b1:6a:a4:e6:d0:4a:6c:84:26:89:65:cd:5f:e8:6b:
                    a3:7b:ca:3e:bf:a6:4d:12:1d:b9:11:8b:ac:b1:3f:
                    1d:b0:80:7c:e7:d7:59:6e:22:b9:36:29:0e:e5:fd:
                    39:66:d0:c6:1e:af:26:25:cc:42:e9:09:38:91:41:
                    b6:37:c6:7c:99:0a:2e:e8:5e:69:59:4d:c5:a3:85:
                    70:dc:ff:9c:74:c1:8c:d7:1a:82:c2:41:43:0a:07:
                    f1:17:c9:5e:69:31:d6:a8:89:53:70:49:5c:25:50:
                    c2:ae:cd:24:31:0e:74:69:9f:df:4b:be:58:f5:28:
                    c3:09:44:aa:84:e8:4c:8f:6e:31:9c:19:8b:ac:e9:
                    05:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1F:68:8C:92:DA:DE:85:81:16:B9:4D:2B:49:38:6F:D0:A2:7B:92
            X509v3 Authority Key Identifier:
                keyid:A1:9C:64:39:46:A0:59:39:73:55:42:0D:73:BC:45:F1:4D:A2:A7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZxkOUagWTlzVUINc7xF8U2ip2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/eB9ojJLa3oWBFrlNK0k4b9Cie5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/eeeb85-29d4-46bb-b3f6-ac3b6a4567ba/1/oZxkOUagWTlzVUINc7xF8U2ip2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d14::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:76:0c:4f:fc:31:dc:b3:32:c4:3b:f7:b3:fb:19:62:a8:b5:
         a1:8d:b5:ad:bb:cc:46:92:4d:c5:59:cb:45:6d:94:8d:b3:d1:
         32:16:77:d9:d2:8d:e5:88:00:41:44:30:5f:10:a5:a9:bc:b8:
         e2:8e:13:b7:b1:8c:86:29:a1:4d:81:82:fe:bd:69:12:74:50:
         46:05:04:1c:40:a4:d3:d9:58:58:2c:90:41:9f:d2:f1:a1:6f:
         68:2c:99:e5:02:7e:be:46:e8:86:89:ae:c1:76:bd:f7:36:c1:
         2b:23:8c:83:75:4b:6c:e2:11:55:4e:d3:41:64:57:55:9e:4c:
         63:b9:16:95:ed:d0:1f:da:33:1d:24:dc:5e:63:d1:5e:52:fe:
         4e:1d:e8:09:86:dd:ff:81:80:49:9c:6e:82:78:bf:99:bc:af:
         5f:26:1f:00:5c:f1:43:f4:68:17:26:6a:ea:e7:2a:9d:e5:5c:
         d7:82:81:55:e3:a4:78:bd:6a:f2:1c:f2:2b:62:31:de:52:41:
         df:6b:5c:cd:87:b6:4b:82:ac:a1:af:f5:75:ec:e3:b5:72:56:
         6c:68:4c:a0:2a:eb:b7:38:cc:c0:34:44:3d:54:ce:f4:3b:8f:
         5b:82:c9:74:1d:0e:e0:0a:90:2d:0b:14:a2:1f:c6:3c:cd:f0:
         31:50:fa:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5ETnAeOu8e+XGuo6z0o3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWM2NDM5NDZhMDU5Mzk3MzU1NDIwZDczYmM0NWYxNGRh
MmE3NmIwHhcNMjYwMTAxMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFmNjg4YzkyZGFkZTg1ODExNmI5NGQyYjQ5Mzg2ZmQwYTI3YjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfrohV4rpp7yucxvHu7ZzkJZXxnL
tJid99R12Ddg4pW5CxL65nf4giMVSJBX6WJLi5aE/XfvaQ2KEKm2FjOdCmHaiBKm
GNBeQpzsABPTW2aRncWaroyzVqj6h4pC0g2hmjYTYoGBSDOnhA8efRwPwOTY4a4O
3fuxaqTm0EpshCaJZc1f6Guje8o+v6ZNEh25EYussT8dsIB859dZbiK5NikO5f05
ZtDGHq8mJcxC6Qk4kUG2N8Z8mQou6F5pWU3Fo4Vw3P+cdMGM1xqCwkFDCgfxF8le
aTHWqIlTcElcJVDCrs0kMQ50aZ/fS75Y9SjDCUSqhOhMj24xnBmLrOkFWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHgfaIyS2t6FgRa5TStJOG/QonuSMB8GA1UdIwQY
MBaAFKGcZDlGoFk5c1VCDXO8RfFNoqdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1p4a09VYWdXVGx6VlVJTmM3eEY4VTJpcDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lZWViODUtMjlkNC00NmJiLWIzZjYt
YWMzYjZhNDU2N2JhLzEvZUI5b2pKTGEzb1dCRnJsTkswazRiOUNpZTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lZWViODUtMjlkNC00NmJiLWIzZjYtYWMzYjZhNDU2N2Jh
LzEvb1p4a09VYWdXVGx6VlVJTmM3eEY4VTJpcDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0U
MA0GCSqGSIb3DQEBCwUAA4IBAQAtdgxP/DHcszLEO/ez+xliqLWhjbWtu8xGkk3F
WctFbZSNs9EyFnfZ0o3liABBRDBfEKWpvLjijhO3sYyGKaFNgYL+vWkSdFBGBQQc
QKTT2VhYLJBBn9LxoW9oLJnlAn6+RuiGia7Bdr33NsErI4yDdUts4hFVTtNBZFdV
nkxjuRaV7dAf2jMdJNxeY9FeUv5OHegJht3/gYBJnG6CeL+ZvK9fJh8AXPFD9GgX
Jmrq5yqd5VzXgoFV46R4vWryHPIrYjHeUkHfa1zNh7ZLgqyhr/V17OO1clZsaEyg
Kuu3OMzANEQ9VM70O49bgsl0HQ7gCpAtCxSiH8Y8zfAxUPpE
-----END CERTIFICATE-----