This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Ync302nWoIDxqRaEpHli5zPb-l0.roa
File:                     Ync302nWoIDxqRaEpHli5zPb-l0.roa (raw, json)
Hash identifier:          CuUUdJvVMWZ1G3401/kid+n0FU2EaOY59WBjrBRwy1o=
Subject key identifier:   62:77:37:D3:69:D6:A0:80:F1:A9:16:84:A4:79:62:E7:33:DB:FA:5D
Certificate issuer:       /CN=0efd1cad121902755089e3ca80ba6d7ccc4b9b71
Certificate serial:       019B7C7FA88A4E11BD289CDC912FF1F3FEAA
Authority key identifier: 0E:FD:1C:AD:12:19:02:75:50:89:E3:CA:80:BA:6D:7C:CC:4B:9B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dv0crRIZAnVQiePKgLptfMxLm3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Ync302nWoIDxqRaEpHli5zPb-l0.roa
Signing time:             Fri 02 Jan 2026 02:18:19 +0000
ROA not before:           Fri 02 Jan 2026 02:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212488
IP address blocks:        2001:67c:3f8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Dv0crRIZAnVQiePKgLptfMxLm3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Dv0crRIZAnVQiePKgLptfMxLm3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dv0crRIZAnVQiePKgLptfMxLm3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:a8:8a:4e:11:bd:28:9c:dc:91:2f:f1:f3:fe:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0efd1cad121902755089e3ca80ba6d7ccc4b9b71
        Validity
            Not Before: Jan  2 02:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=627737d369d6a080f1a91684a47962e733dbfa5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7c:5e:1c:8a:8c:61:2e:7d:87:67:61:24:fe:
                    f4:16:0b:5c:f6:4c:d2:ca:72:35:41:c3:44:24:84:
                    4f:b6:10:a5:2e:39:2e:c7:da:f3:5f:de:07:42:84:
                    66:e7:51:34:13:19:71:b7:b1:37:e5:c4:ba:7b:a9:
                    98:13:7e:26:f1:52:1d:4a:2e:71:7c:4a:c8:9a:fe:
                    5a:1d:c0:75:3d:5d:2b:1d:cf:dc:0f:1e:e9:5b:fe:
                    59:74:10:60:23:83:1b:d4:6c:fc:e6:3d:82:fd:fa:
                    d1:7e:be:78:26:06:dc:31:b5:f2:b7:f1:16:98:e0:
                    d5:13:61:4f:b1:3e:d6:bf:ad:8d:fc:85:b6:41:84:
                    c9:4a:7d:36:c9:eb:82:8f:a4:04:47:e5:a4:33:e3:
                    76:c6:4d:1c:a3:7a:e1:ea:f3:0f:10:57:fb:f7:85:
                    93:bb:2d:32:98:8b:96:a6:cf:55:d3:68:ea:58:3d:
                    2e:a9:7b:30:39:0e:a9:be:1c:70:c7:1f:1c:44:48:
                    b3:ab:00:9f:15:58:b7:24:86:ac:62:ce:6a:6a:20:
                    c1:ac:1d:26:f2:4a:93:51:55:3b:b8:7a:cc:66:7a:
                    13:8b:61:4f:42:39:19:80:26:25:50:d6:ae:0d:8f:
                    d8:63:7d:14:72:53:ec:be:d5:8d:2e:36:2c:f0:32:
                    77:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:77:37:D3:69:D6:A0:80:F1:A9:16:84:A4:79:62:E7:33:DB:FA:5D
            X509v3 Authority Key Identifier:
                keyid:0E:FD:1C:AD:12:19:02:75:50:89:E3:CA:80:BA:6D:7C:CC:4B:9B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dv0crRIZAnVQiePKgLptfMxLm3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Ync302nWoIDxqRaEpHli5zPb-l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Dv0crRIZAnVQiePKgLptfMxLm3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:3f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:76:f3:32:99:56:d5:76:0e:7b:76:e2:bc:5e:76:25:85:84:
         73:d0:fa:de:67:df:a2:12:44:2e:f2:dc:e3:c0:cc:96:32:fa:
         49:e4:c5:aa:fe:9a:4e:4c:a0:92:cd:84:26:41:7b:e1:16:be:
         78:e7:20:37:05:c5:04:0b:dd:fd:cb:62:be:ab:09:b3:8e:c3:
         01:7a:0c:29:9a:b3:db:ef:eb:c4:5a:e0:12:56:ae:90:52:60:
         9f:a5:eb:1b:9d:6a:97:0f:fc:f0:0e:d8:93:33:94:2e:4c:a8:
         29:cf:53:a2:52:44:29:a9:68:18:df:05:2a:48:cc:a5:0f:e9:
         8a:69:ab:6b:a2:c4:ec:7c:f6:1a:4b:40:d2:6e:e0:cc:56:75:
         72:fe:d7:94:12:5d:1b:83:5a:b2:f2:16:d9:f0:11:83:66:c3:
         87:9d:56:de:78:b6:1e:27:21:ef:b4:60:9a:3e:e0:31:a9:68:
         c1:70:87:43:27:8b:c9:56:76:a0:8e:52:33:b2:df:60:49:fd:
         ca:5c:7f:4e:d8:6b:56:4b:48:bb:55:67:d8:5b:cd:35:30:59:
         5e:91:00:1f:15:08:5e:38:d3:f7:aa:8c:27:d1:29:43:ef:bd:
         fb:51:30:bb:81:06:db:d5:f9:97:6f:53:35:f8:36:fe:4a:d8:
         6d:ac:16:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8f6iKThG9KJzckS/x8/6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZmQxY2FkMTIxOTAyNzU1MDg5ZTNjYTgwYmE2ZDdjY2M0
YjliNzEwHhcNMjYwMTAyMDIxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjc3MzdkMzY5ZDZhMDgwZjFhOTE2ODRhNDc5NjJlNzMzZGJmYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3xeHIqMYS59h2dhJP70Fgtc9kzS
ynI1QcNEJIRPthClLjkux9rzX94HQoRm51E0Exlxt7E35cS6e6mYE34m8VIdSi5x
fErImv5aHcB1PV0rHc/cDx7pW/5ZdBBgI4Mb1Gz85j2C/frRfr54JgbcMbXyt/EW
mODVE2FPsT7Wv62N/IW2QYTJSn02yeuCj6QER+WkM+N2xk0co3rh6vMPEFf794WT
uy0ymIuWps9V02jqWD0uqXswOQ6pvhxwxx8cREizqwCfFVi3JIasYs5qaiDBrB0m
8kqTUVU7uHrMZnoTi2FPQjkZgCYlUNauDY/YY30UclPsvtWNLjYs8DJ3CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGJ3N9Np1qCA8akWhKR5Yucz2/pdMB8GA1UdIwQY
MBaAFA79HK0SGQJ1UInjyoC6bXzMS5txMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHYwY3JSSVpBblZRaWVQS2dMcHRmTXhMbTNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9kZjk5ZDMtNTAyOC00MzYxLWI3OTUt
M2FmNGE5NDYzYjc3LzEvWW5jMzAybldvSUR4cVJhRXBIbGk1elBiLWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9kZjk5ZDMtNTAyOC00MzYxLWI3OTUtM2FmNGE5NDYzYjc3
LzEvRHYwY3JSSVpBblZRaWVQS2dMcHRmTXhMbTNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAP4
MA0GCSqGSIb3DQEBCwUAA4IBAQCTdvMymVbVdg57duK8XnYlhYRz0PreZ9+iEkQu
8tzjwMyWMvpJ5MWq/ppOTKCSzYQmQXvhFr545yA3BcUEC939y2K+qwmzjsMBegwp
mrPb7+vEWuASVq6QUmCfpesbnWqXD/zwDtiTM5QuTKgpz1OiUkQpqWgY3wUqSMyl
D+mKaatrosTsfPYaS0DSbuDMVnVy/teUEl0bg1qy8hbZ8BGDZsOHnVbeeLYeJyHv
tGCaPuAxqWjBcIdDJ4vJVnagjlIzst9gSf3KXH9O2GtWS0i7VWfYW801MFlekQAf
FQheONP3qown0SlD7737UTC7gQbb1fmXb1M1+Db+SthtrBam
-----END CERTIFICATE-----