This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/d-z4l-p8ZBdLBWQNdDCtt_xfGis.roa
File:                     d-z4l-p8ZBdLBWQNdDCtt_xfGis.roa (raw, json)
Hash identifier:          boqcFFSeHYzaC/MB48/wEx7gSAv6anNVR2wLBXtwZcc=
Subject key identifier:   77:EC:F8:97:EA:7C:64:17:4B:05:64:0D:74:30:AD:B7:FC:5F:1A:2B
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       019B7DC970A89E0938953C1F4F6A3DB3A5D0
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/d-z4l-p8ZBdLBWQNdDCtt_xfGis.roa
Signing time:             Fri 02 Jan 2026 08:18:32 +0000
ROA not before:           Fri 02 Jan 2026 08:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        2a05:541:127::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 02:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:70:a8:9e:09:38:95:3c:1f:4f:6a:3d:b3:a5:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jan  2 08:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77ecf897ea7c64174b05640d7430adb7fc5f1a2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cf:ca:9e:4e:06:81:09:f1:38:b9:d0:57:82:
                    df:21:eb:67:72:7f:45:3a:08:d7:18:72:a6:a6:77:
                    de:66:36:7c:7d:83:7c:55:18:91:f1:37:82:2c:b8:
                    8f:56:65:94:67:12:bd:37:3d:1d:f1:89:1d:42:98:
                    db:47:72:48:2d:e6:e3:36:46:ec:94:5e:20:48:9c:
                    1e:9b:eb:c3:1c:e1:b1:68:6f:fb:85:bc:ac:77:85:
                    02:bd:db:a3:8d:73:89:58:93:db:06:dc:53:ca:cc:
                    54:19:0d:60:f0:42:e3:82:23:76:e8:96:0c:90:1c:
                    02:6d:6f:68:f7:d7:6e:25:6c:af:1e:fa:f1:99:30:
                    b0:50:8d:38:6e:a8:59:f1:5a:61:f7:a4:1a:57:e8:
                    34:77:63:c4:09:0c:a0:06:2b:eb:07:32:13:cf:89:
                    3d:3d:7c:eb:72:6a:86:b9:07:c3:51:36:d6:e6:27:
                    4d:cf:68:84:d0:0e:b5:6a:53:db:11:e1:b8:63:fc:
                    b4:3e:0f:6e:49:cd:da:ba:e2:34:82:69:b9:c9:88:
                    22:ad:34:99:3a:2b:66:fc:29:67:d4:c6:35:13:aa:
                    c2:34:f4:23:5b:4c:df:0a:bc:da:c5:37:42:95:85:
                    35:cb:5e:34:4e:bf:fc:09:97:0a:cf:f9:d5:84:ef:
                    b6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:EC:F8:97:EA:7C:64:17:4B:05:64:0D:74:30:AD:B7:FC:5F:1A:2B
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/d-z4l-p8ZBdLBWQNdDCtt_xfGis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:127::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:9f:20:30:7f:ea:6f:b7:b0:b3:1f:49:71:5f:19:da:22:89:
         7f:f8:10:37:ca:33:d2:18:7f:0f:e9:3f:58:61:50:0b:29:67:
         04:02:12:f4:80:b4:24:17:44:cf:12:cc:d1:a7:88:37:f3:9f:
         bb:3e:34:d5:8f:35:81:8c:e8:9c:4d:dc:d7:b6:04:e0:f5:d3:
         d7:5d:19:64:1f:08:ce:60:fa:0a:c0:80:f4:c0:25:86:78:26:
         dc:06:c4:5e:2d:bf:e4:80:1d:9c:08:4b:8e:94:4a:ec:b4:df:
         85:2a:19:4d:39:73:30:a0:a5:59:85:e7:b4:0b:b4:16:d6:e9:
         d8:9f:96:67:b0:69:ff:25:bd:40:c5:1a:9f:b0:94:29:57:94:
         55:f7:ed:5f:8e:b6:1a:73:d4:21:fc:2d:37:75:74:77:26:5f:
         6f:2d:61:70:13:be:e1:58:a6:7f:48:0f:4e:4d:14:46:d9:10:
         84:2f:63:58:86:b9:0b:ea:c9:4f:34:07:58:67:8b:f8:03:ee:
         a5:c8:ed:9b:79:e0:0c:6c:0e:85:58:09:3e:32:48:79:92:86:
         5b:2b:d6:46:b5:b8:fb:ed:3e:0c:9f:b7:9f:4d:44:47:d8:24:
         f4:45:cd:5a:55:d6:b5:c8:cf:2a:f3:0f:4a:6b:64:a2:9b:31:
         e0:aa:a5:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9yXCongk4lTwfT2o9s6XQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjYwMTAyMDgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VjZjg5N2VhN2M2NDE3NGIwNTY0MGQ3NDMwYWRiN2ZjNWYxYTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6s/Knk4GgQnxOLnQV4LfIetncn9F
OgjXGHKmpnfeZjZ8fYN8VRiR8TeCLLiPVmWUZxK9Nz0d8YkdQpjbR3JILebjNkbs
lF4gSJwem+vDHOGxaG/7hbysd4UCvdujjXOJWJPbBtxTysxUGQ1g8ELjgiN26JYM
kBwCbW9o99duJWyvHvrxmTCwUI04bqhZ8Vph96QaV+g0d2PECQygBivrBzITz4k9
PXzrcmqGuQfDUTbW5idNz2iE0A61alPbEeG4Y/y0Pg9uSc3auuI0gmm5yYgirTSZ
Oitm/Cln1MY1E6rCNPQjW0zfCrzaxTdClYU1y140Tr/8CZcKz/nVhO+2zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHfs+JfqfGQXSwVkDXQwrbf8XxorMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvZC16NGwtcDhaQmRMQldRTmREQ3R0X3hmR2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUFQQEn
MA0GCSqGSIb3DQEBCwUAA4IBAQAqnyAwf+pvt7CzH0lxXxnaIol/+BA3yjPSGH8P
6T9YYVALKWcEAhL0gLQkF0TPEszRp4g385+7PjTVjzWBjOicTdzXtgTg9dPXXRlk
HwjOYPoKwID0wCWGeCbcBsReLb/kgB2cCEuOlErstN+FKhlNOXMwoKVZhee0C7QW
1unYn5ZnsGn/Jb1AxRqfsJQpV5RV9+1fjrYac9Qh/C03dXR3Jl9vLWFwE77hWKZ/
SA9OTRRG2RCEL2NYhrkL6slPNAdYZ4v4A+6lyO2beeAMbA6FWAk+Mkh5koZbK9ZG
tbj77T4Mn7efTURH2CT0Rc1aVda1yM8q8w9Ka2SimzHgqqWa
-----END CERTIFICATE-----