This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/fxg-toqpHRaP4ghSh5xl_zw2dIs.roa
File:                     fxg-toqpHRaP4ghSh5xl_zw2dIs.roa (raw, json)
Hash identifier:          csJ927dQ/OGFVXUR29yJ4G8BgtCcMI++AUL4mpClHs4=
Subject key identifier:   7F:18:3E:B6:8A:A9:1D:16:8F:E2:08:52:87:9C:65:FF:3C:36:74:8B
Certificate issuer:       /CN=4f49fe0746351c87c3418acd3986e7628c458767
Certificate serial:       019B7AC7A4F187E1898066229FBA03AC3CBA
Authority key identifier: 4F:49:FE:07:46:35:1C:87:C3:41:8A:CD:39:86:E7:62:8C:45:87:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/fxg-toqpHRaP4ghSh5xl_zw2dIs.roa
Signing time:             Thu 01 Jan 2026 18:17:42 +0000
ROA not before:           Thu 01 Jan 2026 18:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207126
IP address blocks:        2001:678:10a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:a4:f1:87:e1:89:80:66:22:9f:ba:03:ac:3c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f49fe0746351c87c3418acd3986e7628c458767
        Validity
            Not Before: Jan  1 18:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f183eb68aa91d168fe20852879c65ff3c36748b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9e:6e:b8:aa:5e:d8:be:3e:29:9e:09:67:70:
                    1f:f1:e9:56:f6:9b:a3:91:49:a3:ed:08:22:c1:26:
                    9d:86:ee:e9:18:a5:b7:82:26:50:33:13:2c:d2:14:
                    1e:88:b2:1b:fa:7a:ef:9b:69:3b:87:e3:69:7b:74:
                    15:13:33:20:c1:7f:a7:60:2a:a7:d3:15:16:93:84:
                    5f:ff:47:2c:e6:bb:08:af:4b:8d:3a:f6:a8:64:4e:
                    95:0b:21:ba:ba:b8:ac:a0:4f:f8:4e:18:6e:35:44:
                    ce:83:56:9b:a5:84:3e:e7:dc:36:30:18:91:b1:33:
                    5b:0c:14:0c:e8:3e:0f:db:e2:d1:42:df:ad:62:20:
                    54:4d:49:f9:f3:1f:7e:7c:50:ae:8f:d5:b4:e9:15:
                    8f:eb:29:2f:77:0f:22:04:fe:9d:74:88:8a:06:11:
                    38:4a:b0:48:83:0c:1f:cf:05:1e:34:2b:b5:41:6f:
                    08:0f:ea:cd:07:a6:7e:cb:b9:e3:f3:70:be:a6:bb:
                    35:5a:12:6d:e3:77:63:70:4d:e2:30:3a:1d:d4:7d:
                    55:22:bd:b9:25:1c:f4:e8:3f:94:35:f4:f0:e2:d2:
                    65:54:83:38:fd:f9:52:c6:62:be:0e:16:f2:2f:9f:
                    02:4f:c1:29:41:b7:1a:7d:3f:db:3f:c5:23:56:19:
                    e8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:18:3E:B6:8A:A9:1D:16:8F:E2:08:52:87:9C:65:FF:3C:36:74:8B
            X509v3 Authority Key Identifier:
                keyid:4F:49:FE:07:46:35:1C:87:C3:41:8A:CD:39:86:E7:62:8C:45:87:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/fxg-toqpHRaP4ghSh5xl_zw2dIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/20e95b-af0c-4796-abe2-e7cc87023961/1/T0n-B0Y1HIfDQYrNOYbnYoxFh2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:3b:5b:73:4a:0d:ef:24:cd:60:29:5b:e9:1f:19:c0:5b:47:
         e4:cf:33:1c:38:ac:96:bb:ad:ab:b0:4b:1a:a5:8e:a5:a1:7b:
         14:25:1e:2b:e8:7c:59:4a:d0:61:2f:e4:c2:c0:23:78:60:fa:
         e0:86:f3:57:f2:b5:4c:30:68:3e:3d:bc:7b:04:6d:43:a9:72:
         c4:18:6f:6a:c3:26:04:88:99:de:c9:f1:ae:cc:02:f2:c8:c9:
         08:4a:2e:a2:a3:e4:32:11:72:5d:ce:71:fc:58:91:9e:11:ff:
         38:f2:ab:d8:8b:2b:90:d3:16:05:d9:21:d4:ca:47:72:76:86:
         e4:39:08:6e:e6:0f:43:6e:11:48:53:78:e4:c2:0e:76:e0:a5:
         d0:31:4a:2e:c7:58:de:18:44:9a:83:9d:3c:c3:ba:45:a2:13:
         80:b0:27:ba:fd:71:ca:88:a9:f2:b6:4c:45:10:91:db:00:12:
         64:21:f8:67:6d:73:c1:7c:e0:86:d1:ef:69:f8:c4:09:b0:35:
         b6:ba:83:05:6a:93:eb:a7:a2:02:5c:77:08:a5:3e:48:ae:88:
         2d:90:09:c5:9e:db:26:9b:c7:83:34:3d:91:39:a8:44:31:77:
         bb:c0:33:bb:e1:33:2d:7a:c3:40:6f:79:37:a7:e7:21:d9:12:
         b4:8e:90:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6x6Txh+GJgGYin7oDrDy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDlmZTA3NDYzNTFjODdjMzQxOGFjZDM5ODZlNzYyOGM0
NTg3NjcwHhcNMjYwMTAxMTgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjE4M2ViNjhhYTkxZDE2OGZlMjA4NTI4NzljNjVmZjNjMzY3NDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv55uuKpe2L4+KZ4JZ3Af8elW9puj
kUmj7QgiwSadhu7pGKW3giZQMxMs0hQeiLIb+nrvm2k7h+Npe3QVEzMgwX+nYCqn
0xUWk4Rf/0cs5rsIr0uNOvaoZE6VCyG6urisoE/4ThhuNUTOg1abpYQ+59w2MBiR
sTNbDBQM6D4P2+LRQt+tYiBUTUn58x9+fFCuj9W06RWP6ykvdw8iBP6ddIiKBhE4
SrBIgwwfzwUeNCu1QW8ID+rNB6Z+y7nj83C+prs1WhJt43djcE3iMDod1H1VIr25
JRz06D+UNfTw4tJlVIM4/flSxmK+DhbyL58CT8EpQbcafT/bP8UjVhnocwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH8YPraKqR0Wj+IIUoecZf88NnSLMB8GA1UdIwQY
MBaAFE9J/gdGNRyHw0GKzTmG52KMRYdnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBuLUIwWTFISWZEUVlyTk9ZYm5Zb3hGaDJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yMGU5NWItYWYwYy00Nzk2LWFiZTIt
ZTdjYzg3MDIzOTYxLzEvZnhnLXRvcXBIUmFQNGdoU2g1eGxfencyZElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yMGU5NWItYWYwYy00Nzk2LWFiZTItZTdjYzg3MDIzOTYx
LzEvVDBuLUIwWTFISWZEUVlyTk9ZYm5Zb3hGaDJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBCo
MA0GCSqGSIb3DQEBCwUAA4IBAQByO1tzSg3vJM1gKVvpHxnAW0fkzzMcOKyWu62r
sEsapY6loXsUJR4r6HxZStBhL+TCwCN4YPrghvNX8rVMMGg+Pbx7BG1DqXLEGG9q
wyYEiJneyfGuzALyyMkISi6io+QyEXJdznH8WJGeEf848qvYiyuQ0xYF2SHUykdy
dobkOQhu5g9DbhFIU3jkwg524KXQMUoux1jeGESag508w7pFohOAsCe6/XHKiKny
tkxFEJHbABJkIfhnbXPBfOCG0e9p+MQJsDW2uoMFapPrp6ICXHcIpT5IrogtkAnF
ntsmm8eDND2ROahEMXe7wDO74TMtesNAb3k3p+ch2RK0jpDJ
-----END CERTIFICATE-----