This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/WAiJPERlMEAh5qrgyMMcndKbs6c.roa
File:                     WAiJPERlMEAh5qrgyMMcndKbs6c.roa (raw, json)
Hash identifier:          zfIldmOVBvuxzGlnGLqlwDlsMvOVa6R4F1tNInZRtk4=
Subject key identifier:   58:08:89:3C:44:65:30:40:21:E6:AA:E0:C8:C3:1C:9D:D2:9B:B3:A7
Certificate issuer:       /CN=1c69c76338afc9085b8fbd669b8b74bd7a92d431
Certificate serial:       019B79ECA3C9B35E5817694A865BAB5D3EF5
Authority key identifier: 1C:69:C7:63:38:AF:C9:08:5B:8F:BD:66:9B:8B:74:BD:7A:92:D4:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HGnHYzivyQhbj71mm4t0vXqS1DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/WAiJPERlMEAh5qrgyMMcndKbs6c.roa
Signing time:             Thu 01 Jan 2026 14:18:30 +0000
ROA not before:           Thu 01 Jan 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212351
IP address blocks:        2001:678:eb0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/HGnHYzivyQhbj71mm4t0vXqS1DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/HGnHYzivyQhbj71mm4t0vXqS1DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HGnHYzivyQhbj71mm4t0vXqS1DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:a3:c9:b3:5e:58:17:69:4a:86:5b:ab:5d:3e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c69c76338afc9085b8fbd669b8b74bd7a92d431
        Validity
            Not Before: Jan  1 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5808893c4465304021e6aae0c8c31c9dd29bb3a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:d0:f8:8b:f2:75:b5:e4:20:9a:af:82:33:
                    f9:20:77:81:e3:36:a4:4c:aa:c9:62:a1:36:5b:6e:
                    17:a7:ec:dd:d7:21:b1:b1:87:cc:37:8b:4e:14:de:
                    7a:31:e3:08:28:a3:30:fe:de:d3:24:75:5e:52:04:
                    5a:b7:d2:4a:6e:b3:35:a3:09:90:43:49:b4:23:a9:
                    c2:2a:b3:fa:a5:b8:dc:56:60:58:af:fc:5d:5b:94:
                    eb:95:7a:8d:c1:ec:71:b8:e9:ec:f5:e2:dc:09:f4:
                    03:ac:f5:d4:cb:b7:e6:19:80:b6:d4:d0:54:f5:0d:
                    4b:41:41:a7:1a:1b:0a:81:61:65:d9:53:0d:d1:5e:
                    1d:23:c7:8d:e2:28:60:28:51:bc:7e:fc:a9:da:64:
                    1f:c1:15:b4:ae:5e:13:05:8a:0d:75:10:24:19:02:
                    39:c3:24:5c:70:45:fa:46:cb:31:4c:4c:8a:70:d9:
                    f1:5c:1d:d6:65:89:77:fa:f8:5f:40:d2:51:03:58:
                    be:42:04:ea:0e:84:8b:19:48:9d:ef:16:0f:bc:48:
                    75:69:4b:ee:eb:dc:30:14:6a:23:09:69:ff:77:a7:
                    d3:51:54:25:26:a2:3f:fa:35:93:b4:a2:2b:a3:2a:
                    89:ab:65:55:29:7a:36:34:7a:26:d9:52:ec:a6:b0:
                    25:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:08:89:3C:44:65:30:40:21:E6:AA:E0:C8:C3:1C:9D:D2:9B:B3:A7
            X509v3 Authority Key Identifier:
                keyid:1C:69:C7:63:38:AF:C9:08:5B:8F:BD:66:9B:8B:74:BD:7A:92:D4:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HGnHYzivyQhbj71mm4t0vXqS1DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/WAiJPERlMEAh5qrgyMMcndKbs6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/a2088b-a126-4ba6-871c-5759b427f4d1/1/HGnHYzivyQhbj71mm4t0vXqS1DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:eb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:2b:9c:a2:aa:6c:00:73:ad:67:03:94:07:fb:49:06:76:d3:
         54:81:68:c5:1a:51:d9:0c:67:92:2a:fd:c0:5f:34:e1:a5:87:
         d5:32:df:65:65:d6:81:78:e8:17:16:c0:9c:ef:1c:2b:5f:d0:
         bb:b1:80:be:fb:1e:d7:e6:c9:d5:33:4d:fb:0d:e1:f4:b0:12:
         9a:17:2d:a3:cb:e7:55:90:07:d7:15:f8:ea:39:14:0e:d8:0d:
         1e:3d:c1:67:a6:0b:c4:2d:de:bd:af:00:d6:b3:2c:32:dc:b7:
         eb:27:0d:fe:e9:a5:64:6d:6d:1f:4e:9d:36:88:06:3f:d3:ad:
         bb:fb:ed:4f:b2:6d:52:64:f6:ba:c6:fa:97:4f:dd:ee:3c:73:
         de:70:fd:1f:07:4c:17:6e:4c:df:2f:69:4b:a5:ce:e3:8b:13:
         a9:bd:c1:72:60:7d:62:ea:1f:55:97:81:7d:35:41:a8:43:6a:
         e9:0d:c4:67:b5:28:7d:6d:b9:4f:75:56:22:30:01:f9:20:56:
         81:ea:a9:d4:d7:30:80:17:82:ae:a1:2e:6e:9c:82:53:13:ba:
         c3:d9:37:4f:d4:30:f5:cb:4d:a3:d7:22:5c:d2:eb:de:7f:0b:
         1c:d7:40:3d:53:49:5f:a2:b2:f5:38:dc:d7:cb:51:f1:4f:eb:
         5e:c5:12:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57KPJs15YF2lKhlurXT71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNjljNzYzMzhhZmM5MDg1YjhmYmQ2NjliOGI3NGJkN2E5
MmQ0MzEwHhcNMjYwMTAxMTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODA4ODkzYzQ0NjUzMDQwMjFlNmFhZTBjOGMzMWM5ZGQyOWJiM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsPQ+IvydbXkIJqvgjP5IHeB4zak
TKrJYqE2W24Xp+zd1yGxsYfMN4tOFN56MeMIKKMw/t7TJHVeUgRat9JKbrM1owmQ
Q0m0I6nCKrP6pbjcVmBYr/xdW5TrlXqNwexxuOns9eLcCfQDrPXUy7fmGYC21NBU
9Q1LQUGnGhsKgWFl2VMN0V4dI8eN4ihgKFG8fvyp2mQfwRW0rl4TBYoNdRAkGQI5
wyRccEX6RssxTEyKcNnxXB3WZYl3+vhfQNJRA1i+QgTqDoSLGUid7xYPvEh1aUvu
69wwFGojCWn/d6fTUVQlJqI/+jWTtKIroyqJq2VVKXo2NHom2VLsprAl3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFgIiTxEZTBAIeaq4MjDHJ3Sm7OnMB8GA1UdIwQY
MBaAFBxpx2M4r8kIW4+9ZpuLdL16ktQxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEduSFl6aXZ5UWhiajcxbW00dDB2WHFTMURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9hMjA4OGItYTEyNi00YmE2LTg3MWMt
NTc1OWI0MjdmNGQxLzEvV0FpSlBFUmxNRUFoNXFyZ3lNTWNuZEticzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9hMjA4OGItYTEyNi00YmE2LTg3MWMtNTc1OWI0MjdmNGQx
LzEvSEduSFl6aXZ5UWhiajcxbW00dDB2WHFTMURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA6w
MA0GCSqGSIb3DQEBCwUAA4IBAQBzK5yiqmwAc61nA5QH+0kGdtNUgWjFGlHZDGeS
Kv3AXzThpYfVMt9lZdaBeOgXFsCc7xwrX9C7sYC++x7X5snVM037DeH0sBKaFy2j
y+dVkAfXFfjqORQO2A0ePcFnpgvELd69rwDWsywy3LfrJw3+6aVkbW0fTp02iAY/
0627++1Psm1SZPa6xvqXT93uPHPecP0fB0wXbkzfL2lLpc7jixOpvcFyYH1i6h9V
l4F9NUGoQ2rpDcRntSh9bblPdVYiMAH5IFaB6qnU1zCAF4KuoS5unIJTE7rD2TdP
1DD1y02j1yJc0uvefwsc10A9U0lforL1ONzXy1HxT+texRIb
-----END CERTIFICATE-----