This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/beStaP3U9BouVtR6HKL7Bht809g.roa
File:                     beStaP3U9BouVtR6HKL7Bht809g.roa (raw, json)
Hash identifier:          9C0Yz+gtWBKD86eXJ/yNK0jQEWAJqpkTW4DLxbpVN08=
Subject key identifier:   6D:E4:AD:68:FD:D4:F4:1A:2E:56:D4:7A:1C:A2:FB:06:1B:7C:D3:D8
Certificate issuer:       /CN=cd143690230a440a68b7a8aa98279f2f65dfee28
Certificate serial:       019B7F157399671A190E496ECB9FD318D070
Authority key identifier: CD:14:36:90:23:0A:44:0A:68:B7:A8:AA:98:27:9F:2F:65:DF:EE:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/beStaP3U9BouVtR6HKL7Bht809g.roa
Signing time:             Fri 02 Jan 2026 14:21:10 +0000
ROA not before:           Fri 02 Jan 2026 14:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        2001:678:d4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:73:99:67:1a:19:0e:49:6e:cb:9f:d3:18:d0:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd143690230a440a68b7a8aa98279f2f65dfee28
        Validity
            Not Before: Jan  2 14:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6de4ad68fdd4f41a2e56d47a1ca2fb061b7cd3d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e7:94:0c:59:d6:2b:d9:aa:c2:36:11:97:b2:
                    8b:95:9e:80:dd:5b:a2:86:a7:c9:ff:06:b5:11:98:
                    c4:da:fa:a7:3e:03:96:24:79:90:dc:20:2b:bb:73:
                    6d:cd:74:05:31:bc:73:64:10:40:de:1b:76:5f:ed:
                    30:68:3a:39:bf:94:08:ab:c5:24:56:7a:59:ee:41:
                    92:46:91:50:ea:60:2e:ff:5e:61:28:1c:a1:5a:57:
                    b1:67:20:05:f3:fb:21:0e:de:cc:37:4c:10:f2:98:
                    82:95:a5:fc:86:f8:dd:99:62:73:d3:2b:83:ba:0f:
                    13:cf:5d:49:07:1a:b0:2d:6f:7c:09:94:e9:ea:c5:
                    e8:6d:19:f5:a6:93:5c:da:0b:78:c7:2b:f7:d3:93:
                    4a:62:43:d7:36:ed:60:4f:39:dd:84:d4:a8:b6:79:
                    2a:a6:16:f0:fe:d5:ec:b4:2f:2f:3e:c5:30:a8:45:
                    3d:ac:43:61:ed:d6:ae:56:6c:13:19:ce:ce:c9:43:
                    5d:a8:02:44:88:10:6c:2e:7e:51:12:af:88:40:75:
                    be:18:97:a2:11:30:ea:b0:9b:68:58:69:c1:6c:18:
                    ba:2f:13:f8:ec:2a:9e:ab:f6:79:d4:05:32:c9:10:
                    23:f3:f2:85:95:7b:4c:85:36:44:96:0c:fd:7b:92:
                    51:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E4:AD:68:FD:D4:F4:1A:2E:56:D4:7A:1C:A2:FB:06:1B:7C:D3:D8
            X509v3 Authority Key Identifier:
                keyid:CD:14:36:90:23:0A:44:0A:68:B7:A8:AA:98:27:9F:2F:65:DF:EE:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/beStaP3U9BouVtR6HKL7Bht809g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:f3:42:1d:8a:98:1e:46:eb:dc:fc:e4:ff:81:5f:ef:cb:0f:
         4c:b5:2f:b3:03:49:54:ad:1a:c4:10:98:a2:8b:80:a9:0e:d2:
         78:20:05:eb:dc:95:90:0f:30:f3:24:96:7b:e0:99:ee:10:0b:
         27:20:4a:fb:8f:87:d0:82:05:f9:22:0a:00:af:5b:3d:fe:9d:
         98:56:89:a3:4d:d6:ac:27:f1:dc:e8:f4:6b:b0:ae:3c:3b:04:
         ea:89:fe:96:a5:b2:60:50:22:58:9f:6f:1a:f5:ef:49:8c:6e:
         5d:68:3f:93:82:a4:8d:c3:10:57:8b:9f:6d:ea:1c:74:c7:8a:
         ca:10:bb:a9:6f:01:a3:e7:8a:e6:c6:d9:f5:87:46:9c:6f:2e:
         fb:57:4a:20:97:df:80:b2:19:a8:59:4e:2e:85:6d:2d:84:21:
         6a:ba:42:fa:03:6d:04:1c:5a:c2:57:90:f8:14:20:f4:80:8e:
         ff:b1:95:be:cb:2a:a2:c2:59:45:76:be:14:e7:cf:c3:60:79:
         15:c5:9c:7a:ae:07:b3:57:fd:71:7c:22:13:74:06:7a:ea:89:
         72:04:ee:99:a5:17:8c:df:28:52:a3:02:86:9e:2f:fa:1a:a4:
         da:94:45:37:44:fc:f9:dc:a5:34:54:a5:1f:7e:55:7f:52:0b:
         80:6c:ce:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FXOZZxoZDkluy5/TGNBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTQzNjkwMjMwYTQ0MGE2OGI3YThhYTk4Mjc5ZjJmNjVk
ZmVlMjgwHhcNMjYwMTAyMTQyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGU0YWQ2OGZkZDRmNDFhMmU1NmQ0N2ExY2EyZmIwNjFiN2NkM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOeUDFnWK9mqwjYRl7KLlZ6A3Vui
hqfJ/wa1EZjE2vqnPgOWJHmQ3CAru3NtzXQFMbxzZBBA3ht2X+0waDo5v5QIq8Uk
VnpZ7kGSRpFQ6mAu/15hKByhWlexZyAF8/shDt7MN0wQ8piClaX8hvjdmWJz0yuD
ug8Tz11JBxqwLW98CZTp6sXobRn1ppNc2gt4xyv305NKYkPXNu1gTzndhNSotnkq
phbw/tXstC8vPsUwqEU9rENh7dauVmwTGc7OyUNdqAJEiBBsLn5REq+IQHW+GJei
ETDqsJtoWGnBbBi6LxP47Cqeq/Z51AUyyRAj8/KFlXtMhTZElgz9e5JRswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG3krWj91PQaLlbUehyi+wYbfNPYMB8GA1UdIwQY
MBaAFM0UNpAjCkQKaLeoqpgnny9l3+4oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJRMmtDTUtSQXBvdDZpcW1DZWZMMlhmN2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8wOTQ1NmUtYTcxYy00M2IzLWJkNDAt
OGVlM2Q5OGNhZDViLzEvYmVTdGFQM1U5Qm91VnRSNkhLTDdCaHQ4MDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8wOTQ1NmUtYTcxYy00M2IzLWJkNDAtOGVlM2Q5OGNhZDVi
LzEvelJRMmtDTUtSQXBvdDZpcW1DZWZMMlhmN2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA1M
MA0GCSqGSIb3DQEBCwUAA4IBAQBF80IdipgeRuvc/OT/gV/vyw9MtS+zA0lUrRrE
EJiii4CpDtJ4IAXr3JWQDzDzJJZ74JnuEAsnIEr7j4fQggX5IgoAr1s9/p2YVomj
TdasJ/Hc6PRrsK48OwTqif6WpbJgUCJYn28a9e9JjG5daD+TgqSNwxBXi59t6hx0
x4rKELupbwGj54rmxtn1h0acby77V0ogl9+AshmoWU4uhW0thCFqukL6A20EHFrC
V5D4FCD0gI7/sZW+yyqiwllFdr4U58/DYHkVxZx6rgezV/1xfCITdAZ66olyBO6Z
pReM3yhSowKGni/6GqTalEU3RPz53KU0VKUfflV/UguAbM5D
-----END CERTIFICATE-----