This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/xZvTVsgAgTHbHn_16cZuYXn4mck.roa
File:                     xZvTVsgAgTHbHn_16cZuYXn4mck.roa (raw, json)
Hash identifier:          +oE3yDmB7hi9Ypi3E2o3IvseUAbSMG6NeT9277jObu8=
Subject key identifier:   C5:9B:D3:56:C8:00:81:31:DB:1E:7F:F5:E9:C6:6E:61:79:F8:99:C9
Certificate issuer:       /CN=3b7bc6472ea52575ce95bdca7826e9a51faace49
Certificate serial:       019B7C1285DBF5860550B4AC24C4957423B5
Authority key identifier: 3B:7B:C6:47:2E:A5:25:75:CE:95:BD:CA:78:26:E9:A5:1F:AA:CE:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O3vGRy6lJXXOlb3KeCbppR-qzkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/xZvTVsgAgTHbHn_16cZuYXn4mck.roa
Signing time:             Fri 02 Jan 2026 00:19:07 +0000
ROA not before:           Fri 02 Jan 2026 00:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:678:1020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/O3vGRy6lJXXOlb3KeCbppR-qzkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/O3vGRy6lJXXOlb3KeCbppR-qzkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O3vGRy6lJXXOlb3KeCbppR-qzkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 03:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:85:db:f5:86:05:50:b4:ac:24:c4:95:74:23:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b7bc6472ea52575ce95bdca7826e9a51faace49
        Validity
            Not Before: Jan  2 00:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c59bd356c8008131db1e7ff5e9c66e6179f899c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b4:a6:23:d6:e4:37:4e:5f:34:dd:1e:76:56:
                    d2:f4:60:62:91:1c:53:35:26:05:e2:81:87:8f:0f:
                    b8:13:df:72:6d:43:2d:bc:37:4d:44:9d:60:e5:ec:
                    ad:da:bb:ca:18:cc:a2:f4:03:60:a1:72:1c:92:2f:
                    32:4a:d0:1b:40:cf:ca:3d:cf:a8:d9:16:ef:13:56:
                    ec:66:b4:0e:15:ab:fc:22:06:f8:b9:e4:28:e4:46:
                    a7:f7:f8:4a:29:aa:d0:97:94:57:f4:6b:c2:73:99:
                    dd:2f:65:83:66:67:ba:45:aa:9e:5a:66:ff:f9:67:
                    b6:63:2b:cd:ca:d9:b8:e0:96:b9:32:ef:d5:66:f5:
                    eb:47:2b:c1:03:f1:af:ae:59:59:89:27:70:43:12:
                    d2:34:1c:11:e3:44:b8:41:cf:55:c9:dd:78:10:3d:
                    4f:51:f9:09:1d:fc:bf:e7:51:d7:9a:6a:b0:a3:3a:
                    fe:1d:15:64:b1:0b:90:ea:8a:2a:4f:34:88:f0:9a:
                    61:ea:c8:ac:d7:f1:ac:98:90:fa:06:d3:fa:47:97:
                    30:d8:c5:5b:2d:23:00:6c:9a:5a:d8:cd:8a:41:cc:
                    4d:09:1e:77:ca:b6:c1:20:1a:00:33:6d:b6:0c:9a:
                    65:e6:6a:00:9a:19:37:6c:d4:dd:c6:4c:7a:6a:b2:
                    b3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9B:D3:56:C8:00:81:31:DB:1E:7F:F5:E9:C6:6E:61:79:F8:99:C9
            X509v3 Authority Key Identifier:
                keyid:3B:7B:C6:47:2E:A5:25:75:CE:95:BD:CA:78:26:E9:A5:1F:AA:CE:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O3vGRy6lJXXOlb3KeCbppR-qzkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/xZvTVsgAgTHbHn_16cZuYXn4mck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/493d29-47a9-49eb-8080-9226b3ac4e9d/1/O3vGRy6lJXXOlb3KeCbppR-qzkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1020::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:00:10:30:c9:89:97:c5:92:67:2b:f4:34:41:82:ea:53:d8:
         71:22:75:06:07:fb:b5:d1:d1:fa:cd:cc:b2:01:84:3f:9c:bb:
         31:76:56:b5:37:b9:c0:b3:62:d7:f5:76:ee:b9:f1:bf:0f:d9:
         cd:ff:4b:5f:cc:9f:bf:de:26:f4:69:8f:1d:ba:66:6d:78:c1:
         2b:2f:ee:64:8a:d6:f0:b4:d6:29:f6:7c:fa:c4:51:df:b4:6b:
         5f:2d:b7:4c:af:19:a4:2b:6a:a6:dd:de:52:39:0f:a2:13:26:
         63:54:a2:fd:ce:b3:2a:09:37:ab:bb:49:ec:cf:a6:74:a3:9a:
         72:d7:ab:25:7c:f4:e9:78:8f:87:11:e7:3a:69:58:4b:bd:80:
         3a:07:39:7d:45:d0:40:5e:63:1e:18:f1:3c:f2:48:3d:c0:f3:
         44:cd:05:b0:9e:8e:89:eb:70:be:9b:c9:b4:12:9f:7c:12:d4:
         e7:d6:11:cc:46:25:ea:33:61:09:e1:3c:ee:ce:93:93:85:57:
         af:bd:c5:9a:83:39:02:7f:a8:ce:ad:3c:96:9a:21:5d:84:6b:
         f8:fb:e8:4d:ea:e3:a2:81:fa:01:44:5c:a7:12:14:3b:c5:59:
         e6:fb:e9:73:4f:21:66:3d:d5:76:d0:3f:7a:a1:a8:bb:24:bc:
         d2:23:be:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EoXb9YYFULSsJMSVdCO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiN2JjNjQ3MmVhNTI1NzVjZTk1YmRjYTc4MjZlOWE1MWZh
YWNlNDkwHhcNMjYwMTAyMDAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTliZDM1NmM4MDA4MTMxZGIxZTdmZjVlOWM2NmU2MTc5Zjg5OWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrSmI9bkN05fNN0edlbS9GBikRxT
NSYF4oGHjw+4E99ybUMtvDdNRJ1g5eyt2rvKGMyi9ANgoXIcki8yStAbQM/KPc+o
2RbvE1bsZrQOFav8Igb4ueQo5Ean9/hKKarQl5RX9GvCc5ndL2WDZme6RaqeWmb/
+We2YyvNytm44Ja5Mu/VZvXrRyvBA/GvrllZiSdwQxLSNBwR40S4Qc9Vyd14ED1P
UfkJHfy/51HXmmqwozr+HRVksQuQ6ooqTzSI8Jph6sis1/GsmJD6BtP6R5cw2MVb
LSMAbJpa2M2KQcxNCR53yrbBIBoAM222DJpl5moAmhk3bNTdxkx6arKzKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMWb01bIAIEx2x5/9enGbmF5+JnJMB8GA1UdIwQY
MBaAFDt7xkcupSV1zpW9yngm6aUfqs5JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzN2R1J5NmxKWFhPbGIzS2VDYnBwUi1xemtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80OTNkMjktNDdhOS00OWViLTgwODAt
OTIyNmIzYWM0ZTlkLzEveFp2VFZzZ0FnVEhiSG5fMTZjWnVZWG40bWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80OTNkMjktNDdhOS00OWViLTgwODAtOTIyNmIzYWM0ZTlk
LzEvTzN2R1J5NmxKWFhPbGIzS2VDYnBwUi1xemtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBAg
MA0GCSqGSIb3DQEBCwUAA4IBAQA/ABAwyYmXxZJnK/Q0QYLqU9hxInUGB/u10dH6
zcyyAYQ/nLsxdla1N7nAs2LX9XbuufG/D9nN/0tfzJ+/3ib0aY8dumZteMErL+5k
itbwtNYp9nz6xFHftGtfLbdMrxmkK2qm3d5SOQ+iEyZjVKL9zrMqCTeru0nsz6Z0
o5py16slfPTpeI+HEec6aVhLvYA6Bzl9RdBAXmMeGPE88kg9wPNEzQWwno6J63C+
m8m0Ep98EtTn1hHMRiXqM2EJ4TzuzpOThVevvcWagzkCf6jOrTyWmiFdhGv4++hN
6uOigfoBRFynEhQ7xVnm++lzTyFmPdV20D96oai7JLzSI74w
-----END CERTIFICATE-----