This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/lL_8oe9yDIiLRfrdt08QXqwSDgI.roa
File:                     lL_8oe9yDIiLRfrdt08QXqwSDgI.roa (raw, json)
Hash identifier:          mGmiDsommMvkvURrhIoo2stvYxOoFvSbhP9bGr4bphU=
Subject key identifier:   94:BF:FC:A1:EF:72:0C:88:8B:45:FA:DD:B7:4F:10:5E:AC:12:0E:02
Certificate issuer:       /CN=66d1f8fb6add272b46c406b1885c93295b1f4b8c
Certificate serial:       019B7EA6E0AED6120048465473A645B3995B
Authority key identifier: 66:D1:F8:FB:6A:DD:27:2B:46:C4:06:B1:88:5C:93:29:5B:1F:4B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/lL_8oe9yDIiLRfrdt08QXqwSDgI.roa
Signing time:             Fri 02 Jan 2026 12:20:24 +0000
ROA not before:           Fri 02 Jan 2026 12:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207348
IP address blocks:        2001:678:1090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:e0:ae:d6:12:00:48:46:54:73:a6:45:b3:99:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d1f8fb6add272b46c406b1885c93295b1f4b8c
        Validity
            Not Before: Jan  2 12:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94bffca1ef720c888b45faddb74f105eac120e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:27:36:b9:fd:6c:44:4a:52:b4:be:4f:d7:42:
                    ed:89:27:3e:50:67:ea:d4:5e:82:b6:b5:40:8c:13:
                    0e:7a:8b:0b:b3:ef:63:1e:a4:13:94:fc:93:d3:c9:
                    9f:6f:50:af:76:a3:c5:23:d5:be:63:42:9e:2a:3e:
                    62:63:c6:44:f1:cd:1c:96:a1:d8:22:b9:0e:53:c6:
                    bd:6b:e6:6a:8d:ba:3c:f9:55:9b:4b:a2:08:68:26:
                    eb:b7:ce:e3:90:c4:6d:8e:b1:1c:9e:0d:7b:65:98:
                    ad:26:68:37:c1:3f:c0:65:1a:af:a9:3d:e5:2f:aa:
                    d4:b0:86:d1:00:24:98:4b:9e:24:75:4e:45:25:da:
                    94:00:6e:4c:e8:03:f3:1d:83:86:e5:60:94:ec:56:
                    9b:1a:ea:4c:7d:62:f2:24:e3:9b:ed:24:a6:89:bc:
                    c8:02:6c:de:2e:27:ce:d4:3b:ee:56:76:4b:7d:e4:
                    75:1a:15:4f:d7:c8:4d:77:9d:cc:27:2a:f3:a8:90:
                    5b:b3:f8:d8:bd:0f:0d:ba:af:7a:89:29:c3:40:7d:
                    14:48:53:17:d4:c0:60:66:46:08:a5:d4:d8:2b:d4:
                    b8:ef:3c:88:94:92:ad:24:bb:3c:82:54:60:b8:cc:
                    01:cc:cb:1d:83:5c:43:73:cd:41:65:65:4d:21:d3:
                    25:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BF:FC:A1:EF:72:0C:88:8B:45:FA:DD:B7:4F:10:5E:AC:12:0E:02
            X509v3 Authority Key Identifier:
                keyid:66:D1:F8:FB:6A:DD:27:2B:46:C4:06:B1:88:5C:93:29:5B:1F:4B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/lL_8oe9yDIiLRfrdt08QXqwSDgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1090::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:1b:14:12:16:08:11:64:25:c8:55:e8:cc:46:e5:fe:9b:12:
         45:7b:62:db:bf:72:3f:a4:ec:07:a0:22:fb:66:27:03:47:ca:
         e5:5e:89:fc:82:69:b4:ec:27:72:26:87:bb:9c:13:9d:15:67:
         a4:85:31:a9:0d:cc:b1:92:c7:8b:37:01:68:4f:34:6e:52:60:
         f3:88:ef:b8:2f:86:39:a9:e9:2e:de:f2:9e:76:38:01:ae:bc:
         16:f1:08:95:dc:f2:67:1f:7e:38:d2:c9:11:d5:28:e6:97:d2:
         0e:79:cb:a3:8f:eb:83:eb:cf:10:8f:d0:22:1f:7b:d1:b6:9c:
         ad:6f:5b:9c:cf:91:9f:f4:d0:5f:51:f8:93:0d:15:77:a4:a5:
         e7:87:b7:61:59:b0:67:2d:20:2d:32:26:29:4f:6c:89:40:a7:
         96:e6:80:61:82:d2:14:ec:45:a2:bc:c8:03:c4:cf:33:c9:4e:
         61:2f:c7:83:89:87:be:a0:93:62:d6:a0:03:9b:36:5d:07:cb:
         71:61:43:35:30:0f:71:ac:15:11:16:13:bd:c5:35:d8:0f:50:
         de:6d:7e:2d:d9:1d:a1:98:51:9c:28:55:c5:0a:01:fb:e4:8d:
         0e:9d:00:4a:7d:5b:68:c6:14:5e:95:8e:c0:99:41:2b:bf:4a:
         f7:e8:de:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+puCu1hIASEZUc6ZFs5lbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDFmOGZiNmFkZDI3MmI0NmM0MDZiMTg4NWM5MzI5NWIx
ZjRiOGMwHhcNMjYwMTAyMTIyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGJmZmNhMWVmNzIwYzg4OGI0NWZhZGRiNzRmMTA1ZWFjMTIwZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Sc2uf1sREpStL5P10LtiSc+UGfq
1F6CtrVAjBMOeosLs+9jHqQTlPyT08mfb1CvdqPFI9W+Y0KeKj5iY8ZE8c0clqHY
IrkOU8a9a+Zqjbo8+VWbS6IIaCbrt87jkMRtjrEcng17ZZitJmg3wT/AZRqvqT3l
L6rUsIbRACSYS54kdU5FJdqUAG5M6APzHYOG5WCU7FabGupMfWLyJOOb7SSmibzI
AmzeLifO1DvuVnZLfeR1GhVP18hNd53MJyrzqJBbs/jYvQ8Nuq96iSnDQH0USFMX
1MBgZkYIpdTYK9S47zyIlJKtJLs8glRguMwBzMsdg1xDc81BZWVNIdMlIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJS//KHvcgyIi0X63bdPEF6sEg4CMB8GA1UdIwQY
MBaAFGbR+Ptq3ScrRsQGsYhckylbH0uMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRINC0ycmRKeXRHeEFheGlGeVRLVnNmUzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNTJmNmYtMTRmOC00MTljLTk5ZDkt
YTU5ZDEzNTBkZWVjLzEvbExfOG9lOXlESWlMUmZyZHQwOFFYcXdTRGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNTJmNmYtMTRmOC00MTljLTk5ZDktYTU5ZDEzNTBkZWVj
LzEvWnRINC0ycmRKeXRHeEFheGlGeVRLVnNmUzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCsGxQSFggRZCXIVejMRuX+mxJFe2Lbv3I/pOwH
oCL7ZicDR8rlXon8gmm07CdyJoe7nBOdFWekhTGpDcyxkseLNwFoTzRuUmDziO+4
L4Y5qeku3vKedjgBrrwW8QiV3PJnH3440skR1Sjml9IOecujj+uD688Qj9AiH3vR
tpytb1ucz5Gf9NBfUfiTDRV3pKXnh7dhWbBnLSAtMiYpT2yJQKeW5oBhgtIU7EWi
vMgDxM8zyU5hL8eDiYe+oJNi1qADmzZdB8txYUM1MA9xrBURFhO9xTXYD1DebX4t
2R2hmFGcKFXFCgH75I0OnQBKfVtoxhRelY7AmUErv0r36N5a
-----END CERTIFICATE-----