This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/531zAUPBYKumyQ0xpfkhVrEVZeg.roa
File:                     531zAUPBYKumyQ0xpfkhVrEVZeg.roa (raw, json)
Hash identifier:          zmS5aMegf4cAdrpghAhABvhGFxJN7kA/8Rf6S1OUbjM=
Subject key identifier:   E7:7D:73:01:43:C1:60:AB:A6:C9:0D:31:A5:F9:21:56:B1:15:65:E8
Certificate issuer:       /CN=33343229de251cc8825a7c44c8fe93e4acdbc115
Certificate serial:       019B0CBA190369731147B6EC8B702BF8D1ED
Authority key identifier: 33:34:32:29:DE:25:1C:C8:82:5A:7C:44:C8:FE:93:E4:AC:DB:C1:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzQyKd4lHMiCWnxEyP6T5KzbwRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/531zAUPBYKumyQ0xpfkhVrEVZeg.roa
Signing time:             Thu 11 Dec 2025 09:24:41 +0000
ROA not before:           Thu 11 Dec 2025 09:24:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197248
IP address blocks:        2001:678:117c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/MzQyKd4lHMiCWnxEyP6T5KzbwRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/MzQyKd4lHMiCWnxEyP6T5KzbwRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzQyKd4lHMiCWnxEyP6T5KzbwRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Dec 2025 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:0c:ba:19:03:69:73:11:47:b6:ec:8b:70:2b:f8:d1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33343229de251cc8825a7c44c8fe93e4acdbc115
        Validity
            Not Before: Dec 11 09:24:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e77d730143c160aba6c90d31a5f92156b11565e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d0:01:ae:77:f5:17:ec:55:a0:fb:16:ea:06:
                    7e:68:25:50:69:84:e3:e6:bb:2a:33:bd:e8:e0:9f:
                    63:59:c0:31:f9:25:09:fe:d4:b1:13:38:c8:7a:42:
                    e2:99:71:49:93:25:dc:ec:09:ba:46:8c:38:0b:e9:
                    27:75:b1:f7:72:0a:91:a9:be:47:95:d4:49:30:5f:
                    78:42:40:68:da:62:54:3d:f3:2a:08:c2:29:42:06:
                    1d:28:3f:12:a1:3a:d1:67:84:ae:aa:09:60:98:40:
                    f2:24:ea:3a:fa:28:91:6d:b7:58:bf:26:df:23:fb:
                    9b:e2:28:3e:3c:4c:6d:79:92:f0:1b:ff:df:7c:a2:
                    62:ab:fd:cc:fa:7c:99:9c:1d:e4:f1:ff:4d:ec:ab:
                    40:0f:77:28:1d:7b:e3:96:85:a4:35:4e:28:74:40:
                    0c:20:3b:dd:4f:86:9f:37:cf:bf:00:d3:89:5c:fb:
                    25:f6:b7:be:a1:47:31:3c:6c:5c:11:a9:d9:30:14:
                    5c:24:7f:fd:bf:1b:eb:a5:15:19:f5:87:55:19:1a:
                    31:19:25:e7:60:10:eb:5a:6a:ef:46:ab:2b:03:c5:
                    3a:83:f8:24:d4:c0:73:ba:c7:3d:b3:d1:4a:a3:91:
                    7f:e1:5a:5d:cd:5c:ea:1c:43:4c:d1:5f:2f:34:ab:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7D:73:01:43:C1:60:AB:A6:C9:0D:31:A5:F9:21:56:B1:15:65:E8
            X509v3 Authority Key Identifier:
                keyid:33:34:32:29:DE:25:1C:C8:82:5A:7C:44:C8:FE:93:E4:AC:DB:C1:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzQyKd4lHMiCWnxEyP6T5KzbwRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/531zAUPBYKumyQ0xpfkhVrEVZeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7a37ea-30d9-427b-a36e-64832b39057d/1/MzQyKd4lHMiCWnxEyP6T5KzbwRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:117c::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:ea:72:e8:9c:5d:13:0c:50:27:e8:e5:e2:87:55:ef:f6:86:
         dc:30:d1:51:9c:9a:60:a0:ea:f9:43:55:aa:32:fa:e3:81:1b:
         03:e8:b0:a1:08:60:bf:6b:5c:e2:af:d2:55:5b:09:fb:aa:dc:
         fe:ea:7b:71:14:4c:87:73:4e:58:51:70:55:58:41:3a:54:58:
         b0:b3:aa:ef:5a:7b:2c:8c:1b:8a:57:ae:6b:9a:d3:85:ba:13:
         44:b2:0b:5c:1f:1d:19:3a:11:6e:28:a4:2b:7d:e3:4e:fd:22:
         37:6c:53:ef:60:79:07:a8:bb:05:95:64:9a:e2:d4:9e:50:f4:
         d4:72:63:21:a3:a5:3c:cc:80:26:d3:06:4f:4f:d1:84:9c:56:
         b9:bb:bd:37:8c:26:ad:c2:4a:e0:bc:98:98:cf:f3:16:16:4c:
         52:75:3b:38:6c:0c:a1:a8:d3:cd:b0:0c:15:70:b6:1d:8f:36:
         2d:6f:dc:4f:af:e8:97:4b:c1:df:d6:8d:29:bb:f6:c5:77:12:
         fd:fd:13:e7:1a:26:e3:71:74:98:ed:a4:21:f9:a2:f6:d3:f8:
         65:ef:7c:d9:fe:26:52:dd:f8:74:04:00:22:3a:fa:c7:af:7d:
         c5:98:b5:6e:b2:49:c3:74:c4:0f:22:53:37:3c:21:9d:88:29:
         e5:bb:a1:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZsMuhkDaXMRR7bsi3Ar+NHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzQzMjI5ZGUyNTFjYzg4MjVhN2M0NGM4ZmU5M2U0YWNk
YmMxMTUwHhcNMjUxMjExMDkyNDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzdkNzMwMTQzYzE2MGFiYTZjOTBkMzFhNWY5MjE1NmIxMTU2NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dABrnf1F+xVoPsW6gZ+aCVQaYTj
5rsqM73o4J9jWcAx+SUJ/tSxEzjIekLimXFJkyXc7Am6Row4C+kndbH3cgqRqb5H
ldRJMF94QkBo2mJUPfMqCMIpQgYdKD8SoTrRZ4SuqglgmEDyJOo6+iiRbbdYvybf
I/ub4ig+PExteZLwG//ffKJiq/3M+nyZnB3k8f9N7KtAD3coHXvjloWkNU4odEAM
IDvdT4afN8+/ANOJXPsl9re+oUcxPGxcEanZMBRcJH/9vxvrpRUZ9YdVGRoxGSXn
YBDrWmrvRqsrA8U6g/gk1MBzusc9s9FKo5F/4VpdzVzqHENM0V8vNKvPkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOd9cwFDwWCrpskNMaX5IVaxFWXoMB8GA1UdIwQY
MBaAFDM0MineJRzIglp8RMj+k+Ss28EVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpReUtkNGxITWlDV254RXlQNlQ1S3pid1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy83YTM3ZWEtMzBkOS00MjdiLWEzNmUt
NjQ4MzJiMzkwNTdkLzEvNTMxekFVUEJZS3VteVEweHBma2hWckVWWmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy83YTM3ZWEtMzBkOS00MjdiLWEzNmUtNjQ4MzJiMzkwNTdk
LzEvTXpReUtkNGxITWlDV254RXlQNlQ1S3pid1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBF8
MA0GCSqGSIb3DQEBCwUAA4IBAQCs6nLonF0TDFAn6OXih1Xv9obcMNFRnJpgoOr5
Q1WqMvrjgRsD6LChCGC/a1zir9JVWwn7qtz+6ntxFEyHc05YUXBVWEE6VFiws6rv
WnssjBuKV65rmtOFuhNEsgtcHx0ZOhFuKKQrfeNO/SI3bFPvYHkHqLsFlWSa4tSe
UPTUcmMho6U8zIAm0wZPT9GEnFa5u703jCatwkrgvJiYz/MWFkxSdTs4bAyhqNPN
sAwVcLYdjzYtb9xPr+iXS8Hf1o0pu/bFdxL9/RPnGibjcXSY7aQh+aL20/hl73zZ
/iZS3fh0BAAiOvrHr33FmLVusknDdMQPIlM3PCGdiCnlu6FN
-----END CERTIFICATE-----