This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/5q8b-mFBKEi7KxA-qotiTf_Ngcs.roa
File:                     5q8b-mFBKEi7KxA-qotiTf_Ngcs.roa (raw, json)
Hash identifier:          UP1Aef3+F12caRUYXmTS+aJsJJVlKeAHOy7RJvD6MyQ=
Subject key identifier:   E6:AF:1B:FA:61:41:28:48:BB:2B:10:3E:AA:8B:62:4D:FF:CD:81:CB
Certificate issuer:       /CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
Certificate serial:       019B7BA53BBCBC773B85987233C3562BA29D
Authority key identifier: EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/5q8b-mFBKEi7KxA-qotiTf_Ngcs.roa
Signing time:             Thu 01 Jan 2026 22:19:44 +0000
ROA not before:           Thu 01 Jan 2026 22:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50629
IP address blocks:        2001:67c:708::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:3b:bc:bc:77:3b:85:98:72:33:c3:56:2b:a2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
        Validity
            Not Before: Jan  1 22:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6af1bfa61412848bb2b103eaa8b624dffcd81cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c6:5d:3c:cc:e9:4d:ed:b6:c5:be:1b:86:69:
                    e7:3b:6c:63:3f:7f:de:d7:b7:15:1a:5f:41:cf:71:
                    55:69:6a:53:4f:cc:0f:96:31:c6:20:ec:3c:de:6f:
                    99:d4:93:e7:12:25:a7:69:1a:68:89:8d:b2:b2:74:
                    44:8a:53:95:00:ae:34:b0:74:6a:00:bd:5d:2c:7a:
                    0c:24:30:78:dd:c2:5f:0b:c9:5f:25:12:7f:a6:83:
                    e5:9e:4f:c2:e5:31:37:96:f8:6c:2f:97:de:38:49:
                    c8:5b:04:ad:c9:01:23:5e:05:13:bf:85:4d:7f:1d:
                    59:69:cf:ca:0e:67:5e:79:86:a7:66:63:e1:5e:b7:
                    da:4d:4a:fe:59:66:db:1a:61:a1:69:a9:53:7e:9b:
                    0b:9f:23:a0:0b:0d:25:1f:78:3f:81:78:b2:a8:7f:
                    ed:79:6a:d8:47:f4:d9:22:b4:c0:d8:0a:46:42:48:
                    de:51:5f:ac:08:95:f3:7b:ea:87:29:54:3d:8c:3c:
                    dc:d9:f5:76:13:6f:96:0a:72:12:01:51:ed:a5:cd:
                    ed:21:43:a3:d3:67:8a:f9:c7:59:f4:16:b3:ce:85:
                    d4:7a:fb:03:84:39:df:f2:e7:70:b5:5e:ef:ef:80:
                    aa:4c:52:d4:61:16:ce:ae:09:ad:ce:47:18:30:d2:
                    31:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:AF:1B:FA:61:41:28:48:BB:2B:10:3E:AA:8B:62:4D:FF:CD:81:CB
            X509v3 Authority Key Identifier:
                keyid:EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/5q8b-mFBKEi7KxA-qotiTf_Ngcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:708::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:c2:ed:b3:c7:48:a4:3c:ce:ab:a9:14:ce:8d:71:95:b0:dd:
         91:4a:da:b7:1b:8d:25:9a:77:bd:52:ec:c8:cf:be:e3:d6:bf:
         8a:57:0d:8a:27:01:fd:3e:ed:73:d9:9a:52:8d:58:d0:4b:f6:
         93:0d:87:1b:08:2b:52:cb:11:3b:27:e3:a0:d2:75:9d:ea:23:
         97:52:f5:a8:3a:a3:76:4f:96:ad:6b:b0:3d:f0:eb:6c:4f:88:
         c7:b1:51:12:d9:75:80:9a:1b:42:95:a7:67:0f:ab:1e:6a:dc:
         23:90:32:3e:51:63:3d:e9:b4:6c:65:73:87:70:a1:8b:27:78:
         1f:cf:65:72:21:86:99:7d:00:40:e5:60:0c:80:2c:66:2a:2c:
         5c:d2:b4:ae:2f:21:d4:a8:52:bf:6c:0f:25:a0:67:5a:eb:e2:
         6b:6d:05:94:ec:23:ee:c2:29:96:32:74:3a:ac:14:8d:a7:2d:
         ae:13:3e:70:d7:d7:f3:cd:d0:d9:45:83:7a:ce:7a:57:79:71:
         53:53:c6:09:93:a2:50:a5:4c:ba:c9:b2:bc:57:4f:9b:55:83:
         83:af:24:5e:50:3c:c1:7d:03:a0:bc:70:1e:81:67:7c:4c:92:
         b1:a4:30:ea:35:80:ba:a7:45:1e:56:fb:89:35:bf:20:00:1b:
         19:b5:51:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pTu8vHc7hZhyM8NWK6KdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZGM0OGQ5YWIxMGYwZTQyYTNkYzY3ZmJkMGY0Y2I4ZTQ0
Y2FiNjkwHhcNMjYwMTAxMjIxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmFmMWJmYTYxNDEyODQ4YmIyYjEwM2VhYThiNjI0ZGZmY2Q4MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMZdPMzpTe22xb4bhmnnO2xjP3/e
17cVGl9Bz3FVaWpTT8wPljHGIOw83m+Z1JPnEiWnaRpoiY2ysnREilOVAK40sHRq
AL1dLHoMJDB43cJfC8lfJRJ/poPlnk/C5TE3lvhsL5feOEnIWwStyQEjXgUTv4VN
fx1Zac/KDmdeeYanZmPhXrfaTUr+WWbbGmGhaalTfpsLnyOgCw0lH3g/gXiyqH/t
eWrYR/TZIrTA2ApGQkjeUV+sCJXze+qHKVQ9jDzc2fV2E2+WCnISAVHtpc3tIUOj
02eK+cdZ9BazzoXUevsDhDnf8udwtV7v74CqTFLUYRbOrgmtzkcYMNIxwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOavG/phQShIuysQPqqLYk3/zYHLMB8GA1UdIwQY
MBaAFO/cSNmrEPDkKj3Gf70PTLjkTKtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMt
MDY2MGMxNmVmY2NlLzEvNXE4Yi1tRkJLRWk3S3hBLXFvdGlUZl9OZ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMtMDY2MGMxNmVmY2Nl
LzEvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAcI
MA0GCSqGSIb3DQEBCwUAA4IBAQArwu2zx0ikPM6rqRTOjXGVsN2RStq3G40lmne9
UuzIz77j1r+KVw2KJwH9Pu1z2ZpSjVjQS/aTDYcbCCtSyxE7J+Og0nWd6iOXUvWo
OqN2T5ata7A98OtsT4jHsVES2XWAmhtCladnD6seatwjkDI+UWM96bRsZXOHcKGL
J3gfz2VyIYaZfQBA5WAMgCxmKixc0rSuLyHUqFK/bA8loGda6+JrbQWU7CPuwimW
MnQ6rBSNpy2uEz5w19fzzdDZRYN6znpXeXFTU8YJk6JQpUy6ybK8V0+bVYODryRe
UDzBfQOgvHAegWd8TJKxpDDqNYC6p0UeVvuJNb8gABsZtVEw
-----END CERTIFICATE-----