This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/k3fmZjh5Nd4d9i-yTk1YzO9a-ow.roa
File:                     k3fmZjh5Nd4d9i-yTk1YzO9a-ow.roa (raw, json)
Hash identifier:          mS6dHnW2WbLdF67XEsAw2GyVUdDMoZ8sBWqhN+eeuMo=
Subject key identifier:   93:77:E6:66:38:79:35:DE:1D:F6:2F:B2:4E:4D:58:CC:EF:5A:FA:8C
Certificate issuer:       /CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
Certificate serial:       019B7FF2B4343536A174473BA34E89490B30
Authority key identifier: 77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/k3fmZjh5Nd4d9i-yTk1YzO9a-ow.roa
Signing time:             Fri 02 Jan 2026 18:22:50 +0000
ROA not before:           Fri 02 Jan 2026 18:22:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56595
IP address blocks:        2001:67c:74c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:b4:34:35:36:a1:74:47:3b:a3:4e:89:49:0b:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
        Validity
            Not Before: Jan  2 18:22:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9377e666387935de1df62fb24e4d58ccef5afa8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:30:48:0a:09:8e:1e:5a:ef:c2:c4:c9:1f:8e:
                    72:3f:07:b5:85:68:c1:0d:fb:d1:2f:af:9a:60:33:
                    1d:ef:9f:0a:82:83:ba:a8:52:cb:07:96:d7:b4:65:
                    9a:0d:fb:48:03:ca:6b:f5:5c:94:49:cb:fb:f5:ed:
                    ad:a7:6d:eb:61:a3:5c:06:90:a4:a1:3a:ad:78:5e:
                    a9:26:49:7e:28:01:f4:c7:94:fc:49:13:05:f3:83:
                    f8:80:91:08:6e:5a:9e:1d:cd:41:79:08:e3:b2:b4:
                    bb:14:d5:9b:8c:a5:6a:06:76:9a:41:93:a0:38:fe:
                    e1:22:0c:ee:53:99:a6:8c:32:1c:62:1e:8f:39:03:
                    40:fb:cc:8a:56:55:86:1c:b7:59:62:d3:3b:df:24:
                    c6:52:09:26:c1:4b:9d:e8:08:25:4b:85:77:ba:de:
                    01:91:dd:fe:56:29:bc:4e:50:d0:04:64:e2:d1:49:
                    72:58:11:17:06:38:b3:7b:23:ab:3c:c7:a1:bf:a5:
                    31:45:5a:c9:50:46:db:49:6c:82:09:a5:16:48:dd:
                    9e:bc:5f:ea:f7:6f:93:11:d9:00:8a:39:23:ec:99:
                    a9:c2:a8:94:28:02:7c:1f:df:d4:b6:d0:d8:36:ef:
                    32:21:c8:48:68:53:76:c9:dd:c4:6f:3e:dc:4b:11:
                    d4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:77:E6:66:38:79:35:DE:1D:F6:2F:B2:4E:4D:58:CC:EF:5A:FA:8C
            X509v3 Authority Key Identifier:
                keyid:77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/k3fmZjh5Nd4d9i-yTk1YzO9a-ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:2a:d3:f2:4c:bb:97:c5:e3:3f:cf:6f:63:a1:b7:60:06:36:
         56:81:69:3b:7f:f6:4d:82:7c:04:53:01:87:33:5e:cc:45:3c:
         4f:a7:2f:ba:1c:b6:38:c1:6f:b2:50:d3:0c:f3:9d:45:1f:6c:
         d7:6c:42:99:ca:07:3d:cc:7b:f9:0c:62:56:7d:d2:2b:c1:06:
         ca:87:5c:ec:d6:c5:d2:b5:8c:f7:18:7d:86:f9:44:27:98:e3:
         d1:7f:8e:af:b8:93:6c:36:ff:63:30:eb:e1:41:6d:d9:23:75:
         8a:1b:b9:6e:84:74:04:60:54:d4:e8:e4:b1:09:2b:37:2d:fa:
         ce:f1:fa:5c:57:4f:25:e6:e9:04:f4:2e:88:4d:75:2c:9b:6a:
         01:05:27:30:51:c1:7d:50:a1:49:1a:d7:1d:a5:2c:50:36:18:
         60:e2:bb:ad:9d:08:d5:af:b9:fd:b6:e4:e3:42:eb:c2:b1:80:
         35:d2:55:90:ab:f8:d4:c3:8c:c2:32:25:b6:df:75:e5:e7:49:
         90:11:8c:26:c2:7d:0b:33:c7:56:22:3e:06:9f:7e:df:02:76:
         d7:cf:97:40:b5:3c:80:a4:0b:e2:1e:a2:c0:6b:b6:0a:38:a7:
         a8:09:e6:0b:78:16:c9:23:85:af:a8:67:98:8f:03:f4:5c:4d:
         fb:0f:97:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8rQ0NTahdEc7o06JSQswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZThiYmY4NjQzYWJkNjJmZjNmNDJiZWM0YzBiMmRiOTc3
NTk2ZDcwHhcNMjYwMTAyMTgyMjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc3ZTY2NjM4NzkzNWRlMWRmNjJmYjI0ZTRkNThjY2VmNWFmYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjBICgmOHlrvwsTJH45yPwe1hWjB
DfvRL6+aYDMd758KgoO6qFLLB5bXtGWaDftIA8pr9VyUScv79e2tp23rYaNcBpCk
oTqteF6pJkl+KAH0x5T8SRMF84P4gJEIblqeHc1BeQjjsrS7FNWbjKVqBnaaQZOg
OP7hIgzuU5mmjDIcYh6POQNA+8yKVlWGHLdZYtM73yTGUgkmwUud6AglS4V3ut4B
kd3+Vim8TlDQBGTi0UlyWBEXBjizeyOrPMehv6UxRVrJUEbbSWyCCaUWSN2evF/q
92+TEdkAijkj7JmpwqiUKAJ8H9/UttDYNu8yIchIaFN2yd3Ebz7cSxHUewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJN35mY4eTXeHfYvsk5NWMzvWvqMMB8GA1UdIwQY
MBaAFHfou/hkOr1i/z9CvsTAstuXdZbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjkt
NDRjY2QxYjUxZjEwLzEvazNmbVpqaDVOZDRkOWkteVRrMVl6TzlhLW93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjktNDRjY2QxYjUxZjEw
LzEvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQAiKtPyTLuXxeM/z29jobdgBjZWgWk7f/ZNgnwE
UwGHM17MRTxPpy+6HLY4wW+yUNMM851FH2zXbEKZygc9zHv5DGJWfdIrwQbKh1zs
1sXStYz3GH2G+UQnmOPRf46vuJNsNv9jMOvhQW3ZI3WKG7luhHQEYFTU6OSxCSs3
LfrO8fpcV08l5ukE9C6ITXUsm2oBBScwUcF9UKFJGtcdpSxQNhhg4rutnQjVr7n9
tuTjQuvCsYA10lWQq/jUw4zCMiW233Xl50mQEYwmwn0LM8dWIj4Gn37fAnbXz5dA
tTyApAviHqLAa7YKOKeoCeYLeBbJI4WvqGeYjwP0XE37D5f4
-----END CERTIFICATE-----