This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/c4pt8vUVaeXjMXnofvH8CstQg9I.roa
File:                     c4pt8vUVaeXjMXnofvH8CstQg9I.roa (raw, json)
Hash identifier:          JquKoOYBsn6huX/IMn7g4cc/ok8BfYvy/bpSr/C0iVw=
Subject key identifier:   73:8A:6D:F2:F5:15:69:E5:E3:31:79:E8:7E:F1:FC:0A:CB:50:83:D2
Certificate issuer:       /CN=44814ea7e83b4019bfd5797eba989da06dd90e33
Certificate serial:       019B7758F469B4D95CD40B09B9A2FA4A2030
Authority key identifier: 44:81:4E:A7:E8:3B:40:19:BF:D5:79:7E:BA:98:9D:A0:6D:D9:0E:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/c4pt8vUVaeXjMXnofvH8CstQg9I.roa
Signing time:             Thu 01 Jan 2026 02:17:56 +0000
ROA not before:           Thu 01 Jan 2026 02:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208733
IP address blocks:        2001:678:3b8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f4:69:b4:d9:5c:d4:0b:09:b9:a2:fa:4a:20:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44814ea7e83b4019bfd5797eba989da06dd90e33
        Validity
            Not Before: Jan  1 02:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=738a6df2f51569e5e33179e87ef1fc0acb5083d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b2:8b:fa:17:37:e4:5e:48:75:b8:05:d2:cc:
                    ee:a4:39:66:2d:ed:6e:98:45:71:70:89:45:63:87:
                    e5:fa:bc:09:bb:67:b5:f3:b7:14:3d:a7:92:0e:de:
                    cf:b8:2a:33:b5:a7:65:88:80:76:b5:af:79:a8:9a:
                    b1:52:bc:cc:de:54:92:22:33:60:0d:07:f9:85:14:
                    8b:65:0e:16:a2:c5:c6:bb:7d:d5:24:ba:ae:49:37:
                    22:7f:56:1f:77:15:ac:ad:08:10:29:16:3f:ce:11:
                    7a:2a:e3:80:5f:6a:e1:2b:4d:c9:60:fa:2b:34:43:
                    ed:42:0a:64:5d:1a:0f:93:60:21:80:01:d5:69:b8:
                    5f:6b:fa:06:7c:32:71:70:78:c5:08:e4:28:b5:0e:
                    b9:2d:33:6b:e8:d5:2f:a2:9b:c2:da:60:b4:5f:b7:
                    89:a2:13:dd:9b:62:0d:75:ac:1b:c9:22:1b:86:a2:
                    84:96:6f:d5:4f:fb:06:c3:47:a1:6b:71:e6:5c:30:
                    b9:f0:6e:5a:e7:b1:8b:86:e5:f1:e0:ee:6a:1f:9d:
                    8b:85:d7:50:cd:f8:53:5f:21:a4:b4:8f:5e:d9:ea:
                    ca:30:fa:b6:73:55:dd:34:b9:67:4c:c6:5e:6b:5e:
                    e0:eb:44:37:da:3c:ce:bc:d6:af:6d:4e:dd:b8:b0:
                    c7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8A:6D:F2:F5:15:69:E5:E3:31:79:E8:7E:F1:FC:0A:CB:50:83:D2
            X509v3 Authority Key Identifier:
                keyid:44:81:4E:A7:E8:3B:40:19:BF:D5:79:7E:BA:98:9D:A0:6D:D9:0E:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RIFOp-g7QBm_1Xl-upidoG3ZDjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/c4pt8vUVaeXjMXnofvH8CstQg9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3ac44b-565a-4286-a40c-d7e01ac02a75/1/RIFOp-g7QBm_1Xl-upidoG3ZDjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:62:db:1c:18:e6:25:35:5f:2f:0d:83:58:40:45:1b:9c:6a:
         9e:2a:42:3d:d5:f1:71:29:41:ae:03:2e:3e:dd:05:45:1a:17:
         c7:c8:48:a1:99:39:8d:0b:47:e2:cf:28:2c:f7:16:c7:3f:59:
         4d:da:3c:2e:f8:65:2b:ef:8a:f0:85:e0:f0:68:71:85:db:92:
         fe:2a:e2:0c:5c:2e:59:08:3f:17:9d:6a:de:7d:b0:ee:fb:aa:
         41:b8:4a:b3:ec:c7:a1:9a:45:5b:ff:e3:02:98:15:11:48:32:
         e4:ef:1a:98:eb:76:c2:83:f4:bb:75:b4:90:7e:d9:99:15:46:
         0c:46:b2:e7:32:05:be:a6:e7:a7:e3:7b:ea:c6:91:4e:09:cc:
         28:96:05:32:81:9f:13:f3:51:25:65:2d:fa:87:3b:00:d1:da:
         af:16:af:04:c6:9b:67:09:fc:9b:11:fa:28:19:88:5a:8d:5e:
         bf:5a:da:f8:f1:dc:ec:07:7d:b6:5b:53:d6:1d:68:1a:5f:14:
         99:1f:0b:ac:59:5c:db:9f:9a:ec:dd:4a:3f:9a:40:26:a7:f3:
         4a:e9:29:5b:be:33:3e:fc:36:cc:16:3d:22:ca:90:68:fe:37:
         fd:ac:9c:b0:bd:7d:fb:19:9a:7a:9e:7a:59:5f:fa:ed:29:c1:
         8e:07:cc:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WPRptNlc1AsJuaL6SiAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ODE0ZWE3ZTgzYjQwMTliZmQ1Nzk3ZWJhOTg5ZGEwNmRk
OTBlMzMwHhcNMjYwMTAxMDIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhhNmRmMmY1MTU2OWU1ZTMzMTc5ZTg3ZWYxZmMwYWNiNTA4M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLKL+hc35F5IdbgF0szupDlmLe1u
mEVxcIlFY4fl+rwJu2e187cUPaeSDt7PuCoztadliIB2ta95qJqxUrzM3lSSIjNg
DQf5hRSLZQ4WosXGu33VJLquSTcif1YfdxWsrQgQKRY/zhF6KuOAX2rhK03JYPor
NEPtQgpkXRoPk2AhgAHVabhfa/oGfDJxcHjFCOQotQ65LTNr6NUvopvC2mC0X7eJ
ohPdm2INdawbySIbhqKElm/VT/sGw0eha3HmXDC58G5a57GLhuXx4O5qH52LhddQ
zfhTXyGktI9e2erKMPq2c1XdNLlnTMZea17g60Q32jzOvNavbU7duLDHYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHOKbfL1FWnl4zF56H7x/ArLUIPSMB8GA1UdIwQY
MBaAFESBTqfoO0AZv9V5frqYnaBt2Q4zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUklGT3AtZzdRQm1fMVhsLXVwaWRvRzNaRGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zYWM0NGItNTY1YS00Mjg2LWE0MGMt
ZDdlMDFhYzAyYTc1LzEvYzRwdDh2VVZhZVhqTVhub2Z2SDhDc3RRZzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zYWM0NGItNTY1YS00Mjg2LWE0MGMtZDdlMDFhYzAyYTc1
LzEvUklGT3AtZzdRQm1fMVhsLXVwaWRvRzNaRGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAO4
MA0GCSqGSIb3DQEBCwUAA4IBAQB/YtscGOYlNV8vDYNYQEUbnGqeKkI91fFxKUGu
Ay4+3QVFGhfHyEihmTmNC0fizygs9xbHP1lN2jwu+GUr74rwheDwaHGF25L+KuIM
XC5ZCD8XnWrefbDu+6pBuEqz7MehmkVb/+MCmBURSDLk7xqY63bCg/S7dbSQftmZ
FUYMRrLnMgW+puen43vqxpFOCcwolgUygZ8T81ElZS36hzsA0dqvFq8ExptnCfyb
EfooGYhajV6/Wtr48dzsB322W1PWHWgaXxSZHwusWVzbn5rs3Uo/mkAmp/NK6Slb
vjM+/DbMFj0iypBo/jf9rJywvX37GZp6nnpZX/rtKcGOB8xq
-----END CERTIFICATE-----