This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/jb28EMGpZLQEx0nm-COFBx7LuxA.roa
File:                     jb28EMGpZLQEx0nm-COFBx7LuxA.roa (raw, json)
Hash identifier:          tlsP+4YE5wEIxVFDiqeCuZVOSE8h29Zo7K+FoY31djg=
Subject key identifier:   8D:BD:BC:10:C1:A9:64:B4:04:C7:49:E6:F8:23:85:07:1E:CB:BB:10
Certificate issuer:       /CN=529231b247bff65b4c6341907ecd5eaba7f9ca92
Certificate serial:       019B78A2D87AD57CAD11A85528BE0FBAE0AC
Authority key identifier: 52:92:31:B2:47:BF:F6:5B:4C:63:41:90:7E:CD:5E:AB:A7:F9:CA:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/jb28EMGpZLQEx0nm-COFBx7LuxA.roa
Signing time:             Thu 01 Jan 2026 08:18:16 +0000
ROA not before:           Thu 01 Jan 2026 08:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200479
IP address blocks:        2001:67c:2344::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:d8:7a:d5:7c:ad:11:a8:55:28:be:0f:ba:e0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529231b247bff65b4c6341907ecd5eaba7f9ca92
        Validity
            Not Before: Jan  1 08:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8dbdbc10c1a964b404c749e6f82385071ecbbb10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:bc:39:df:52:a3:2b:b1:24:ea:d4:bd:2e:73:
                    e8:1b:07:5a:a0:df:5f:8f:76:93:3c:0f:8e:f8:47:
                    31:c7:41:1b:66:a5:cb:9a:1a:d8:9e:3d:15:1e:69:
                    54:16:9d:95:04:d5:e3:0e:8c:66:d4:2f:31:39:fb:
                    0f:b3:4c:d1:58:ab:33:a7:7e:07:73:23:39:51:ac:
                    0f:10:fd:ae:53:26:f8:03:c2:f8:e7:f8:d7:99:f1:
                    fe:08:5c:73:41:df:11:f1:e7:79:94:fb:17:1a:25:
                    55:70:bd:0d:18:b0:02:53:03:55:a2:2a:8b:a5:8a:
                    97:0b:13:95:9b:79:84:ca:28:11:10:29:7f:e1:cc:
                    fe:34:52:f0:44:d8:42:d5:50:2f:6e:ef:9e:43:93:
                    20:9d:23:e0:c1:90:03:62:6b:21:db:66:05:78:f7:
                    be:63:10:b1:0e:dc:7d:5e:6c:be:86:ab:af:d5:1d:
                    95:8f:f8:ef:30:48:d5:33:48:38:e6:5e:70:6a:49:
                    11:47:cf:6c:b1:6e:a7:33:d2:7c:42:01:85:a5:6a:
                    90:d0:78:9e:53:d9:11:7e:5a:c4:70:13:3b:b2:aa:
                    54:41:b9:4c:e6:8a:ca:7a:17:b1:ca:23:94:bd:7f:
                    10:32:a4:9c:91:23:22:6f:73:08:92:3c:91:48:5e:
                    43:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BD:BC:10:C1:A9:64:B4:04:C7:49:E6:F8:23:85:07:1E:CB:BB:10
            X509v3 Authority Key Identifier:
                keyid:52:92:31:B2:47:BF:F6:5B:4C:63:41:90:7E:CD:5E:AB:A7:F9:CA:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/jb28EMGpZLQEx0nm-COFBx7LuxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2344::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:5e:2c:3f:1b:03:8b:46:8a:84:b7:8a:7c:08:bb:4d:72:25:
         a7:43:0b:30:a1:c7:90:30:52:07:f2:4e:71:4b:f4:3b:99:d2:
         9d:56:c9:ac:23:86:30:f0:72:99:92:05:14:2e:7f:54:12:1c:
         7c:ef:66:02:38:27:6b:d2:06:8f:38:e6:4d:7b:19:d7:14:e2:
         50:70:b4:d8:dd:e0:a3:21:4a:3f:26:93:7b:0d:db:c0:5a:9e:
         07:56:68:b5:66:a1:bf:45:95:a3:e9:6c:a4:c6:9b:0c:06:89:
         ca:93:68:33:b2:98:3f:d7:ab:b0:fd:96:eb:63:cb:2c:0a:bb:
         98:d7:4a:80:2e:ab:de:81:b1:71:6a:a3:0a:2f:c8:b7:6b:1d:
         a1:13:17:b8:de:b1:c7:6a:6c:1c:93:63:9f:6b:b8:46:c6:36:
         84:2f:71:9d:bd:ca:6b:0d:7b:8e:ad:40:18:cc:10:45:58:20:
         56:e5:ea:dd:13:37:8b:49:4d:1e:bd:88:1e:50:83:ca:d3:b6:
         ff:41:48:34:f3:19:b3:9f:81:eb:9c:cd:da:a6:51:ba:70:69:
         03:bd:2f:3b:02:72:cc:b6:ea:00:54:32:74:cd:e6:c3:79:97:
         6a:8d:45:6e:80:c5:57:3e:5b:a4:be:bd:c5:fb:29:60:55:1f:
         36:83:08:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4oth61XytEahVKL4PuuCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOTIzMWIyNDdiZmY2NWI0YzYzNDE5MDdlY2Q1ZWFiYTdm
OWNhOTIwHhcNMjYwMTAxMDgxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGJkYmMxMGMxYTk2NGI0MDRjNzQ5ZTZmODIzODUwNzFlY2JiYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Lw531KjK7Ek6tS9LnPoGwdaoN9f
j3aTPA+O+Ecxx0EbZqXLmhrYnj0VHmlUFp2VBNXjDoxm1C8xOfsPs0zRWKszp34H
cyM5UawPEP2uUyb4A8L45/jXmfH+CFxzQd8R8ed5lPsXGiVVcL0NGLACUwNVoiqL
pYqXCxOVm3mEyigRECl/4cz+NFLwRNhC1VAvbu+eQ5MgnSPgwZADYmsh22YFePe+
YxCxDtx9Xmy+hquv1R2Vj/jvMEjVM0g45l5wakkRR89ssW6nM9J8QgGFpWqQ0Hie
U9kRflrEcBM7sqpUQblM5orKehexyiOUvX8QMqSckSMib3MIkjyRSF5D6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI29vBDBqWS0BMdJ5vgjhQcey7sQMB8GA1UdIwQY
MBaAFFKSMbJHv/ZbTGNBkH7NXqun+cqSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXBJeHNrZV85bHRNWTBHUWZzMWVxNmY1eXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84ZWM5NmQtZDYxYy00NmFjLWJmNTQt
NjUxMzVjZjJmODE1LzEvamIyOEVNR3BaTFFFeDBubS1DT0ZCeDdMdXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84ZWM5NmQtZDYxYy00NmFjLWJmNTQtNjUxMzVjZjJmODE1
LzEvVXBJeHNrZV85bHRNWTBHUWZzMWVxNmY1eXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCNE
MA0GCSqGSIb3DQEBCwUAA4IBAQADXiw/GwOLRoqEt4p8CLtNciWnQwswoceQMFIH
8k5xS/Q7mdKdVsmsI4Yw8HKZkgUULn9UEhx872YCOCdr0gaPOOZNexnXFOJQcLTY
3eCjIUo/JpN7DdvAWp4HVmi1ZqG/RZWj6WykxpsMBonKk2gzspg/16uw/ZbrY8ss
CruY10qALqvegbFxaqMKL8i3ax2hExe43rHHamwck2Ofa7hGxjaEL3GdvcprDXuO
rUAYzBBFWCBW5erdEzeLSU0evYgeUIPK07b/QUg08xmzn4HrnM3aplG6cGkDvS87
AnLMtuoAVDJ0zebDeZdqjUVugMVXPlukvr3F+ylgVR82gwis
-----END CERTIFICATE-----