This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/ZHi1ZhCdWfH9BoGN5VcU78t29bk.roa
File:                     ZHi1ZhCdWfH9BoGN5VcU78t29bk.roa (raw, json)
Hash identifier:          SRJcc4sRWkIGgmHfVj6UPyJviHaRkjxeQWqok2u9PGk=
Subject key identifier:   64:78:B5:66:10:9D:59:F1:FD:06:81:8D:E5:57:14:EF:CB:76:F5:B9
Certificate issuer:       /CN=0e5a08fc34690f52db0c2b7e47e8e53883145a98
Certificate serial:       019B78A214B5CB9D447BAACF72A2C7B8A8BE
Authority key identifier: 0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/ZHi1ZhCdWfH9BoGN5VcU78t29bk.roa
Signing time:             Thu 01 Jan 2026 08:17:26 +0000
ROA not before:           Thu 01 Jan 2026 08:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210360
IP address blocks:        2001:678:b24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:14:b5:cb:9d:44:7b:aa:cf:72:a2:c7:b8:a8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e5a08fc34690f52db0c2b7e47e8e53883145a98
        Validity
            Not Before: Jan  1 08:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6478b566109d59f1fd06818de55714efcb76f5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:99:e4:2d:1e:06:d9:0d:8e:46:92:7e:90:52:
                    f0:c2:65:38:3d:80:ec:85:59:f3:80:99:f1:91:fa:
                    22:36:ae:d1:23:4d:16:db:6b:90:0f:b3:3b:14:6f:
                    99:a8:da:8c:8a:8a:96:65:ee:2d:b5:63:60:5c:b3:
                    6f:54:f0:d7:32:06:f7:d0:17:b8:de:7b:92:33:79:
                    63:3e:d1:f2:35:64:f5:9f:8c:5d:66:5d:17:09:86:
                    b5:a0:30:f4:23:ea:d9:7a:57:3d:e4:94:e8:21:f0:
                    f5:b5:0f:e8:43:a6:03:51:ad:eb:cc:67:e9:6c:76:
                    0d:c1:da:4c:26:cc:75:7f:e5:91:79:13:ce:58:45:
                    db:bc:1c:e0:23:ab:67:db:e1:ec:57:ab:f7:8c:63:
                    f5:ae:a5:3d:e5:fb:45:a1:e0:53:1c:6b:04:0e:28:
                    34:23:f9:65:e4:a9:78:da:db:6e:2c:8d:a4:62:a6:
                    10:0b:00:36:01:24:29:97:f9:44:52:e4:c7:72:03:
                    fc:32:23:0d:4a:fa:9e:fa:75:0b:55:c6:af:c5:47:
                    cf:27:cb:17:3f:e5:2a:05:ed:98:a8:dd:0c:44:09:
                    bf:2b:b8:cd:e6:c5:31:d3:8e:9e:25:39:d0:7b:23:
                    d9:77:72:f0:73:ed:01:47:b3:3a:65:f8:5d:a3:2f:
                    46:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:78:B5:66:10:9D:59:F1:FD:06:81:8D:E5:57:14:EF:CB:76:F5:B9
            X509v3 Authority Key Identifier:
                keyid:0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/ZHi1ZhCdWfH9BoGN5VcU78t29bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b24::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:7f:39:d6:fa:b4:8f:86:5b:38:0b:40:bc:38:4a:48:0c:55:
         cc:97:3b:3c:64:82:05:a9:b4:45:44:60:86:f1:19:3b:74:ea:
         1e:78:c0:34:b6:8f:f3:1a:50:cb:0a:b1:c9:f1:e3:0e:99:31:
         76:a0:68:1a:a3:b4:d8:ec:f8:1f:b0:76:69:3e:7f:11:c4:00:
         c0:0c:83:b2:9f:a4:9f:41:a7:7f:0d:c1:68:62:81:5f:a5:e7:
         e7:16:ca:dd:12:e0:8f:d2:0a:13:17:5f:f3:a7:4c:fc:e5:4b:
         8e:6b:7c:ba:05:47:c9:16:37:a4:48:28:45:05:06:a9:25:18:
         60:e9:fe:e6:c1:78:7f:a0:94:d0:06:f3:68:40:ce:c6:26:d7:
         c4:a5:63:b7:ec:80:fc:fe:e2:53:d4:72:15:fa:45:85:09:d2:
         d2:e8:8d:66:36:80:dc:35:ef:50:93:c7:3e:b6:08:0e:43:ce:
         57:2d:74:2b:75:58:5d:2f:d2:18:bb:c0:17:3b:44:07:59:ea:
         fb:10:e4:bf:3d:ec:a9:fb:6c:e6:f0:a0:0c:09:2c:f0:98:58:
         f6:44:06:c3:9f:84:da:5b:6b:40:e7:fe:95:8a:62:b8:46:41:
         2c:74:71:58:85:d3:13:7a:4f:f0:43:e3:79:5a:6a:f0:b9:64:
         ba:e6:a9:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4ohS1y51Ee6rPcqLHuKi+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNWEwOGZjMzQ2OTBmNTJkYjBjMmI3ZTQ3ZThlNTM4ODMx
NDVhOTgwHhcNMjYwMTAxMDgxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDc4YjU2NjEwOWQ1OWYxZmQwNjgxOGRlNTU3MTRlZmNiNzZmNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JnkLR4G2Q2ORpJ+kFLwwmU4PYDs
hVnzgJnxkfoiNq7RI00W22uQD7M7FG+ZqNqMioqWZe4ttWNgXLNvVPDXMgb30Be4
3nuSM3ljPtHyNWT1n4xdZl0XCYa1oDD0I+rZelc95JToIfD1tQ/oQ6YDUa3rzGfp
bHYNwdpMJsx1f+WReRPOWEXbvBzgI6tn2+HsV6v3jGP1rqU95ftFoeBTHGsEDig0
I/ll5Kl42ttuLI2kYqYQCwA2ASQpl/lEUuTHcgP8MiMNSvqe+nULVcavxUfPJ8sX
P+UqBe2YqN0MRAm/K7jN5sUx046eJTnQeyPZd3Lwc+0BR7M6Zfhdoy9GTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGR4tWYQnVnx/QaBjeVXFO/LdvW5MB8GA1UdIwQY
MBaAFA5aCPw0aQ9S2wwrfkfo5TiDFFqYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGxvSV9EUnBEMUxiREN0LVItamxPSU1VV3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMTc4NDktN2NjZi00ODE1LWJjNjkt
YTc3ZjBiMzIxNDRlLzEvWkhpMVpoQ2RXZkg5Qm9HTjVWY1U3OHQyOWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMTc4NDktN2NjZi00ODE1LWJjNjktYTc3ZjBiMzIxNDRl
LzEvRGxvSV9EUnBEMUxiREN0LVItamxPSU1VV3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAsk
MA0GCSqGSIb3DQEBCwUAA4IBAQC/fznW+rSPhls4C0C8OEpIDFXMlzs8ZIIFqbRF
RGCG8Rk7dOoeeMA0to/zGlDLCrHJ8eMOmTF2oGgao7TY7PgfsHZpPn8RxADADIOy
n6SfQad/DcFoYoFfpefnFsrdEuCP0goTF1/zp0z85UuOa3y6BUfJFjekSChFBQap
JRhg6f7mwXh/oJTQBvNoQM7GJtfEpWO37ID8/uJT1HIV+kWFCdLS6I1mNoDcNe9Q
k8c+tggOQ85XLXQrdVhdL9IYu8AXO0QHWer7EOS/Peyp+2zm8KAMCSzwmFj2RAbD
n4TaW2tA5/6VimK4RkEsdHFYhdMTek/wQ+N5WmrwuWS65qlr
-----END CERTIFICATE-----