This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IlGrLcuUyrQZX9ThH_HhEOgAqUw.roa
File:                     IlGrLcuUyrQZX9ThH_HhEOgAqUw.roa (raw, json)
Hash identifier:          NHNzp9+PyAQyp2YHYUT8TnniMtpbmpPwb+c0GmFGzdA=
Subject key identifier:   22:51:AB:2D:CB:94:CA:B4:19:5F:D4:E1:1F:F1:E1:10:E8:00:A9:4C
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C69D5933F0877FF120A6184436B8F5
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IlGrLcuUyrQZX9ThH_HhEOgAqUw.roa
Signing time:             Thu 01 Jan 2026 04:17:43 +0000
ROA not before:           Thu 01 Jan 2026 04:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49183
IP address blocks:        2001:146b::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9d:59:33:f0:87:7f:f1:20:a6:18:44:36:b8:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2251ab2dcb94cab4195fd4e11ff1e110e800a94c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:62:70:8c:e0:79:8c:b7:be:d7:e7:52:49:c5:
                    28:ae:6f:2d:bf:0a:79:69:90:be:44:01:df:14:a7:
                    3e:09:fc:14:85:0d:7b:6f:b1:1c:4b:f6:d1:b7:40:
                    6d:61:ce:88:68:55:8b:f4:b3:5a:6a:50:b9:d6:b1:
                    58:08:89:fc:99:2d:8e:e2:04:2f:d8:a3:b9:54:f4:
                    b9:eb:03:07:c0:6f:8e:7f:f5:be:06:41:86:c9:07:
                    02:ad:a8:03:78:07:fc:57:87:a3:72:78:8d:43:68:
                    2e:47:d9:76:bf:8b:cc:ca:73:31:30:27:fe:7a:4d:
                    e8:f1:17:d8:df:06:c8:7c:e1:1d:40:e2:7e:f8:0b:
                    00:52:20:ae:42:40:fb:c1:dc:ff:ee:f3:2b:ba:6c:
                    fc:8b:b0:eb:2f:bc:37:ac:b5:62:52:37:68:d7:f2:
                    08:18:b5:82:83:ef:3a:77:f0:ee:b6:fe:11:07:0f:
                    a9:b6:40:68:85:4e:f2:c5:72:c8:cc:74:de:6e:e5:
                    22:71:02:bc:f0:2c:8c:0b:de:ac:3a:b5:61:67:bb:
                    1d:59:95:02:83:61:4f:97:7d:03:b1:16:e5:1e:d6:
                    eb:98:7f:40:74:5a:3a:f7:c3:56:17:c5:c9:fb:f7:
                    0e:9e:f6:bf:c7:3d:a0:ac:a6:9b:db:60:e2:b2:a2:
                    fc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:51:AB:2D:CB:94:CA:B4:19:5F:D4:E1:1F:F1:E1:10:E8:00:A9:4C
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IlGrLcuUyrQZX9ThH_HhEOgAqUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:146b::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:79:02:af:4c:a0:fb:58:8b:79:e5:f0:c3:be:bb:70:5b:74:
         0b:a8:a0:e3:3e:79:f5:dd:64:c9:4a:00:ea:b2:48:54:99:3b:
         49:76:9a:39:00:9e:94:f2:79:1b:3c:67:2b:06:a3:48:60:fc:
         e6:38:15:ab:3f:41:e4:a3:5c:27:41:4d:38:25:e1:31:ba:38:
         34:2d:69:92:d2:b6:e9:e8:cb:3b:ea:f5:a7:fa:20:56:dc:59:
         dc:a3:56:05:94:5a:a8:40:b1:58:6c:61:71:d2:af:23:2d:ac:
         71:cc:6c:0c:1d:0f:ee:3f:cd:e1:83:f3:7b:37:a0:1b:8f:3b:
         04:8c:32:ed:08:cd:2a:f5:c8:1f:48:73:42:dc:0d:f6:eb:1e:
         72:de:f8:49:b0:2c:57:c0:61:51:43:67:1b:39:c1:9b:b7:24:
         17:a4:93:75:29:04:4e:2c:6f:0d:66:c7:b7:aa:96:d8:dd:fb:
         ed:76:fb:75:94:ca:f9:b2:ff:54:b5:3c:bf:e0:1f:07:de:76:
         5d:1e:4d:79:7f:18:29:4d:14:62:e9:d2:4e:c3:11:35:c8:28:
         fc:0c:c9:86:fe:cd:81:57:25:26:da:36:38:d0:7c:31:40:1d:
         b1:c5:32:dc:9c:dc:91:d6:f0:9b:bc:43:2e:b6:8e:76:36:00:
         d8:93:8c:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3xp1ZM/CHf/EgphhENrj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUxYWIyZGNiOTRjYWI0MTk1ZmQ0ZTExZmYxZTExMGU4MDBhOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWJwjOB5jLe+1+dSScUorm8tvwp5
aZC+RAHfFKc+CfwUhQ17b7EcS/bRt0BtYc6IaFWL9LNaalC51rFYCIn8mS2O4gQv
2KO5VPS56wMHwG+Of/W+BkGGyQcCragDeAf8V4ejcniNQ2guR9l2v4vMynMxMCf+
ek3o8RfY3wbIfOEdQOJ++AsAUiCuQkD7wdz/7vMrumz8i7DrL7w3rLViUjdo1/II
GLWCg+86d/Dutv4RBw+ptkBohU7yxXLIzHTebuUicQK88CyMC96sOrVhZ7sdWZUC
g2FPl30DsRblHtbrmH9AdFo698NWF8XJ+/cOnva/xz2grKab22DisqL85QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCJRqy3LlMq0GV/U4R/x4RDoAKlMMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSWxHckxjdVV5clFaWDlUaEhfSGhFT2dBcVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAEUazAN
BgkqhkiG9w0BAQsFAAOCAQEAYXkCr0yg+1iLeeXww767cFt0C6ig4z559d1kyUoA
6rJIVJk7SXaaOQCelPJ5GzxnKwajSGD85jgVqz9B5KNcJ0FNOCXhMbo4NC1pktK2
6ejLO+r1p/ogVtxZ3KNWBZRaqECxWGxhcdKvIy2sccxsDB0P7j/N4YPzezegG487
BIwy7QjNKvXIH0hzQtwN9usect74SbAsV8BhUUNnGznBm7ckF6STdSkETixvDWbH
t6qW2N377Xb7dZTK+bL/VLU8v+AfB952XR5NeX8YKU0UYunSTsMRNcgo/AzJhv7N
gVclJto2ONB8MUAdscUy3Jzckdbwm7xDLraOdjYA2JOMJQ==
-----END CERTIFICATE-----