This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/NjXGtVGcYaBS-a1k783yOTlGZag.roa
File:                     NjXGtVGcYaBS-a1k783yOTlGZag.roa (raw, json)
Hash identifier:          41pN/rDz8lOqFwZamz7ZBrU+Px3gkJBdpxSYU5TFNn8=
Subject key identifier:   36:35:C6:B5:51:9C:61:A0:52:F9:AD:64:EF:CD:F2:39:39:46:65:A8
Certificate issuer:       /CN=16a321215a4d35ed2298b073971db408864fd362
Certificate serial:       019B79ED428CB27844AA9CF612D5AF3F6F15
Authority key identifier: 16:A3:21:21:5A:4D:35:ED:22:98:B0:73:97:1D:B4:08:86:4F:D3:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FqMhIVpNNe0imLBzlx20CIZP02I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/NjXGtVGcYaBS-a1k783yOTlGZag.roa
Signing time:             Thu 01 Jan 2026 14:19:10 +0000
ROA not before:           Thu 01 Jan 2026 14:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212704
IP address blocks:        2001:678:4d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/FqMhIVpNNe0imLBzlx20CIZP02I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/FqMhIVpNNe0imLBzlx20CIZP02I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FqMhIVpNNe0imLBzlx20CIZP02I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:42:8c:b2:78:44:aa:9c:f6:12:d5:af:3f:6f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16a321215a4d35ed2298b073971db408864fd362
        Validity
            Not Before: Jan  1 14:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3635c6b5519c61a052f9ad64efcdf239394665a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:62:87:e8:c2:ba:8c:f8:62:28:fa:64:c5:3a:
                    0f:83:47:5d:13:a1:f2:7a:d5:c9:c7:e4:48:68:68:
                    a6:ee:f1:fa:e0:d5:79:99:3f:b0:13:0e:f2:d0:d7:
                    63:60:45:a4:96:0e:fe:58:f7:f6:0e:d6:3c:3d:12:
                    92:dd:f5:62:36:6a:4c:ec:ed:5d:4e:1a:2b:d3:da:
                    6b:c8:2f:5a:7f:40:87:be:22:41:95:d4:02:26:d6:
                    fe:9e:9b:68:ef:46:eb:b6:70:59:ac:f7:b6:5e:26:
                    c8:68:72:ad:8f:d3:4e:1d:61:fa:f1:9c:7c:fb:be:
                    ac:18:7b:40:c6:c8:c3:3d:9a:6f:2a:80:42:ff:f5:
                    02:0b:b3:8d:f3:67:f5:0e:7f:85:38:92:2e:6e:8e:
                    64:48:86:13:e6:b8:b0:4f:39:03:8e:07:09:82:2f:
                    1b:59:52:6b:81:c6:ed:ca:58:0d:e1:d6:28:fb:65:
                    95:91:e0:32:b0:8f:99:8b:e2:db:eb:90:f6:00:39:
                    26:7b:a3:f5:fe:bc:fb:d3:64:81:77:74:ce:12:db:
                    6c:ff:55:fe:72:7f:d6:88:25:97:fd:dc:43:be:58:
                    14:a1:91:a0:d8:e2:a4:c0:5c:d6:44:13:e1:df:02:
                    58:ed:07:04:3b:d8:dc:58:26:b3:13:09:8c:01:c0:
                    5c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:35:C6:B5:51:9C:61:A0:52:F9:AD:64:EF:CD:F2:39:39:46:65:A8
            X509v3 Authority Key Identifier:
                keyid:16:A3:21:21:5A:4D:35:ED:22:98:B0:73:97:1D:B4:08:86:4F:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FqMhIVpNNe0imLBzlx20CIZP02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/NjXGtVGcYaBS-a1k783yOTlGZag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/9ca8b2-5ec8-4d2a-b994-c4c94b88071b/1/FqMhIVpNNe0imLBzlx20CIZP02I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:d5:3f:de:6b:b1:f8:a7:b6:b6:ca:2a:a5:da:5d:37:b0:e0:
         69:75:ef:13:67:59:2e:47:21:f7:ee:66:36:40:1e:78:dd:3b:
         30:14:d8:c2:2f:0a:88:d5:4b:5c:04:77:dc:38:36:9f:6b:6a:
         f9:0c:ee:d5:dc:52:df:a2:02:3a:32:ca:c0:1c:8c:ed:6e:bf:
         5d:49:45:b3:97:09:09:31:d8:c3:f3:1e:62:06:41:c7:38:7b:
         60:8c:18:3e:2c:db:c8:bf:db:be:77:46:ed:ee:b7:87:a4:4b:
         e1:5f:70:f8:79:c5:eb:20:c6:1b:2a:33:86:e6:2d:69:17:ba:
         30:cb:b8:89:df:6c:eb:d5:9b:82:d9:c6:df:38:ce:02:a1:ac:
         86:3f:ba:dc:a1:5e:d1:ac:e1:cd:0a:38:df:b1:6b:5a:a4:69:
         eb:f3:79:c3:f8:15:7f:6a:e1:72:01:4b:42:40:45:63:d6:7c:
         11:c5:5f:c7:14:70:ae:53:cc:62:88:5c:a6:82:20:43:79:31:
         80:b6:e8:16:4d:95:40:13:9a:55:50:78:ae:1b:4e:4c:11:9e:
         4b:b8:43:09:45:cc:84:eb:f3:0b:26:a0:72:65:ef:1d:dc:c6:
         44:63:c5:a6:af:6c:01:cc:c3:6c:e4:86:14:7f:2e:df:c6:97:
         ba:80:54:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57UKMsnhEqpz2EtWvP28VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YTMyMTIxNWE0ZDM1ZWQyMjk4YjA3Mzk3MWRiNDA4ODY0
ZmQzNjIwHhcNMjYwMTAxMTQxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM1YzZiNTUxOWM2MWEwNTJmOWFkNjRlZmNkZjIzOTM5NDY2NWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGKH6MK6jPhiKPpkxToPg0ddE6Hy
etXJx+RIaGim7vH64NV5mT+wEw7y0NdjYEWklg7+WPf2DtY8PRKS3fViNmpM7O1d
Thor09pryC9af0CHviJBldQCJtb+npto70brtnBZrPe2XibIaHKtj9NOHWH68Zx8
+76sGHtAxsjDPZpvKoBC//UCC7ON82f1Dn+FOJIubo5kSIYT5riwTzkDjgcJgi8b
WVJrgcbtylgN4dYo+2WVkeAysI+Zi+Lb65D2ADkme6P1/rz702SBd3TOEtts/1X+
cn/WiCWX/dxDvlgUoZGg2OKkwFzWRBPh3wJY7QcEO9jcWCazEwmMAcBcUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDY1xrVRnGGgUvmtZO/N8jk5RmWoMB8GA1UdIwQY
MBaAFBajISFaTTXtIpiwc5cdtAiGT9NiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnFNaElWcE5OZTBpbUxCemx4MjBDSVpQMDJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi85Y2E4YjItNWVjOC00ZDJhLWI5OTQt
YzRjOTRiODgwNzFiLzEvTmpYR3RWR2NZYUJTLWExazc4M3lPVGxHWmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi85Y2E4YjItNWVjOC00ZDJhLWI5OTQtYzRjOTRiODgwNzFi
LzEvRnFNaElWcE5OZTBpbUxCemx4MjBDSVpQMDJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeATY
MA0GCSqGSIb3DQEBCwUAA4IBAQAi1T/ea7H4p7a2yiql2l03sOBpde8TZ1kuRyH3
7mY2QB543TswFNjCLwqI1UtcBHfcODafa2r5DO7V3FLfogI6MsrAHIztbr9dSUWz
lwkJMdjD8x5iBkHHOHtgjBg+LNvIv9u+d0bt7reHpEvhX3D4ecXrIMYbKjOG5i1p
F7owy7iJ32zr1ZuC2cbfOM4CoayGP7rcoV7RrOHNCjjfsWtapGnr83nD+BV/auFy
AUtCQEVj1nwRxV/HFHCuU8xiiFymgiBDeTGAtugWTZVAE5pVUHiuG05MEZ5LuEMJ
RcyE6/MLJqByZe8d3MZEY8Wmr2wBzMNs5IYUfy7fxpe6gFRl
-----END CERTIFICATE-----