This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/pz1HC_VOEJUCI3dH2K4ZQ_UJwWo.roa
File:                     pz1HC_VOEJUCI3dH2K4ZQ_UJwWo.roa (raw, json)
Hash identifier:          QvUtYuvL9/Bw2kIO5x7N1T6AJswwOWEt+jbyjhfbFDw=
Subject key identifier:   A7:3D:47:0B:F5:4E:10:95:02:23:77:47:D8:AE:19:43:F5:09:C1:6A
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F159F09A7B4BF21BFCBB088B69B8E13
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/pz1HC_VOEJUCI3dH2K4ZQ_UJwWo.roa
Signing time:             Fri 02 Jan 2026 14:21:21 +0000
ROA not before:           Fri 02 Jan 2026 14:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     18680
IP address blocks:        2a02:26f0:880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:9f:09:a7:b4:bf:21:bf:cb:b0:88:b6:9b:8e:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a73d470bf54e109502237747d8ae1943f509c16a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:e0:62:13:8b:c3:81:5d:44:e3:24:87:19:
                    43:95:62:85:7c:29:1a:ce:b4:9a:dd:92:2f:12:c9:
                    39:66:f9:30:22:67:65:8f:a0:43:b7:5b:13:d3:58:
                    b1:6e:66:f7:f3:ac:0a:e7:e1:d3:3d:ea:f4:9a:45:
                    1c:2b:35:95:fa:ed:01:d8:7e:13:89:95:b1:0f:e6:
                    aa:91:bc:03:6e:98:e1:56:f0:7b:b9:3b:a4:8a:f8:
                    d8:07:3f:49:e2:e5:40:de:17:73:e7:b6:b6:77:0a:
                    4c:1b:f3:b9:3e:02:dd:c4:37:0c:fa:09:6b:28:4c:
                    7f:c7:31:a2:03:87:73:e3:42:a8:e3:ba:db:4d:d1:
                    a1:c3:db:4e:f3:9a:60:b6:73:42:81:65:fc:ea:7f:
                    f3:9b:9c:6e:97:6d:e0:d9:7f:c8:8d:83:a1:c0:67:
                    ed:95:1d:f9:91:15:83:45:06:b4:87:58:9c:4b:ac:
                    5f:44:83:dc:33:36:95:54:d6:a3:6c:09:cf:8c:ec:
                    81:88:30:f1:4b:15:fc:46:a5:34:52:0c:62:0c:c2:
                    10:1e:3c:f5:f2:0f:21:18:14:31:b5:8e:e5:39:c6:
                    5f:54:0a:ce:90:cf:09:cd:0c:ba:7e:a7:26:28:0b:
                    5f:5b:ba:d5:d1:ca:74:bc:d1:54:01:31:2f:19:bf:
                    24:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3D:47:0B:F5:4E:10:95:02:23:77:47:D8:AE:19:43:F5:09:C1:6A
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/pz1HC_VOEJUCI3dH2K4ZQ_UJwWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:26f0:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:b3:8e:36:9d:c3:c4:a1:85:96:32:a8:b6:4c:5e:83:69:09:
         4f:b1:3d:70:a9:82:7d:04:05:93:0d:e0:22:88:bb:e5:bc:a1:
         5b:ec:17:58:d6:a0:a8:21:01:fc:cf:e6:6f:6a:0c:cd:37:32:
         5d:66:0f:79:5b:a1:a2:57:e8:88:8b:2b:54:85:57:12:39:cf:
         41:33:e5:63:24:43:13:73:dc:b1:ea:ee:a4:37:2c:ef:6e:63:
         03:a5:55:aa:4f:80:6b:24:f4:77:1d:a6:db:ee:23:ac:8a:6b:
         a8:db:83:77:02:dd:b2:89:97:53:02:86:cf:34:51:ad:40:65:
         bf:ac:66:cf:50:0e:54:fc:2f:e7:b7:a6:35:74:67:64:86:08:
         62:9a:f2:64:1b:ef:0d:9f:55:14:a7:b0:29:97:3e:23:15:42:
         fb:c8:83:a5:76:26:e4:a2:68:e1:fe:45:2e:fd:85:f3:bb:46:
         20:0c:92:2e:d6:ce:e5:ed:98:02:d5:35:9b:22:06:54:b6:39:
         94:e6:ec:5b:d4:82:25:61:9d:94:1e:d8:d3:1f:51:74:9c:4b:
         53:9e:41:51:9b:40:25:46:49:7d:0b:1a:57:c6:94:15:fe:d4:
         67:94:57:67:1e:88:b7:03:50:2c:71:5f:60:d4:64:a6:61:d1:
         c1:7a:f5:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FZ8Jp7S/Ib/LsIi2m44TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNkNDcwYmY1NGUxMDk1MDIyMzc3NDdkOGFlMTk0M2Y1MDljMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyPgYhOLw4FdROMkhxlDlWKFfCka
zrSa3ZIvEsk5ZvkwImdlj6BDt1sT01ixbmb386wK5+HTPer0mkUcKzWV+u0B2H4T
iZWxD+aqkbwDbpjhVvB7uTukivjYBz9J4uVA3hdz57a2dwpMG/O5PgLdxDcM+glr
KEx/xzGiA4dz40Ko47rbTdGhw9tO85pgtnNCgWX86n/zm5xul23g2X/IjYOhwGft
lR35kRWDRQa0h1icS6xfRIPcMzaVVNajbAnPjOyBiDDxSxX8RqU0UgxiDMIQHjz1
8g8hGBQxtY7lOcZfVArOkM8JzQy6fqcmKAtfW7rV0cp0vNFUATEvGb8kDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKc9Rwv1ThCVAiN3R9iuGUP1CcFqMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvcHoxSENfVk9FSlVDSTNkSDJLNFpRX1VKd1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIm8AiA
MA0GCSqGSIb3DQEBCwUAA4IBAQCEs442ncPEoYWWMqi2TF6DaQlPsT1wqYJ9BAWT
DeAiiLvlvKFb7BdY1qCoIQH8z+ZvagzNNzJdZg95W6GiV+iIiytUhVcSOc9BM+Vj
JEMTc9yx6u6kNyzvbmMDpVWqT4BrJPR3Habb7iOsimuo24N3At2yiZdTAobPNFGt
QGW/rGbPUA5U/C/nt6Y1dGdkhghimvJkG+8Nn1UUp7Aplz4jFUL7yIOldibkomjh
/kUu/YXzu0YgDJIu1s7l7ZgC1TWbIgZUtjmU5uxb1IIlYZ2UHtjTH1F0nEtTnkFR
m0AlRkl9CxpXxpQV/tRnlFdnHoi3A1AscV9g1GSmYdHBevV8
-----END CERTIFICATE-----