This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/ZmDWBkTRxBEt7eOvAGxI4ejJXRI.roa
File:                     ZmDWBkTRxBEt7eOvAGxI4ejJXRI.roa (raw, json)
Hash identifier:          4M3edEvw4um6hyXUTM5nV4KdfiUrbAeRuOpOMqVgH7w=
Subject key identifier:   66:60:D6:06:44:D1:C4:11:2D:ED:E3:AF:00:6C:48:E1:E8:C9:5D:12
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       019B79ECDB92E1C5341A353AA325AA0A3F16
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/ZmDWBkTRxBEt7eOvAGxI4ejJXRI.roa
Signing time:             Thu 01 Jan 2026 14:18:44 +0000
ROA not before:           Thu 01 Jan 2026 14:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:27c0:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:db:92:e1:c5:34:1a:35:3a:a3:25:aa:0a:3f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  1 14:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6660d60644d1c4112dede3af006c48e1e8c95d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:57:12:5b:c6:db:cf:62:71:78:fd:86:22:66:
                    9a:9b:ad:0f:40:2e:28:52:12:b5:13:9c:64:1a:a6:
                    e3:95:0f:54:eb:2f:7b:9b:4c:dd:13:16:99:ef:18:
                    2a:7a:d2:c3:c3:2f:01:39:3b:8b:6b:79:e6:71:84:
                    6f:53:ee:d6:7d:51:1d:fc:1b:03:90:37:5c:8c:05:
                    c5:dd:6d:3c:66:44:1c:84:b8:0a:b8:a5:08:e5:5d:
                    17:eb:64:5e:68:b7:ba:40:ea:2a:93:2e:92:9f:15:
                    b9:c1:f7:75:21:3d:de:90:b7:5e:cc:b6:14:d1:da:
                    0a:7c:67:50:8f:f1:71:cf:7c:25:56:b9:ed:c7:92:
                    81:c1:22:82:31:3c:49:5a:c0:84:7f:b7:05:8f:2b:
                    77:1e:7e:81:a0:ca:0f:06:90:ce:0e:f3:29:47:0f:
                    49:8a:64:a9:47:b6:b6:ba:48:48:3f:ef:b1:4b:7e:
                    04:e1:e1:e8:39:ef:3e:2a:bb:cb:fb:48:31:44:9e:
                    39:7d:95:c2:2e:8b:c7:3e:c1:cd:89:1a:62:e6:81:
                    b2:50:e7:05:02:1d:99:11:f4:6b:4c:a4:cb:1a:f3:
                    ee:39:11:9d:79:a2:9b:ed:6a:54:7f:63:b1:11:4e:
                    4f:15:3a:a4:d0:7d:d6:5e:96:d3:59:72:43:75:70:
                    68:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:60:D6:06:44:D1:C4:11:2D:ED:E3:AF:00:6C:48:E1:E8:C9:5D:12
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/ZmDWBkTRxBEt7eOvAGxI4ejJXRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:27c0:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         ab:fd:96:0d:92:6e:8e:df:63:bb:75:fa:45:67:58:1f:4d:f5:
         9b:0f:f2:d2:5d:8d:df:6e:8d:7c:69:00:87:29:4e:b2:9d:88:
         df:fa:f9:10:7e:5d:80:b5:66:a2:b4:ac:c7:54:96:68:54:ce:
         2b:c3:84:32:c5:54:fc:b8:e5:51:e6:78:55:12:d0:62:e6:cf:
         03:cd:82:b1:da:ad:7e:9a:18:5f:78:43:47:80:06:14:20:c9:
         e3:5a:ec:97:39:06:fa:9c:09:66:d0:e7:a3:4e:56:7d:5a:f2:
         f8:1d:d0:47:66:2e:97:54:1c:8b:4d:fe:25:a1:7f:28:3b:89:
         0e:b5:91:6c:5f:7b:60:c9:ec:70:34:bb:85:61:fb:f1:59:d9:
         8b:4d:a4:a1:7c:40:58:b5:cb:c9:5a:d6:19:2d:97:40:ba:da:
         79:d7:69:a9:d6:88:0d:59:4c:b2:fe:19:f3:cd:46:85:46:d3:
         a8:41:66:ab:15:41:28:90:52:b5:9e:7f:5d:fc:f2:6b:9a:07:
         a6:46:5e:1a:b3:42:93:5c:a4:b4:7d:b8:39:8a:63:d2:38:6b:
         54:67:94:e6:1d:56:d4:53:ae:85:62:a7:21:72:5c:a8:62:5a:
         ae:33:ad:a4:1f:f2:6e:81:52:2c:c1:08:2f:a2:d3:48:c5:96:
         cb:96:87:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57NuS4cU0GjU6oyWqCj8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjYwMTAxMTQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjYwZDYwNjQ0ZDFjNDExMmRlZGUzYWYwMDZjNDhlMWU4Yzk1ZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1cSW8bbz2JxeP2GImaam60PQC4o
UhK1E5xkGqbjlQ9U6y97m0zdExaZ7xgqetLDwy8BOTuLa3nmcYRvU+7WfVEd/BsD
kDdcjAXF3W08ZkQchLgKuKUI5V0X62ReaLe6QOoqky6SnxW5wfd1IT3ekLdezLYU
0doKfGdQj/Fxz3wlVrntx5KBwSKCMTxJWsCEf7cFjyt3Hn6BoMoPBpDODvMpRw9J
imSpR7a2ukhIP++xS34E4eHoOe8+KrvL+0gxRJ45fZXCLovHPsHNiRpi5oGyUOcF
Ah2ZEfRrTKTLGvPuORGdeaKb7WpUf2OxEU5PFTqk0H3WXpbTWXJDdXBo8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZg1gZE0cQRLe3jrwBsSOHoyV0SMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvWm1EV0JrVFJ4QkV0N2VPdkFHeEk0ZWpKWFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMnwAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCr/ZYNkm6O32O7dfpFZ1gfTfWbD/LSXY3fbo18
aQCHKU6ynYjf+vkQfl2AtWaitKzHVJZoVM4rw4QyxVT8uOVR5nhVEtBi5s8DzYKx
2q1+mhhfeENHgAYUIMnjWuyXOQb6nAlm0OejTlZ9WvL4HdBHZi6XVByLTf4loX8o
O4kOtZFsX3tgyexwNLuFYfvxWdmLTaShfEBYtcvJWtYZLZdAutp512mp1ogNWUyy
/hnzzUaFRtOoQWarFUEokFK1nn9d/PJrmgemRl4as0KTXKS0fbg5imPSOGtUZ5Tm
HVbUU66FYqchclyoYlquM62kH/JugVIswQgvotNIxZbLlodJ
-----END CERTIFICATE-----