This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/V2xIm0MXuFbznin5m4AbMt91R94.roa
File:                     V2xIm0MXuFbznin5m4AbMt91R94.roa (raw, json)
Hash identifier:          MPiaxxk7o8f5I+HVf8eWEZiYR8UOsfetA4mv9WmhsH8=
Subject key identifier:   57:6C:48:9B:43:17:B8:56:F3:9E:29:F9:9B:80:1B:32:DF:75:47:DE
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       019B79ECB3EF0987D65821D0DBD90C023696
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/V2xIm0MXuFbznin5m4AbMt91R94.roa
Signing time:             Thu 01 Jan 2026 14:18:34 +0000
ROA not before:           Thu 01 Jan 2026 14:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:678:2cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 17:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:b3:ef:09:87:d6:58:21:d0:db:d9:0c:02:36:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  1 14:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=576c489b4317b856f39e29f99b801b32df7547de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:aa:f1:f0:55:49:0c:32:0a:d3:36:12:32:7c:
                    ce:e0:5a:8b:10:4e:70:f6:27:d1:ca:48:d1:1f:02:
                    2b:3d:5d:9f:d7:33:5b:7e:2e:62:a8:11:92:39:21:
                    d3:65:8e:aa:d2:7f:78:13:a5:b1:7f:b1:c6:77:57:
                    6c:58:76:3d:b3:04:35:8d:a3:d9:a9:fc:64:b8:5f:
                    b5:17:c5:4d:19:04:96:80:00:be:5f:30:50:74:df:
                    fc:6f:bf:db:08:f5:a0:24:70:21:11:f0:38:ed:d6:
                    04:61:90:15:b4:10:39:79:ff:8a:f6:00:3c:02:af:
                    6d:fa:a5:0e:ae:80:11:33:20:bf:7d:17:8c:0c:0c:
                    f2:da:2b:9d:6e:54:4c:f3:7c:6f:9e:1d:31:79:49:
                    ba:97:3a:6b:1f:a6:f1:e3:fc:28:c3:d6:28:87:8d:
                    19:8e:d1:6f:9c:8a:7a:b6:53:52:14:18:ba:35:ad:
                    40:6a:90:6f:ac:33:75:9e:23:76:8a:36:ec:cc:f6:
                    68:8c:fd:fd:e7:88:8a:1f:95:17:d2:aa:bb:f5:08:
                    6b:2d:6f:cb:f5:6b:93:ca:e4:2c:ab:1a:d8:9a:e4:
                    a7:20:f1:4c:1c:6a:46:8c:ad:e4:d5:ab:9b:05:a0:
                    55:9c:bf:0b:27:6a:f3:25:1a:38:e4:52:48:ff:0c:
                    eb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:6C:48:9B:43:17:B8:56:F3:9E:29:F9:9B:80:1B:32:DF:75:47:DE
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/V2xIm0MXuFbznin5m4AbMt91R94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:c3:a2:f9:49:14:79:61:e2:19:5e:97:7c:43:a5:8e:06:52:
         b4:ae:b5:75:2b:59:50:fe:d7:aa:42:2f:88:a8:aa:00:7c:40:
         5a:a5:ec:96:00:00:a0:09:19:59:11:2c:ff:68:80:8e:1c:4a:
         0a:50:e1:72:94:36:49:5f:dd:3d:15:a3:d3:a1:93:17:92:8a:
         83:9b:21:a0:0b:5d:aa:e0:d7:2b:d1:8b:f8:c6:ac:44:51:9b:
         7e:5a:72:a8:91:e1:aa:8d:ae:06:2a:af:be:40:33:f3:ce:60:
         f2:21:df:b2:e8:37:40:43:be:d4:d5:93:c8:a3:33:6e:62:8d:
         1f:d0:29:3e:b0:0d:a0:67:ab:da:a8:e8:b5:48:15:80:8a:df:
         8f:f1:08:bc:fe:1a:1a:eb:4e:75:1e:9f:72:e0:8d:e7:e3:86:
         44:d1:e9:ce:fb:5c:cb:53:71:12:f0:5c:10:f2:2d:10:4a:fd:
         ab:30:d5:69:5e:4e:52:ff:6b:8e:86:44:75:11:e4:28:4f:c7:
         dc:64:9d:97:74:a4:2a:c2:af:e3:ac:7d:2c:7c:6a:30:23:c1:
         54:df:96:5e:1b:91:24:f1:6a:8a:37:c0:94:3f:70:b8:5b:d5:
         31:1a:e5:65:30:2c:28:2e:9a:f1:d9:a9:f7:8e:a3:94:51:9f:
         e7:27:51:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57LPvCYfWWCHQ29kMAjaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjYwMTAxMTQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzZjNDg5YjQzMTdiODU2ZjM5ZTI5Zjk5YjgwMWIzMmRmNzU0N2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6rx8FVJDDIK0zYSMnzO4FqLEE5w
9ifRykjRHwIrPV2f1zNbfi5iqBGSOSHTZY6q0n94E6Wxf7HGd1dsWHY9swQ1jaPZ
qfxkuF+1F8VNGQSWgAC+XzBQdN/8b7/bCPWgJHAhEfA47dYEYZAVtBA5ef+K9gA8
Aq9t+qUOroARMyC/fReMDAzy2iudblRM83xvnh0xeUm6lzprH6bx4/wow9Yoh40Z
jtFvnIp6tlNSFBi6Na1AapBvrDN1niN2ijbszPZojP3954iKH5UX0qq79QhrLW/L
9WuTyuQsqxrYmuSnIPFMHGpGjK3k1aubBaBVnL8LJ2rzJRo45FJI/wzrOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFdsSJtDF7hW854p+ZuAGzLfdUfeMB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvVjJ4SW0wTVh1RmJ6bmluNW00QWJNdDkxUjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQAkw6L5SRR5YeIZXpd8Q6WOBlK0rrV1K1lQ/teq
Qi+IqKoAfEBapeyWAACgCRlZESz/aICOHEoKUOFylDZJX909FaPToZMXkoqDmyGg
C12q4Ncr0Yv4xqxEUZt+WnKokeGqja4GKq++QDPzzmDyId+y6DdAQ77U1ZPIozNu
Yo0f0Ck+sA2gZ6vaqOi1SBWAit+P8Qi8/hoa6051Hp9y4I3n44ZE0enO+1zLU3ES
8FwQ8i0QSv2rMNVpXk5S/2uOhkR1EeQoT8fcZJ2XdKQqwq/jrH0sfGowI8FU35Ze
G5Ek8WqKN8CUP3C4W9UxGuVlMCwoLprx2an3jqOUUZ/nJ1Gi
-----END CERTIFICATE-----