This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/9NPHRkfYiZLbitvXWdqmvdRg9Bw.roa
File:                     9NPHRkfYiZLbitvXWdqmvdRg9Bw.roa (raw, json)
Hash identifier:          m+oR/0vItE/UTBoixTdgEHtMhVdXVl9biRTYld0wnz0=
Subject key identifier:   F4:D3:C7:46:47:D8:89:92:DB:8A:DB:D7:59:DA:A6:BD:D4:60:F4:1C
Certificate issuer:       /CN=5c40454a1b176795f021575347794bd9f04427ac
Certificate serial:       019B7D5C5DBA3ABBCB247B3527338BF2ECC3
Authority key identifier: 5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/9NPHRkfYiZLbitvXWdqmvdRg9Bw.roa
Signing time:             Fri 02 Jan 2026 06:19:23 +0000
ROA not before:           Fri 02 Jan 2026 06:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214740
IP address blocks:        2001:67c:ebc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:5d:ba:3a:bb:cb:24:7b:35:27:33:8b:f2:ec:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c40454a1b176795f021575347794bd9f04427ac
        Validity
            Not Before: Jan  2 06:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4d3c74647d88992db8adbd759daa6bdd460f41c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:11:70:e6:5d:87:ea:11:cc:71:d3:a1:cb:90:
                    ee:6b:7f:26:40:be:44:40:5f:78:70:43:4a:99:21:
                    9d:51:3b:58:a6:f2:b7:ec:a2:c0:9b:a3:84:f0:24:
                    ff:ee:36:a5:58:26:d3:47:01:c7:3f:ed:12:3c:9c:
                    fb:b9:4c:22:22:f6:51:f5:3c:c0:5d:37:55:1e:05:
                    81:0d:f3:e7:2b:ed:32:aa:c2:74:86:7b:bb:da:ee:
                    22:14:3b:7d:db:6e:2e:52:9b:22:1c:d6:57:a6:63:
                    40:a1:ab:6f:68:7b:36:17:67:c7:81:e8:bf:c8:9c:
                    aa:a5:b2:bf:4a:12:5f:f2:d4:ab:de:b3:46:93:2a:
                    b4:9d:3b:8b:5a:13:c9:5d:6e:60:2b:c8:e3:52:69:
                    0e:af:cc:2d:fc:eb:22:2f:02:ab:a6:56:65:52:b3:
                    98:e0:bd:76:c0:b4:f2:cc:bf:fa:59:5a:fa:e7:44:
                    dd:eb:9e:c2:8e:0b:be:ab:a9:b6:e4:7d:82:2b:ed:
                    95:8e:ff:ea:cd:24:13:83:4d:8d:a9:bc:bd:43:8b:
                    e5:a3:3d:bd:9a:5a:2e:ae:e1:b2:cc:4b:b6:44:ed:
                    01:63:0c:c6:1d:d2:4a:7a:6c:0d:fb:e7:5f:28:6b:
                    da:15:ba:01:63:c9:d7:ca:10:74:75:d2:e3:4c:4e:
                    1c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D3:C7:46:47:D8:89:92:DB:8A:DB:D7:59:DA:A6:BD:D4:60:F4:1C
            X509v3 Authority Key Identifier:
                keyid:5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/9NPHRkfYiZLbitvXWdqmvdRg9Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:0e:39:72:f2:1b:6f:14:ec:10:e1:48:7f:03:37:11:57:4d:
         1f:0e:32:9e:8b:64:eb:b8:b6:d0:85:47:37:a1:c0:e5:69:f5:
         6f:80:95:54:87:71:b7:39:1d:72:8f:a2:1a:45:68:cf:ac:c8:
         29:30:13:05:b4:4d:7f:ce:aa:c8:77:78:22:a4:eb:f4:c8:3d:
         79:a8:a5:9e:e9:c6:b2:af:92:72:15:b7:ee:69:a6:e9:0c:f8:
         c0:d2:2b:0c:75:cb:ca:d8:0e:8b:e0:53:a5:b6:75:87:d5:33:
         9d:cf:59:7a:bf:df:f5:c6:40:f9:c8:16:16:eb:0e:c5:ac:a6:
         e5:4d:05:10:72:1d:de:1a:86:bb:9a:28:0f:e7:8a:c5:0e:52:
         10:73:88:05:9a:88:e2:13:fe:e1:ce:e6:d8:c2:d0:b9:ee:9a:
         6f:f2:91:d2:5b:34:a9:33:5b:28:1b:d1:9d:79:8e:b1:bd:5a:
         11:4a:e3:4e:ea:6b:8c:97:8a:3d:a7:9a:f5:b9:ca:e0:9e:b4:
         d5:3e:c6:c0:6c:fa:1a:c5:04:d7:91:2d:f0:74:3f:79:05:cd:
         7a:95:dc:86:f7:20:f4:44:52:74:68:82:79:b4:bf:de:d7:16:
         63:b2:74:be:c9:b6:89:10:a3:17:e2:d0:e5:dd:6f:0e:23:26:
         7e:b0:2a:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XF26OrvLJHs1JzOL8uzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNDA0NTRhMWIxNzY3OTVmMDIxNTc1MzQ3Nzk0YmQ5ZjA0
NDI3YWMwHhcNMjYwMTAyMDYxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQzYzc0NjQ3ZDg4OTkyZGI4YWRiZDc1OWRhYTZiZGQ0NjBmNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBFw5l2H6hHMcdOhy5Dua38mQL5E
QF94cENKmSGdUTtYpvK37KLAm6OE8CT/7jalWCbTRwHHP+0SPJz7uUwiIvZR9TzA
XTdVHgWBDfPnK+0yqsJ0hnu72u4iFDt9224uUpsiHNZXpmNAoatvaHs2F2fHgei/
yJyqpbK/ShJf8tSr3rNGkyq0nTuLWhPJXW5gK8jjUmkOr8wt/OsiLwKrplZlUrOY
4L12wLTyzL/6WVr650Td657Cjgu+q6m25H2CK+2Vjv/qzSQTg02Nqby9Q4vloz29
mlouruGyzEu2RO0BYwzGHdJKemwN++dfKGvaFboBY8nXyhB0ddLjTE4cJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPTTx0ZH2ImS24rb11napr3UYPQcMB8GA1UdIwQY
MBaAFFxARUobF2eV8CFXU0d5S9nwRCesMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5Nzgt
Y2EwNDQ4ZTdmM2EzLzEvOU5QSFJrZllpWkxiaXR2WFdkcW12ZFJnOUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5NzgtY2EwNDQ4ZTdmM2Ez
LzEvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA68
MA0GCSqGSIb3DQEBCwUAA4IBAQA8Djly8htvFOwQ4Uh/AzcRV00fDjKei2TruLbQ
hUc3ocDlafVvgJVUh3G3OR1yj6IaRWjPrMgpMBMFtE1/zqrId3gipOv0yD15qKWe
6cayr5JyFbfuaabpDPjA0isMdcvK2A6L4FOltnWH1TOdz1l6v9/1xkD5yBYW6w7F
rKblTQUQch3eGoa7migP54rFDlIQc4gFmojiE/7hzubYwtC57ppv8pHSWzSpM1so
G9GdeY6xvVoRSuNO6muMl4o9p5r1ucrgnrTVPsbAbPoaxQTXkS3wdD95Bc16ldyG
9yD0RFJ0aIJ5tL/e1xZjsnS+ybaJEKMX4tDl3W8OIyZ+sCoc
-----END CERTIFICATE-----