This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/XGXdZuWArU8DUaMKbDMpc7L7WG4.roa
File:                     XGXdZuWArU8DUaMKbDMpc7L7WG4.roa (raw, json)
Hash identifier:          b1uv3hiq3QuqB6rWvknFaAIJIJ6UZQWlgoHNYzcvoDA=
Subject key identifier:   5C:65:DD:66:E5:80:AD:4F:03:51:A3:0A:6C:33:29:73:B2:FB:58:6E
Certificate issuer:       /CN=da73a39a0e045ddfaef502f1fd91c6cc16509459
Certificate serial:       019B7C1242C4D2EBCA920BEA8AE61129EFF1
Authority key identifier: DA:73:A3:9A:0E:04:5D:DF:AE:F5:02:F1:FD:91:C6:CC:16:50:94:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/XGXdZuWArU8DUaMKbDMpc7L7WG4.roa
Signing time:             Fri 02 Jan 2026 00:18:50 +0000
ROA not before:           Fri 02 Jan 2026 00:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8605
IP address blocks:        2001:67c:2198::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:42:c4:d2:eb:ca:92:0b:ea:8a:e6:11:29:ef:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da73a39a0e045ddfaef502f1fd91c6cc16509459
        Validity
            Not Before: Jan  2 00:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c65dd66e580ad4f0351a30a6c332973b2fb586e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:13:be:84:1b:f9:a6:85:3c:fb:05:c1:dc:
                    88:03:45:a3:35:4a:bd:b3:8c:83:ca:6a:99:fb:2c:
                    04:1c:e5:3c:6f:d9:a1:f3:ce:33:5f:ee:a6:c4:a9:
                    06:ad:43:3e:01:08:25:e0:52:1a:1b:ed:a9:7e:7e:
                    7f:47:1c:f1:df:ad:1c:7a:e5:ed:06:ee:e3:b8:1a:
                    12:d6:e1:ce:14:0b:1c:b5:a8:f3:6b:6f:24:e1:83:
                    5b:95:2d:1f:e9:34:c4:d9:c5:d1:6f:e9:65:dc:97:
                    0e:fc:3c:12:89:62:77:ee:9b:0f:f8:89:45:cb:8b:
                    9e:0a:46:7d:5d:e6:b7:7d:d8:c9:b7:de:c4:bd:2c:
                    7d:d6:38:7e:1c:1f:97:46:9c:99:d3:73:b8:5a:29:
                    a1:77:7d:ae:3f:8b:0e:d5:9b:f0:40:f0:70:59:b1:
                    1d:c4:11:e8:c0:d2:dd:76:ac:f3:64:66:a8:1c:57:
                    65:4b:22:6f:e3:a8:a9:3e:1d:04:d8:ac:eb:7f:69:
                    ee:ae:86:e6:d1:8a:14:0c:72:9c:82:e0:be:79:80:
                    5e:ca:de:d1:56:3a:53:d5:81:b9:88:b5:5d:bb:13:
                    a6:b6:92:b7:4e:fd:c7:21:d8:b1:45:d8:1e:83:ab:
                    bc:47:08:1a:02:4d:20:4e:e4:90:42:c8:d3:5e:6a:
                    53:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:65:DD:66:E5:80:AD:4F:03:51:A3:0A:6C:33:29:73:B2:FB:58:6E
            X509v3 Authority Key Identifier:
                keyid:DA:73:A3:9A:0E:04:5D:DF:AE:F5:02:F1:FD:91:C6:CC:16:50:94:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/XGXdZuWArU8DUaMKbDMpc7L7WG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/1737fc-b221-4ff0-bfa7-5d674caddd6f/1/2nOjmg4EXd-u9QLx_ZHGzBZQlFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2198::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:cb:66:05:39:85:98:96:73:f9:12:a4:85:44:f5:0a:30:3d:
         39:ab:1f:70:02:89:af:84:b6:26:5c:39:12:b4:28:55:cc:69:
         f9:69:20:bb:45:48:91:d1:d7:57:64:ab:fb:e8:c9:05:39:cf:
         1f:eb:c1:26:0e:ab:d6:11:bf:b0:5a:47:93:cf:05:e0:b3:e3:
         90:e0:65:99:db:30:20:48:72:88:45:6d:db:e2:05:31:4c:f9:
         3b:06:27:52:bc:77:5c:fb:42:db:95:83:e3:d1:e7:04:5c:4a:
         12:5d:bf:fc:5c:07:4d:d6:10:6d:5d:81:11:b6:6d:57:8d:d9:
         a8:72:80:67:8e:9e:0b:07:0e:e7:1d:70:48:ab:24:94:d4:8c:
         9b:73:47:65:23:f7:e7:36:e7:0d:59:41:87:d1:9b:0f:1f:99:
         4e:1d:f5:9a:f6:14:dc:5d:33:a4:e5:14:da:71:a9:e6:b3:00:
         e2:42:38:c8:06:20:42:05:dc:b6:4a:02:63:40:fa:05:c9:04:
         35:92:1e:c8:7e:87:24:eb:1e:12:40:22:4b:38:6c:c6:d8:72:
         2a:a6:ab:7e:b9:3a:cc:25:ed:4a:92:63:68:c3:95:52:28:6f:
         d2:87:ac:51:bc:50:7c:20:2f:ed:66:47:00:a4:74:78:44:72:
         30:a3:96:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EkLE0uvKkgvqiuYRKe/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzNhMzlhMGUwNDVkZGZhZWY1MDJmMWZkOTFjNmNjMTY1
MDk0NTkwHhcNMjYwMTAyMDAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzY1ZGQ2NmU1ODBhZDRmMDM1MWEzMGE2YzMzMjk3M2IyZmI1ODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJMTvoQb+aaFPPsFwdyIA0WjNUq9
s4yDymqZ+ywEHOU8b9mh884zX+6mxKkGrUM+AQgl4FIaG+2pfn5/Rxzx360ceuXt
Bu7juBoS1uHOFAsctajza28k4YNblS0f6TTE2cXRb+ll3JcO/DwSiWJ37psP+IlF
y4ueCkZ9Xea3fdjJt97EvSx91jh+HB+XRpyZ03O4Wimhd32uP4sO1ZvwQPBwWbEd
xBHowNLddqzzZGaoHFdlSyJv46ipPh0E2Kzrf2nurobm0YoUDHKcguC+eYBeyt7R
VjpT1YG5iLVduxOmtpK3Tv3HIdixRdgeg6u8RwgaAk0gTuSQQsjTXmpTzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFxl3WblgK1PA1GjCmwzKXOy+1huMB8GA1UdIwQY
MBaAFNpzo5oOBF3frvUC8f2RxswWUJRZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5Pam1nNEVYZC11OVFMeF9aSEd6QlpRbEZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xNzM3ZmMtYjIyMS00ZmYwLWJmYTct
NWQ2NzRjYWRkZDZmLzEvWEdYZFp1V0FyVThEVWFNS2JETXBjN0w3V0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xNzM3ZmMtYjIyMS00ZmYwLWJmYTctNWQ2NzRjYWRkZDZm
LzEvMm5Pam1nNEVYZC11OVFMeF9aSEd6QlpRbEZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCGY
MA0GCSqGSIb3DQEBCwUAA4IBAQCWy2YFOYWYlnP5EqSFRPUKMD05qx9wAomvhLYm
XDkStChVzGn5aSC7RUiR0ddXZKv76MkFOc8f68EmDqvWEb+wWkeTzwXgs+OQ4GWZ
2zAgSHKIRW3b4gUxTPk7BidSvHdc+0LblYPj0ecEXEoSXb/8XAdN1hBtXYERtm1X
jdmocoBnjp4LBw7nHXBIqySU1Iybc0dlI/fnNucNWUGH0ZsPH5lOHfWa9hTcXTOk
5RTacanmswDiQjjIBiBCBdy2SgJjQPoFyQQ1kh7Ifock6x4SQCJLOGzG2HIqpqt+
uTrMJe1KkmNow5VSKG/Sh6xRvFB8IC/tZkcApHR4RHIwo5Y9
-----END CERTIFICATE-----