This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/xjzYHXm1-iuVRNUf9oR0e8sbGww.roa
File:                     xjzYHXm1-iuVRNUf9oR0e8sbGww.roa (raw, json)
Hash identifier:          iJBDMmXR3U1sUk5QS/ljorbRN9G3Tas2Jm/BVGabM7A=
Subject key identifier:   C6:3C:D8:1D:79:B5:FA:2B:95:44:D5:1F:F6:84:74:7B:CB:1B:1B:0C
Certificate issuer:       /CN=199b3f908ce6e1764617731b624539421d13c94d
Certificate serial:       019AFD9BFBD29DF540236F340432FC629A13
Authority key identifier: 19:9B:3F:90:8C:E6:E1:76:46:17:73:1B:62:45:39:42:1D:13:C9:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/xjzYHXm1-iuVRNUf9oR0e8sbGww.roa
Signing time:             Mon 08 Dec 2025 10:57:29 +0000
ROA not before:           Mon 08 Dec 2025 10:57:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209990
IP address blocks:        2001:678:58c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Dec 2025 19:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:fd:9b:fb:d2:9d:f5:40:23:6f:34:04:32:fc:62:9a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=199b3f908ce6e1764617731b624539421d13c94d
        Validity
            Not Before: Dec  8 10:57:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c63cd81d79b5fa2b9544d51ff684747bcb1b1b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2f:4c:6e:a1:ce:b1:47:54:5d:33:7e:91:0b:
                    fb:1b:5c:84:56:f1:d5:06:a3:88:68:11:00:f1:2f:
                    f1:8e:93:bb:96:3f:d2:7f:93:c3:f4:bc:62:a3:60:
                    1a:e0:37:09:63:3a:9e:81:07:e0:37:44:e8:03:be:
                    a3:4d:43:d9:13:39:1f:a0:6f:2d:ed:39:da:9c:96:
                    a7:d9:a3:ec:30:21:55:3b:56:e8:0e:45:1b:ee:f5:
                    bb:6a:68:4f:a0:13:6b:0e:f8:1d:a5:c1:bf:fa:a7:
                    bd:09:0a:b5:78:52:9b:af:e0:f0:18:07:1d:99:ad:
                    6d:e1:a7:01:57:df:ea:79:25:73:d4:ea:67:83:de:
                    a3:d9:fc:b9:57:6a:49:7b:fd:c3:b2:d3:0d:c3:c4:
                    6d:05:91:eb:81:bb:6c:84:1a:1e:cb:6b:fb:10:b0:
                    47:c0:bc:25:a9:c4:15:7c:b5:e5:dd:7d:eb:95:a0:
                    76:3d:c0:29:20:ad:76:4a:2a:23:56:f1:bf:a6:9b:
                    e2:12:a1:ae:a1:45:7a:8c:2a:fc:9b:8c:4c:b7:3d:
                    8b:13:12:e4:3c:8b:27:e3:d5:b4:74:d3:02:4c:d7:
                    2c:55:7c:df:7e:6e:6d:2f:63:83:0b:2d:79:b9:6b:
                    4b:e5:15:96:28:1b:65:f1:db:80:f5:37:27:5a:42:
                    86:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3C:D8:1D:79:B5:FA:2B:95:44:D5:1F:F6:84:74:7B:CB:1B:1B:0C
            X509v3 Authority Key Identifier:
                keyid:19:9B:3F:90:8C:E6:E1:76:46:17:73:1B:62:45:39:42:1D:13:C9:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/xjzYHXm1-iuVRNUf9oR0e8sbGww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0e8715-d87e-4ce5-9482-2e97aba0fb2c/1/GZs_kIzm4XZGF3MbYkU5Qh0TyU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:58c::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:68:3f:52:91:e7:87:71:41:a4:af:f8:4b:3e:fe:de:18:62:
         45:e5:7e:38:05:9a:e4:af:a9:f1:88:f1:36:57:8d:b7:d5:d2:
         b8:1d:f4:dd:f4:70:0d:26:28:b8:2b:70:cb:39:7f:5f:95:ca:
         d6:8b:94:74:dc:d5:a2:e4:f1:7b:30:98:9d:13:c2:f8:a6:f3:
         b3:2b:e7:fb:f8:9a:4a:f5:55:a7:d3:0b:63:46:21:ee:3c:2e:
         40:bf:50:ee:1a:8b:42:12:0d:ee:3c:05:6a:87:fb:8e:3e:4f:
         41:ab:c5:0b:4d:ad:7f:60:06:d4:5c:17:0b:e5:46:6b:b6:9c:
         0d:1f:90:8f:97:79:6c:f1:dc:20:88:86:44:e4:93:8c:79:00:
         20:60:97:f7:ad:84:3f:cc:57:90:9d:ce:e9:e6:40:ee:ee:c2:
         b9:00:28:6d:53:5f:e1:52:86:8f:53:42:46:ef:7f:64:f7:e8:
         aa:56:d0:f6:7b:80:f4:d7:7e:3d:2a:a2:01:58:62:fc:6a:09:
         14:ed:d5:a9:e5:8b:f6:c1:5d:58:07:61:41:e8:1b:dd:9a:ca:
         ac:88:e0:0e:c5:3a:d5:11:f4:34:b1:7e:ab:1e:a0:2c:fe:62:
         02:dd:56:fe:55:fd:9f:a4:7d:56:ad:d1:d4:d9:2c:88:e4:b2:
         66:5b:f0:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZr9m/vSnfVAI280BDL8YpoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5OWIzZjkwOGNlNmUxNzY0NjE3NzMxYjYyNDUzOTQyMWQx
M2M5NGQwHhcNMjUxMjA4MTA1NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNjZDgxZDc5YjVmYTJiOTU0NGQ1MWZmNjg0NzQ3YmNiMWIxYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy9MbqHOsUdUXTN+kQv7G1yEVvHV
BqOIaBEA8S/xjpO7lj/Sf5PD9Lxio2Aa4DcJYzqegQfgN0ToA76jTUPZEzkfoG8t
7TnanJan2aPsMCFVO1boDkUb7vW7amhPoBNrDvgdpcG/+qe9CQq1eFKbr+DwGAcd
ma1t4acBV9/qeSVz1Opng96j2fy5V2pJe/3DstMNw8RtBZHrgbtshBoey2v7ELBH
wLwlqcQVfLXl3X3rlaB2PcApIK12SiojVvG/ppviEqGuoUV6jCr8m4xMtz2LExLk
PIsn49W0dNMCTNcsVXzffm5tL2ODCy15uWtL5RWWKBtl8duA9TcnWkKGbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMY82B15tforlUTVH/aEdHvLGxsMMB8GA1UdIwQY
MBaAFBmbP5CM5uF2RhdzG2JFOUIdE8lNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1pzX2tJem00WFpHRjNNYllrVTVRaDBUeVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wZTg3MTUtZDg3ZS00Y2U1LTk0ODIt
MmU5N2FiYTBmYjJjLzEveGp6WUhYbTEtaXVWUk5VZjlvUjBlOHNiR3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wZTg3MTUtZDg3ZS00Y2U1LTk0ODItMmU5N2FiYTBmYjJj
LzEvR1pzX2tJem00WFpHRjNNYllrVTVRaDBUeVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWM
MA0GCSqGSIb3DQEBCwUAA4IBAQAnaD9SkeeHcUGkr/hLPv7eGGJF5X44BZrkr6nx
iPE2V4231dK4HfTd9HANJii4K3DLOX9flcrWi5R03NWi5PF7MJidE8L4pvOzK+f7
+JpK9VWn0wtjRiHuPC5Av1DuGotCEg3uPAVqh/uOPk9Bq8ULTa1/YAbUXBcL5UZr
tpwNH5CPl3ls8dwgiIZE5JOMeQAgYJf3rYQ/zFeQnc7p5kDu7sK5AChtU1/hUoaP
U0JG739k9+iqVtD2e4D01349KqIBWGL8agkU7dWp5Yv2wV1YB2FB6BvdmsqsiOAO
xTrVEfQ0sX6rHqAs/mIC3Vb+Vf2fpH1WrdHU2SyI5LJmW/Bh
-----END CERTIFICATE-----