This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CKhQHDJPVPKYet2eeRQMrg4BhZA.roa
File:                     CKhQHDJPVPKYet2eeRQMrg4BhZA.roa (raw, json)
Hash identifier:          A0tiPuTNiGQbmKutWMyKJguvVQjiflRqSwCuVxsd69A=
Subject key identifier:   08:A8:50:1C:32:4F:54:F2:98:7A:DD:9E:79:14:0C:AE:0E:01:85:90
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910872343F40F40A763561FE59BEF65
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CKhQHDJPVPKYet2eeRQMrg4BhZA.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51308
IP address blocks:        2a12:bec0:e03::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:87:23:43:f4:0f:40:a7:63:56:1f:e5:9b:ef:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08a8501c324f54f2987add9e79140cae0e018590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:67:af:70:b9:29:05:8b:02:46:b0:fa:d8:
                    53:a7:72:07:62:96:de:e0:e0:8b:f7:9e:3f:59:a3:
                    eb:cf:f6:07:dd:29:64:fd:58:a7:27:9c:8c:85:73:
                    99:82:03:97:78:ac:4b:69:fc:ef:86:8c:45:79:91:
                    0a:42:ae:e6:ce:a0:98:aa:98:15:dc:e4:df:6e:80:
                    59:26:3e:79:b0:2f:9f:2c:a1:39:d9:ee:d5:75:c0:
                    d9:80:5c:d3:8d:39:da:52:71:77:af:27:e3:8b:8c:
                    94:f7:5c:2d:d1:22:98:e8:9e:89:c6:a7:81:73:39:
                    a4:9d:ba:12:2e:a7:1b:45:d8:12:4e:03:c4:a5:b1:
                    57:2d:e1:7b:d3:71:4e:ff:64:c5:51:bd:46:af:42:
                    5f:14:9c:f2:91:05:ad:56:f3:2a:88:17:0b:8a:76:
                    51:23:d1:ff:07:3e:ab:08:6f:10:b8:0b:a8:f9:52:
                    6c:d6:2e:5e:96:10:48:5c:d3:14:c5:32:d6:d5:16:
                    35:b5:7a:5b:10:54:d7:e0:36:f7:35:94:12:96:a5:
                    44:18:99:08:dd:c6:3e:66:17:be:de:19:9d:ff:4a:
                    36:5e:71:b7:a5:ff:f9:f1:a3:ae:45:86:e8:7b:f9:
                    79:3e:b2:88:09:e4:0a:70:4c:fb:af:d9:83:02:68:
                    1a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A8:50:1C:32:4F:54:F2:98:7A:DD:9E:79:14:0C:AE:0E:01:85:90
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CKhQHDJPVPKYet2eeRQMrg4BhZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:e03::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:b3:ec:4e:5e:d1:c4:f0:7d:6c:20:44:39:9a:0c:a3:31:e5:
         cb:22:9d:54:18:17:85:eb:4d:b0:cf:a2:f3:de:ee:8d:ff:c5:
         b3:c3:49:e2:32:ef:03:9a:ec:2e:3a:3e:9a:ec:c9:9b:fc:6c:
         ac:d8:c2:ef:10:29:89:72:a0:84:f1:23:c3:b0:3a:3f:fa:6c:
         ad:10:b1:7d:10:56:cd:2c:f2:7a:d6:5c:f3:2d:98:4c:7a:b3:
         fa:cf:24:81:58:32:75:93:57:31:85:79:b0:b3:77:9a:ff:34:
         3c:4b:2e:48:6e:f7:52:fc:4d:75:d9:a0:ce:0d:09:d2:32:6f:
         04:be:22:ff:78:91:35:c6:a1:1c:b5:c1:0d:9f:a5:49:4e:91:
         1d:ff:6d:0f:1e:31:1e:9d:72:f1:e3:51:1f:11:eb:dd:06:e5:
         c0:90:21:46:04:75:b1:4c:e2:86:fb:c7:91:53:54:40:40:b4:
         c8:6b:ec:fb:10:15:94:83:1e:9d:42:07:13:f0:2b:9e:0a:f3:
         f4:f7:90:f2:34:71:ef:9f:d0:50:1b:44:74:a7:1e:ea:a4:a4:
         5c:a9:56:06:44:98:d2:5e:8c:27:7d:16:a5:dc:c5:ee:aa:5f:
         7f:aa:69:ab:9f:4d:73:d9:a4:3c:e1:9f:1a:8b:55:d1:3d:a6:
         f0:36:9e:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EIcjQ/QPQKdjVh/lm+9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE4NTAxYzMyNGY1NGYyOTg3YWRkOWU3OTE0MGNhZTBlMDE4NTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua9nr3C5KQWLAkaw+thTp3IHYpbe
4OCL954/WaPrz/YH3Slk/VinJ5yMhXOZggOXeKxLafzvhoxFeZEKQq7mzqCYqpgV
3OTfboBZJj55sC+fLKE52e7VdcDZgFzTjTnaUnF3ryfji4yU91wt0SKY6J6JxqeB
czmknboSLqcbRdgSTgPEpbFXLeF703FO/2TFUb1Gr0JfFJzykQWtVvMqiBcLinZR
I9H/Bz6rCG8QuAuo+VJs1i5elhBIXNMUxTLW1RY1tXpbEFTX4Db3NZQSlqVEGJkI
3cY+Zhe+3hmd/0o2XnG3pf/58aOuRYboe/l5PrKICeQKcEz7r9mDAmgaxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAioUBwyT1TymHrdnnkUDK4OAYWQMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQ0toUUhESlBWUEtZZXQyZWVSUU1yZzRCaFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wA4D
MA0GCSqGSIb3DQEBCwUAA4IBAQCOs+xOXtHE8H1sIEQ5mgyjMeXLIp1UGBeF602w
z6Lz3u6N/8Wzw0niMu8DmuwuOj6a7Mmb/Gys2MLvECmJcqCE8SPDsDo/+mytELF9
EFbNLPJ61lzzLZhMerP6zySBWDJ1k1cxhXmws3ea/zQ8Sy5IbvdS/E112aDODQnS
Mm8EviL/eJE1xqEctcENn6VJTpEd/20PHjEenXLx41EfEevdBuXAkCFGBHWxTOKG
+8eRU1RAQLTIa+z7EBWUgx6dQgcT8CueCvP095DyNHHvn9BQG0R0px7qpKRcqVYG
RJjSXownfRal3MXuql9/qmmrn01z2aQ84Z8ai1XRPabwNp6k
-----END CERTIFICATE-----