This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EPAl9cjNuzaqwQ06szjQQUYqRfg.roa
File:                     EPAl9cjNuzaqwQ06szjQQUYqRfg.roa (raw, json)
Hash identifier:          ubTmZyOwFya82LaAW/p3kUMlv6ueW7o0vypwOwGZV9Y=
Subject key identifier:   10:F0:25:F5:C8:CD:BB:36:AA:C1:0D:3A:B3:38:D0:41:46:2A:45:F8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910AB35E60F5C184F2C3F4F2F0A19C4
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EPAl9cjNuzaqwQ06szjQQUYqRfg.roa
Signing time:             Thu 01 Jan 2026 10:18:13 +0000
ROA not before:           Thu 01 Jan 2026 10:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213090
IP address blocks:        2a12:bec0:70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:ab:35:e6:0f:5c:18:4f:2c:3f:4f:2f:0a:19:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10f025f5c8cdbb36aac10d3ab338d041462a45f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e6:9d:5c:fa:00:60:07:c2:29:af:0e:19:81:
                    92:43:74:18:40:95:ce:df:d2:8c:fe:8d:a2:d3:8f:
                    5a:75:3a:a3:80:cb:71:7f:de:9c:cd:12:2d:fb:5b:
                    b0:a4:df:63:7b:a2:58:ad:4d:22:f1:9c:13:0b:de:
                    0d:95:cc:4d:92:79:9b:10:c6:55:6f:fd:95:47:c4:
                    7e:c3:fc:76:89:2a:21:40:1b:90:33:82:33:19:8c:
                    13:ed:49:f6:d8:0f:8f:3c:40:36:16:70:f7:e2:11:
                    8b:8e:5d:92:22:7a:b3:0c:b7:94:36:17:46:4a:5b:
                    e2:89:9e:91:21:04:68:12:4c:99:7a:44:cd:1b:28:
                    97:3f:fa:df:bc:5e:ff:94:fa:b5:4d:e0:d4:3a:c6:
                    47:95:92:4a:ff:76:25:c7:00:45:47:f3:f9:fe:c0:
                    36:1c:49:e1:c2:19:26:21:d7:0e:c6:5a:b5:e3:64:
                    b8:99:52:9e:bd:65:43:c9:af:61:cd:c2:09:ad:97:
                    17:65:c1:09:bc:ab:59:3a:70:42:2c:c7:a0:e3:88:
                    4d:df:27:7b:e2:2c:08:f4:df:6c:ae:ba:71:4b:ac:
                    0e:e0:db:fa:53:ee:7a:46:2b:52:8f:29:bc:c5:c1:
                    1f:9a:d8:fd:53:f2:7b:d2:70:52:f2:6f:7f:b8:83:
                    f4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:F0:25:F5:C8:CD:BB:36:AA:C1:0D:3A:B3:38:D0:41:46:2A:45:F8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EPAl9cjNuzaqwQ06szjQQUYqRfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:70::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:84:11:e2:4a:06:bb:aa:af:9d:28:93:28:e8:ae:2b:97:c9:
         cf:a4:85:26:dd:7d:e5:f3:fa:f8:2f:bf:06:c0:76:c6:ac:1d:
         8e:99:42:19:2c:a0:98:40:57:a4:e2:91:5f:4a:96:cc:01:47:
         49:5b:3c:64:37:b1:0a:e8:4b:c9:a4:69:22:2d:98:ad:85:1a:
         3e:fc:e7:ed:6c:17:8c:1b:e8:9d:c1:b9:b7:b7:19:9a:f8:09:
         05:14:7a:ca:90:4b:bc:2d:0f:e5:c8:43:04:90:e7:82:cc:c5:
         83:77:2a:0f:67:af:71:e9:38:52:6f:6c:e2:9f:d7:6e:23:00:
         41:c9:b4:b8:53:d0:33:e3:35:14:a8:a4:48:2c:68:d0:4e:b4:
         ad:7c:e5:e6:2d:44:9e:19:6e:2d:b3:1f:6f:85:44:91:52:d4:
         b0:14:1b:68:de:16:66:20:5d:ed:41:88:64:da:d0:68:4f:58:
         fe:82:54:97:23:79:89:5a:ce:c2:05:e4:69:56:80:3f:a2:3a:
         89:b5:5a:fb:50:f5:0d:85:83:ee:ec:f5:2a:2e:84:05:82:c4:
         53:40:d4:54:fd:a3:9f:b1:a6:20:11:f8:43:f3:c4:75:e5:9a:
         3f:a2:08:72:af:67:94:8b:86:11:24:58:ac:e9:0e:2b:25:90:
         d2:41:19:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EKs15g9cGE8sP08vChnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGYwMjVmNWM4Y2RiYjM2YWFjMTBkM2FiMzM4ZDA0MTQ2MmE0NWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+adXPoAYAfCKa8OGYGSQ3QYQJXO
39KM/o2i049adTqjgMtxf96czRIt+1uwpN9je6JYrU0i8ZwTC94NlcxNknmbEMZV
b/2VR8R+w/x2iSohQBuQM4IzGYwT7Un22A+PPEA2FnD34hGLjl2SInqzDLeUNhdG
SlviiZ6RIQRoEkyZekTNGyiXP/rfvF7/lPq1TeDUOsZHlZJK/3YlxwBFR/P5/sA2
HEnhwhkmIdcOxlq142S4mVKevWVDya9hzcIJrZcXZcEJvKtZOnBCLMeg44hN3yd7
4iwI9N9srrpxS6wO4Nv6U+56RitSjym8xcEfmtj9U/J70nBS8m9/uIP0DwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBDwJfXIzbs2qsENOrM40EFGKkX4MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRVBBbDljak51emFxd1EwNnN6alFRVVlxUmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wABw
MA0GCSqGSIb3DQEBCwUAA4IBAQB4hBHiSga7qq+dKJMo6K4rl8nPpIUm3X3l8/r4
L78GwHbGrB2OmUIZLKCYQFek4pFfSpbMAUdJWzxkN7EK6EvJpGkiLZithRo+/Oft
bBeMG+idwbm3txma+AkFFHrKkEu8LQ/lyEMEkOeCzMWDdyoPZ69x6ThSb2zin9du
IwBBybS4U9Az4zUUqKRILGjQTrStfOXmLUSeGW4tsx9vhUSRUtSwFBto3hZmIF3t
QYhk2tBoT1j+glSXI3mJWs7CBeRpVoA/ojqJtVr7UPUNhYPu7PUqLoQFgsRTQNRU
/aOfsaYgEfhD88R15Zo/oghyr2eUi4YRJFis6Q4rJZDSQRmf
-----END CERTIFICATE-----