This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/BD2ZmB5rSja_kZITrzXPI22Piww.roa
File:                     BD2ZmB5rSja_kZITrzXPI22Piww.roa (raw, json)
Hash identifier:          XlOMlSw4i/XGorHygY9Vhf1MrDCgaP31EVtyPn5p+tU=
Subject key identifier:   04:3D:99:98:1E:6B:4A:36:BF:91:92:13:AF:35:CF:23:6D:8F:8B:0C
Certificate issuer:       /CN=60b28e2723955a3f63e47b3230317eae9292ff32
Certificate serial:       019B7B36F7A32F1F6781F45D7F84E7F95E64
Authority key identifier: 60:B2:8E:27:23:95:5A:3F:63:E4:7B:32:30:31:7E:AE:92:92:FF:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/BD2ZmB5rSja_kZITrzXPI22Piww.roa
Signing time:             Thu 01 Jan 2026 20:19:18 +0000
ROA not before:           Thu 01 Jan 2026 20:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212344
IP address blocks:        2001:67c:1b18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:f7:a3:2f:1f:67:81:f4:5d:7f:84:e7:f9:5e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60b28e2723955a3f63e47b3230317eae9292ff32
        Validity
            Not Before: Jan  1 20:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=043d99981e6b4a36bf919213af35cf236d8f8b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:30:68:1e:e6:10:7e:c2:81:3f:46:fe:b1:
                    7d:d6:b7:80:a3:b5:84:50:da:60:04:46:16:fa:31:
                    3d:f7:57:f7:69:96:f3:48:18:16:3e:87:ce:8f:91:
                    66:88:56:25:27:88:9a:db:3e:8a:6e:ae:48:46:c0:
                    ba:b9:a0:ef:22:3c:17:63:54:a0:7f:55:e7:2e:0d:
                    0e:64:43:1d:69:ba:09:7d:94:4d:5a:3f:c2:46:e8:
                    af:b4:71:62:a5:49:6e:40:86:15:ac:bd:fe:5e:8a:
                    af:da:8b:17:81:93:4e:e2:49:e7:24:cd:eb:07:67:
                    95:2e:cb:99:9a:a0:6e:3c:c0:3c:4a:d1:22:3d:f3:
                    ae:6e:0c:a7:d9:87:e4:92:b4:6d:9e:d7:dd:36:79:
                    c7:80:63:c8:db:76:09:ba:c2:da:7c:74:65:28:a1:
                    7c:cc:c3:32:d5:f4:40:1e:45:77:9c:79:ec:c2:71:
                    7a:e3:3b:fc:59:c6:9a:91:70:af:f5:46:c3:c7:58:
                    a5:46:63:ee:cf:ba:29:25:81:26:59:26:1d:8c:ec:
                    ae:51:58:59:69:d4:6a:5d:d6:35:2d:a7:df:88:37:
                    4f:81:d8:f7:2d:39:56:ab:eb:cd:04:6a:30:7a:b1:
                    d3:ba:b2:57:8d:77:7b:0c:8c:cd:cc:bb:c9:d3:23:
                    f5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:3D:99:98:1E:6B:4A:36:BF:91:92:13:AF:35:CF:23:6D:8F:8B:0C
            X509v3 Authority Key Identifier:
                keyid:60:B2:8E:27:23:95:5A:3F:63:E4:7B:32:30:31:7E:AE:92:92:FF:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/BD2ZmB5rSja_kZITrzXPI22Piww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b18::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:7e:d6:8c:a2:35:eb:d8:5f:be:42:f9:5d:2c:e0:39:18:36:
         8f:c1:72:e6:3c:1b:22:a5:13:e0:7f:e4:70:47:1e:e3:08:42:
         ff:95:63:55:86:5b:02:61:31:e5:cb:26:03:41:ed:3d:46:25:
         fc:42:f5:6e:32:37:16:bb:36:4d:d3:ae:1c:91:37:2f:b1:28:
         62:60:e1:a2:09:2c:b9:f1:58:09:e9:58:d1:1d:56:27:7c:6d:
         b1:90:92:f8:a1:c0:07:80:23:b2:eb:6d:4c:d8:fd:1c:13:32:
         71:30:74:f8:ad:eb:f8:fc:2c:4d:5b:42:f9:73:f1:71:7f:6c:
         b1:31:62:29:51:d3:50:e2:6c:d2:b8:f7:2e:5f:5f:7c:c5:ca:
         f2:e0:3c:63:af:64:03:20:70:c1:6b:dd:94:c4:5b:61:80:17:
         1f:a6:5f:2b:d7:b9:17:ef:76:5d:c0:df:3e:71:03:b5:4b:e2:
         10:31:2a:7b:b9:5c:61:2f:8b:52:1a:d5:74:fd:80:b0:b2:7a:
         20:fd:df:e3:3e:e0:a1:5f:9c:b8:71:75:91:f7:b4:8e:d8:65:
         58:6e:a7:89:a8:39:67:6a:3a:2d:7f:0c:4e:e0:a3:28:76:e0:
         50:39:6f:94:14:22:e8:6f:4d:08:69:cf:6b:7c:49:12:2e:64:
         b6:ae:68:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NvejLx9ngfRdf4Tn+V5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYjI4ZTI3MjM5NTVhM2Y2M2U0N2IzMjMwMzE3ZWFlOTI5
MmZmMzIwHhcNMjYwMTAxMjAxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDNkOTk5ODFlNmI0YTM2YmY5MTkyMTNhZjM1Y2YyMzZkOGY4YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZowaB7mEH7CgT9G/rF91reAo7WE
UNpgBEYW+jE991f3aZbzSBgWPofOj5FmiFYlJ4ia2z6Kbq5IRsC6uaDvIjwXY1Sg
f1XnLg0OZEMdaboJfZRNWj/CRuivtHFipUluQIYVrL3+Xoqv2osXgZNO4knnJM3r
B2eVLsuZmqBuPMA8StEiPfOubgyn2YfkkrRtntfdNnnHgGPI23YJusLafHRlKKF8
zMMy1fRAHkV3nHnswnF64zv8WcaakXCv9UbDx1ilRmPuz7opJYEmWSYdjOyuUVhZ
adRqXdY1LaffiDdPgdj3LTlWq+vNBGowerHTurJXjXd7DIzNzLvJ0yP1ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAQ9mZgea0o2v5GSE681zyNtj4sMMB8GA1UdIwQY
MBaAFGCyjicjlVo/Y+R7MjAxfq6Skv8yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxLT0p5T1ZXajlqNUhzeU1ERi1ycEtTX3pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8wMDM3ZWItNWUwYi00YzJiLWE5NGMt
MWRjM2I4YzYxZTZjLzEvQkQyWm1CNXJTamFfa1pJVHJ6WFBJMjJQaXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8wMDM3ZWItNWUwYi00YzJiLWE5NGMtMWRjM2I4YzYxZTZj
LzEvWUxLT0p5T1ZXajlqNUhzeU1ERi1ycEtTX3pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBsY
MA0GCSqGSIb3DQEBCwUAA4IBAQCQftaMojXr2F++QvldLOA5GDaPwXLmPBsipRPg
f+RwRx7jCEL/lWNVhlsCYTHlyyYDQe09RiX8QvVuMjcWuzZN064ckTcvsShiYOGi
CSy58VgJ6VjRHVYnfG2xkJL4ocAHgCOy621M2P0cEzJxMHT4rev4/CxNW0L5c/Fx
f2yxMWIpUdNQ4mzSuPcuX198xcry4Dxjr2QDIHDBa92UxFthgBcfpl8r17kX73Zd
wN8+cQO1S+IQMSp7uVxhL4tSGtV0/YCwsnog/d/jPuChX5y4cXWR97SO2GVYbqeJ
qDlnajotfwxO4KModuBQOW+UFCLob00Iac9rfEkSLmS2rmim
-----END CERTIFICATE-----