This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/epgbRZ451e-4FNMtDUxjsoEsQts.roa
File:                     epgbRZ451e-4FNMtDUxjsoEsQts.roa (raw, json)
Hash identifier:          1bTVs1WZkQ0C5Jeug5kRDuRS7N5Tu6N+va1M7r7izGk=
Subject key identifier:   7A:98:1B:45:9E:39:D5:EF:B8:14:D3:2D:0D:4C:63:B2:81:2C:42:DB
Certificate issuer:       /CN=f44024ade5e4802c0a2f61e6f80f4d22dc154853
Certificate serial:       019B7D5CB6E38CE24A0D36226A23392EB1BC
Authority key identifier: F4:40:24:AD:E5:E4:80:2C:0A:2F:61:E6:F8:0F:4D:22:DC:15:48:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/epgbRZ451e-4FNMtDUxjsoEsQts.roa
Signing time:             Fri 02 Jan 2026 06:19:46 +0000
ROA not before:           Fri 02 Jan 2026 06:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212515
IP address blocks:        2001:678:e34::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:b6:e3:8c:e2:4a:0d:36:22:6a:23:39:2e:b1:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44024ade5e4802c0a2f61e6f80f4d22dc154853
        Validity
            Not Before: Jan  2 06:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a981b459e39d5efb814d32d0d4c63b2812c42db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:80:1a:26:9d:ce:da:c1:5a:d6:32:94:53:91:
                    d1:8c:ba:b8:cb:40:4c:80:fb:34:f9:41:8d:0a:ae:
                    7f:bb:2d:ee:47:34:a6:bc:80:15:73:02:22:c8:a8:
                    fc:09:71:d3:11:93:b2:6e:5d:87:a7:27:c1:dc:4e:
                    92:17:f5:23:89:83:68:a4:32:de:17:6c:ec:a7:eb:
                    a2:35:f5:83:a8:4c:1a:82:cf:de:69:23:86:15:ea:
                    34:8a:e9:49:c4:b6:10:bb:91:5b:f6:10:6b:9d:c4:
                    15:8c:90:e4:9c:7d:39:61:43:6b:54:ba:3b:bf:85:
                    52:59:d5:58:fe:f6:65:a1:54:94:d3:fe:c9:a3:62:
                    22:90:54:00:f3:fc:93:b5:58:f9:7a:ed:8a:34:0e:
                    05:9d:e7:70:1d:b9:ef:1a:ef:9a:64:55:04:99:43:
                    01:58:10:76:38:0f:97:98:ab:1b:45:74:43:4a:a6:
                    33:48:d7:4c:2b:69:1e:8d:d2:63:cc:d6:bb:3f:34:
                    5c:82:90:64:48:23:1f:08:e7:12:7a:74:2b:11:73:
                    1d:cc:35:e2:07:46:ac:35:aa:97:51:85:e3:21:42:
                    e2:1a:9a:b6:b7:77:35:ba:f2:c5:91:e4:1f:9e:b1:
                    ae:bc:f2:57:c7:07:28:56:72:ab:a0:fa:f1:9f:9b:
                    3b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:98:1B:45:9E:39:D5:EF:B8:14:D3:2D:0D:4C:63:B2:81:2C:42:DB
            X509v3 Authority Key Identifier:
                keyid:F4:40:24:AD:E5:E4:80:2C:0A:2F:61:E6:F8:0F:4D:22:DC:15:48:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EAkreXkgCwKL2Hm-A9NItwVSFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/epgbRZ451e-4FNMtDUxjsoEsQts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/679b4d-fa3d-4993-a18a-63c9c84ec74f/1/9EAkreXkgCwKL2Hm-A9NItwVSFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e34::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:dd:6a:15:b7:b1:4d:e4:be:65:ab:c0:0f:d7:bb:7b:53:0a:
         93:d7:e2:78:32:4c:7b:99:bf:2f:bd:ab:ac:d2:85:4f:72:27:
         7a:1c:d4:1c:dd:db:17:73:07:39:76:46:2d:25:e0:6e:31:29:
         ec:72:f3:15:45:d6:48:af:cc:c2:71:86:0d:54:53:f2:b0:11:
         a6:03:36:5f:ca:b0:e9:ad:86:54:bd:f0:93:d1:9d:ea:f7:81:
         6e:0b:2c:80:b0:c6:ee:9a:91:ad:ec:81:99:0b:21:5a:20:35:
         ac:04:00:27:77:78:51:f5:d0:03:6e:fb:85:3d:13:66:99:e5:
         35:c2:23:42:80:25:13:2f:b9:57:8a:17:69:65:63:17:7d:5b:
         f9:ec:cc:1f:f2:8e:e8:50:bc:7a:4e:61:7f:e0:99:22:6f:c8:
         4a:82:47:01:9b:1f:31:f4:dc:b3:f1:97:28:f9:5d:5a:59:c5:
         31:ce:4e:98:b4:a6:fe:be:e5:6f:96:5f:b8:08:b3:fb:0b:ff:
         28:4e:f0:7f:3a:6e:fa:46:fa:08:c6:98:5d:b3:cd:f4:b5:d0:
         80:91:8e:c9:e3:04:e0:0a:05:54:f7:74:85:b1:0a:8c:21:f9:
         4a:a9:22:4f:56:4b:c5:eb:4c:27:29:b4:2b:52:51:60:2f:30:
         a6:43:1f:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XLbjjOJKDTYiaiM5LrG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDAyNGFkZTVlNDgwMmMwYTJmNjFlNmY4MGY0ZDIyZGMx
NTQ4NTMwHhcNMjYwMTAyMDYxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTk4MWI0NTllMzlkNWVmYjgxNGQzMmQwZDRjNjNiMjgxMmM0MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4AaJp3O2sFa1jKUU5HRjLq4y0BM
gPs0+UGNCq5/uy3uRzSmvIAVcwIiyKj8CXHTEZOybl2HpyfB3E6SF/UjiYNopDLe
F2zsp+uiNfWDqEwags/eaSOGFeo0iulJxLYQu5Fb9hBrncQVjJDknH05YUNrVLo7
v4VSWdVY/vZloVSU0/7Jo2IikFQA8/yTtVj5eu2KNA4FnedwHbnvGu+aZFUEmUMB
WBB2OA+XmKsbRXRDSqYzSNdMK2kejdJjzNa7PzRcgpBkSCMfCOcSenQrEXMdzDXi
B0asNaqXUYXjIULiGpq2t3c1uvLFkeQfnrGuvPJXxwcoVnKroPrxn5s7bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHqYG0WeOdXvuBTTLQ1MY7KBLELbMB8GA1UdIwQY
MBaAFPRAJK3l5IAsCi9h5vgPTSLcFUhTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVBa3JlWGtnQ3dLTDJIbS1BOU5JdHdWU0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82NzliNGQtZmEzZC00OTkzLWExOGEt
NjNjOWM4NGVjNzRmLzEvZXBnYlJaNDUxZS00Rk5NdERVeGpzb0VzUXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82NzliNGQtZmEzZC00OTkzLWExOGEtNjNjOWM4NGVjNzRm
LzEvOUVBa3JlWGtnQ3dLTDJIbS1BOU5JdHdWU0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA40
MA0GCSqGSIb3DQEBCwUAA4IBAQBx3WoVt7FN5L5lq8AP17t7UwqT1+J4Mkx7mb8v
vaus0oVPcid6HNQc3dsXcwc5dkYtJeBuMSnscvMVRdZIr8zCcYYNVFPysBGmAzZf
yrDprYZUvfCT0Z3q94FuCyyAsMbumpGt7IGZCyFaIDWsBAAnd3hR9dADbvuFPRNm
meU1wiNCgCUTL7lXihdpZWMXfVv57Mwf8o7oULx6TmF/4Jkib8hKgkcBmx8x9Nyz
8Zco+V1aWcUxzk6YtKb+vuVvll+4CLP7C/8oTvB/Om76RvoIxphds830tdCAkY7J
4wTgCgVU93SFsQqMIflKqSJPVkvF60wnKbQrUlFgLzCmQx+y
-----END CERTIFICATE-----