This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/PrQ9lga9Ki2nMKZgqqoUsecApCI.roa
File:                     PrQ9lga9Ki2nMKZgqqoUsecApCI.roa (raw, json)
Hash identifier:          wgW6ob7p1bWzADPUesI+OZalVcxaNSlVibSRrGZpWnU=
Subject key identifier:   3E:B4:3D:96:06:BD:2A:2D:A7:30:A6:60:AA:AA:14:B1:E7:00:A4:22
Certificate issuer:       /CN=e01f196dd7edd1131d0220fdb777122621bbbdef
Certificate serial:       019B7D5C6878A14AD26BC94D64D56958285E
Authority key identifier: E0:1F:19:6D:D7:ED:D1:13:1D:02:20:FD:B7:77:12:26:21:BB:BD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4B8Zbdft0RMdAiD9t3cSJiG7ve8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/PrQ9lga9Ki2nMKZgqqoUsecApCI.roa
Signing time:             Fri 02 Jan 2026 06:19:26 +0000
ROA not before:           Fri 02 Jan 2026 06:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202729
IP address blocks:        2001:67c:a6c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/4B8Zbdft0RMdAiD9t3cSJiG7ve8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/4B8Zbdft0RMdAiD9t3cSJiG7ve8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4B8Zbdft0RMdAiD9t3cSJiG7ve8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:68:78:a1:4a:d2:6b:c9:4d:64:d5:69:58:28:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e01f196dd7edd1131d0220fdb777122621bbbdef
        Validity
            Not Before: Jan  2 06:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3eb43d9606bd2a2da730a660aaaa14b1e700a422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:d5:5c:79:5e:9e:7c:1a:fa:23:7e:7d:9b:
                    bc:ed:6d:ce:56:9a:1a:60:0e:7b:21:6c:df:e8:2c:
                    47:ec:71:aa:f4:3a:95:35:37:6a:c6:6d:b8:07:26:
                    cd:76:6b:50:ee:86:0c:c5:ed:c8:21:c6:6e:d8:0f:
                    45:a3:0b:80:45:4e:c3:4a:78:c9:43:19:64:fa:93:
                    7f:b8:e2:69:21:03:21:36:c9:3e:d1:67:b4:d7:16:
                    82:0b:68:d0:5d:53:5c:2c:85:8b:dc:21:9a:b2:90:
                    44:d7:a7:7c:b8:4e:e6:94:c8:dc:b7:c3:dc:f5:0c:
                    09:f5:64:e3:64:cb:f8:74:77:16:02:94:bf:04:e8:
                    86:e4:48:45:08:af:a7:26:eb:dc:2e:77:6b:d2:4f:
                    b3:32:56:f4:c5:ed:d9:5d:67:48:d9:68:7d:b6:6c:
                    83:9c:83:01:42:13:c3:f8:da:66:10:5a:8d:0a:ad:
                    b2:a9:39:97:b1:88:d0:bb:61:fb:d6:61:0c:d1:5c:
                    53:23:5f:cf:63:4d:5e:f3:6a:a8:fd:f2:ff:bf:e4:
                    49:e7:1c:4a:63:bf:ad:ed:54:02:9e:54:ca:68:89:
                    7a:ca:9e:80:36:d7:ac:e6:d1:63:05:54:8c:2e:c2:
                    8b:e1:76:16:50:6a:0b:ad:5e:82:8c:6f:49:6d:6c:
                    df:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B4:3D:96:06:BD:2A:2D:A7:30:A6:60:AA:AA:14:B1:E7:00:A4:22
            X509v3 Authority Key Identifier:
                keyid:E0:1F:19:6D:D7:ED:D1:13:1D:02:20:FD:B7:77:12:26:21:BB:BD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4B8Zbdft0RMdAiD9t3cSJiG7ve8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/PrQ9lga9Ki2nMKZgqqoUsecApCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/968a85-01d3-4b0c-b920-66cbf876ab3e/1/4B8Zbdft0RMdAiD9t3cSJiG7ve8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a6c::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:a9:e3:2c:cc:9c:9e:97:9e:9f:ae:a0:f4:0a:e6:5c:73:eb:
         ec:46:6a:88:a5:0c:ad:e5:61:f9:53:e0:9a:ea:b5:e2:35:17:
         97:3a:28:80:69:52:16:fd:cd:59:92:97:df:3d:cd:e6:23:ad:
         ad:45:0d:2c:b8:d1:50:13:eb:b9:dc:0c:73:d8:4b:eb:ba:9f:
         25:55:1c:60:e7:4a:21:da:44:79:d9:c2:c5:6a:3d:3e:49:f0:
         e4:d1:7c:57:7f:5e:83:e9:d0:b1:09:30:42:cf:fb:eb:7e:f2:
         c9:50:53:bd:91:fa:6f:f3:62:8a:13:c2:fc:42:4d:b0:24:0f:
         4e:73:37:4e:e2:f2:1e:72:37:48:95:15:63:51:23:dd:7b:36:
         a7:a5:a4:90:6f:ef:df:7c:a9:5f:4f:38:35:cd:a3:32:f5:4d:
         76:f8:3b:87:44:de:31:0f:79:ae:4e:cf:84:28:b4:60:71:54:
         7e:a0:1b:96:a4:fa:f1:37:a4:d3:69:9b:a3:b5:42:c1:54:8c:
         97:ba:cb:87:e2:a8:da:8d:d9:ff:6b:f7:33:b6:b4:63:ac:b0:
         23:03:01:d8:89:46:91:6e:2d:55:d7:10:68:87:33:91:f9:ff:
         c7:0b:57:a3:52:97:9f:c6:da:14:09:d0:d1:3a:c2:11:c8:6b:
         70:4b:7b:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XGh4oUrSa8lNZNVpWCheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMWYxOTZkZDdlZGQxMTMxZDAyMjBmZGI3NzcxMjI2MjFi
YmJkZWYwHhcNMjYwMTAyMDYxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI0M2Q5NjA2YmQyYTJkYTczMGE2NjBhYWFhMTRiMWU3MDBhNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv17VXHlennwa+iN+fZu87W3OVpoa
YA57IWzf6CxH7HGq9DqVNTdqxm24BybNdmtQ7oYMxe3IIcZu2A9FowuARU7DSnjJ
Qxlk+pN/uOJpIQMhNsk+0We01xaCC2jQXVNcLIWL3CGaspBE16d8uE7mlMjct8Pc
9QwJ9WTjZMv4dHcWApS/BOiG5EhFCK+nJuvcLndr0k+zMlb0xe3ZXWdI2Wh9tmyD
nIMBQhPD+NpmEFqNCq2yqTmXsYjQu2H71mEM0VxTI1/PY01e82qo/fL/v+RJ5xxK
Y7+t7VQCnlTKaIl6yp6ANtes5tFjBVSMLsKL4XYWUGoLrV6CjG9JbWzfgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD60PZYGvSotpzCmYKqqFLHnAKQiMB8GA1UdIwQY
MBaAFOAfGW3X7dETHQIg/bd3EiYhu73vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEI4WmJkZnQwUk1kQWlEOXQzY1NKaUc3dmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC85NjhhODUtMDFkMy00YjBjLWI5MjAt
NjZjYmY4NzZhYjNlLzEvUHJROWxnYTlLaTJuTUtaZ3Fxb1VzZWNBcENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC85NjhhODUtMDFkMy00YjBjLWI5MjAtNjZjYmY4NzZhYjNl
LzEvNEI4WmJkZnQwUk1kQWlEOXQzY1NKaUc3dmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAps
MA0GCSqGSIb3DQEBCwUAA4IBAQATqeMszJyel56frqD0CuZcc+vsRmqIpQyt5WH5
U+Ca6rXiNReXOiiAaVIW/c1ZkpffPc3mI62tRQ0suNFQE+u53Axz2Evrup8lVRxg
50oh2kR52cLFaj0+SfDk0XxXf16D6dCxCTBCz/vrfvLJUFO9kfpv82KKE8L8Qk2w
JA9OczdO4vIecjdIlRVjUSPdezanpaSQb+/ffKlfTzg1zaMy9U12+DuHRN4xD3mu
Ts+EKLRgcVR+oBuWpPrxN6TTaZujtULBVIyXusuH4qjajdn/a/cztrRjrLAjAwHY
iUaRbi1V1xBohzOR+f/HC1ejUpefxtoUCdDROsIRyGtwS3sy
-----END CERTIFICATE-----