This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/QvbD1jOdUx6HbNUbA99645THPL4.roa
File:                     QvbD1jOdUx6HbNUbA99645THPL4.roa (raw, json)
Hash identifier:          S7/2P7Mm3OHJNvAa4PXnZTEjRSISksVJdSbgwYAQoks=
Subject key identifier:   42:F6:C3:D6:33:9D:53:1E:87:6C:D5:1B:03:DF:7A:E3:94:C7:3C:BE
Certificate issuer:       /CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
Certificate serial:       019B7D5C44E09DD03AE99680DDD6F2C09A80
Authority key identifier: 72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/QvbD1jOdUx6HbNUbA99645THPL4.roa
Signing time:             Fri 02 Jan 2026 06:19:17 +0000
ROA not before:           Fri 02 Jan 2026 06:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35675
IP address blocks:        2001:678:980::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:44:e0:9d:d0:3a:e9:96:80:dd:d6:f2:c0:9a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
        Validity
            Not Before: Jan  2 06:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42f6c3d6339d531e876cd51b03df7ae394c73cbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:a7:62:64:8f:d3:75:01:4b:4e:d0:48:6c:
                    2e:19:f4:96:ed:58:6f:a2:2f:8a:2f:af:a3:8a:75:
                    d1:24:5a:2c:9d:73:f6:65:f1:01:6a:9a:07:78:4b:
                    7d:82:d8:1c:33:11:78:7b:7b:f9:a3:e1:68:d1:5f:
                    d7:48:b2:fd:fc:c4:f2:dc:cc:39:0d:34:84:fc:7f:
                    87:a6:24:c8:0e:55:18:11:b9:c7:51:ac:6a:15:11:
                    99:e8:e1:76:ce:22:f7:7b:7a:08:39:0c:bd:70:dd:
                    9e:72:ca:ac:6f:a5:03:a4:d6:5b:4f:f0:be:e6:c3:
                    6e:69:9c:85:ad:d9:0c:80:a8:4e:00:8c:2e:84:ea:
                    2f:fc:fc:ae:ef:89:8a:cb:5f:ea:fd:63:cf:4e:03:
                    02:3c:cb:c8:0a:38:39:9b:95:bf:9a:16:d1:bd:95:
                    e0:2b:79:b0:9d:cd:cf:28:9a:8d:d5:71:96:3e:be:
                    f1:d3:36:7b:4f:62:2b:62:a5:f3:23:9d:50:37:39:
                    f1:f2:e4:2a:c2:3e:e0:70:78:bd:84:13:85:bb:91:
                    1c:cb:a3:f2:40:25:10:92:8b:41:ba:d4:3a:a9:69:
                    d3:55:97:2f:ff:07:17:5f:21:93:83:af:f8:56:55:
                    9a:1b:e3:97:7b:b3:48:0c:0c:48:fe:05:64:92:8c:
                    59:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F6:C3:D6:33:9D:53:1E:87:6C:D5:1B:03:DF:7A:E3:94:C7:3C:BE
            X509v3 Authority Key Identifier:
                keyid:72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/QvbD1jOdUx6HbNUbA99645THPL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:980::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:60:ca:ee:45:9e:78:9e:70:82:f9:9b:a6:77:8d:e5:27:ce:
         49:43:88:5e:cc:37:04:16:e8:1a:f0:96:40:4c:42:43:3c:67:
         f8:f7:39:f6:db:20:d3:d7:20:c1:de:43:22:b5:41:ea:79:73:
         64:40:c5:3b:cd:b1:0b:98:61:fa:06:03:a8:40:2e:6b:18:b3:
         4b:85:cb:3b:c6:29:66:a9:0d:db:32:20:d7:b4:c0:69:fb:fc:
         0b:bc:f8:da:b3:75:2f:84:b7:a4:8f:97:33:f7:fc:e5:31:28:
         cc:f2:a1:74:cf:44:c3:e8:40:06:35:94:b5:df:74:d8:41:c0:
         7c:4f:15:77:9e:35:d0:31:c1:c8:00:aa:65:8e:9f:e9:90:11:
         1f:eb:a3:d9:c3:f0:27:f2:a4:a8:4e:9d:9c:36:b7:a9:17:b2:
         4c:c6:91:ad:64:4d:51:75:3f:e9:c3:cf:21:f1:7f:50:45:94:
         e2:ef:4e:f4:1d:78:dc:7e:38:b4:e2:c3:28:ff:2d:e8:0b:ec:
         72:af:f3:ac:ea:26:3a:27:4e:9d:2b:db:cb:01:d3:93:e0:1b:
         3a:aa:ca:cf:5d:ef:96:e5:82:c4:96:3f:14:85:2e:7e:bc:ec:
         28:1d:2d:d9:91:26:c1:db:df:63:45:93:e9:40:90:87:e4:cb:
         7e:a4:10:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XETgndA66ZaA3dbywJqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjI1ZDg1OWZmMDZiZTFlYmM5N2FkZDVkZWMwNWQzNmZj
ZGNhMmQwHhcNMjYwMTAyMDYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY2YzNkNjMzOWQ1MzFlODc2Y2Q1MWIwM2RmN2FlMzk0YzczY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnunYmSP03UBS07QSGwuGfSW7Vhv
oi+KL6+jinXRJFosnXP2ZfEBapoHeEt9gtgcMxF4e3v5o+Fo0V/XSLL9/MTy3Mw5
DTSE/H+HpiTIDlUYEbnHUaxqFRGZ6OF2ziL3e3oIOQy9cN2ecsqsb6UDpNZbT/C+
5sNuaZyFrdkMgKhOAIwuhOov/Pyu74mKy1/q/WPPTgMCPMvICjg5m5W/mhbRvZXg
K3mwnc3PKJqN1XGWPr7x0zZ7T2IrYqXzI51QNznx8uQqwj7gcHi9hBOFu5Ecy6Py
QCUQkotButQ6qWnTVZcv/wcXXyGTg6/4VlWaG+OXe7NIDAxI/gVkkoxZAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEL2w9YznVMeh2zVGwPfeuOUxzy+MB8GA1UdIwQY
MBaAFHKyXYWf8Gvh68l63V3sBdNvzcotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JKZGhaX3dhLUhyeVhyZFhld0YwMl9OeWkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8yZjgzM2YtYTdlOC00ZjlkLWEzODMt
MTIzZmEyYWI5NDA4LzEvUXZiRDFqT2RVeDZIYk5VYkE5OTY0NVRIUEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8yZjgzM2YtYTdlOC00ZjlkLWEzODMtMTIzZmEyYWI5NDA4
LzEvY3JKZGhaX3dhLUhyeVhyZFhld0YwMl9OeWkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAmA
MA0GCSqGSIb3DQEBCwUAA4IBAQA1YMruRZ54nnCC+Zumd43lJ85JQ4hezDcEFuga
8JZATEJDPGf49zn22yDT1yDB3kMitUHqeXNkQMU7zbELmGH6BgOoQC5rGLNLhcs7
xilmqQ3bMiDXtMBp+/wLvPjas3UvhLekj5cz9/zlMSjM8qF0z0TD6EAGNZS133TY
QcB8TxV3njXQMcHIAKpljp/pkBEf66PZw/An8qSoTp2cNrepF7JMxpGtZE1RdT/p
w88h8X9QRZTi7070HXjcfji04sMo/y3oC+xyr/Os6iY6J06dK9vLAdOT4Bs6qsrP
Xe+W5YLElj8UhS5+vOwoHS3ZkSbB299jRZPpQJCH5Mt+pBCg
-----END CERTIFICATE-----