This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/ChullwnZqQZYUszFjSx3fewyjwo.roa
File:                     ChullwnZqQZYUszFjSx3fewyjwo.roa (raw, json)
Hash identifier:          Q47vpxHW3Ryw8e0pAegAXyctEwiMaOAhvKLpvI/M8b8=
Subject key identifier:   0A:1B:A5:97:09:D9:A9:06:58:52:CC:C5:8D:2C:77:7D:EC:32:8F:0A
Certificate issuer:       /CN=24b660a611980c68273139e32affb74b454a9d32
Certificate serial:       019B77589CDE2E95108EB393A1A5A956E9F6
Authority key identifier: 24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/ChullwnZqQZYUszFjSx3fewyjwo.roa
Signing time:             Thu 01 Jan 2026 02:17:34 +0000
ROA not before:           Thu 01 Jan 2026 02:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:d10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:9c:de:2e:95:10:8e:b3:93:a1:a5:a9:56:e9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24b660a611980c68273139e32affb74b454a9d32
        Validity
            Not Before: Jan  1 02:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a1ba59709d9a9065852ccc58d2c777dec328f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:4c:cb:6c:b3:e6:c2:a8:b8:8f:ad:3c:31:
                    8a:a1:df:d0:51:6c:4f:5e:4f:4d:c3:61:ee:11:e9:
                    f9:ae:5b:90:70:44:f1:dc:44:db:04:f8:8f:59:d2:
                    7d:35:86:59:42:b6:dd:f9:8b:42:75:7c:b4:b8:69:
                    d0:1f:ad:05:22:fb:15:6c:ad:3b:39:5f:32:ae:0f:
                    67:18:25:83:c9:d0:b7:69:5d:ec:0e:25:88:f4:cb:
                    51:9a:44:05:d8:82:85:cc:73:05:d5:8e:ec:ef:bc:
                    44:d7:16:44:f6:0b:09:04:9a:b3:a9:2d:b4:1d:fc:
                    89:36:8b:af:c8:36:a0:d1:46:9e:64:be:7a:e5:b3:
                    61:2a:75:1f:17:b3:c0:61:8a:f6:f3:c9:b8:80:fe:
                    10:33:fd:28:b9:31:65:bf:ac:3c:fe:db:96:d8:e2:
                    16:c6:94:66:7f:8a:ad:57:cf:1d:44:24:fc:b8:bd:
                    fc:a5:59:8f:eb:20:01:33:7d:18:b5:19:b6:4c:4e:
                    96:60:8b:80:66:3a:f9:93:3a:aa:a0:9b:0c:07:7c:
                    94:25:69:c4:3a:9c:ce:99:e0:13:71:83:e3:02:96:
                    29:2a:9e:c3:c0:aa:27:b0:03:d0:96:ad:de:fc:be:
                    c1:21:93:53:29:da:33:52:a7:d8:77:dd:f3:39:5c:
                    55:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1B:A5:97:09:D9:A9:06:58:52:CC:C5:8D:2C:77:7D:EC:32:8F:0A
            X509v3 Authority Key Identifier:
                keyid:24:B6:60:A6:11:98:0C:68:27:31:39:E3:2A:FF:B7:4B:45:4A:9D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLZgphGYDGgnMTnjKv-3S0VKnTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/ChullwnZqQZYUszFjSx3fewyjwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/16d4b5-76bb-4324-9a86-705197507a59/1/JLZgphGYDGgnMTnjKv-3S0VKnTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d10::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:bb:46:6e:3b:34:d7:c0:d5:d2:cc:5a:d4:09:f3:d8:76:46:
         99:0d:ed:4b:3b:15:23:65:b2:29:6f:99:1e:c0:0a:7d:b8:58:
         85:3b:05:e3:21:f7:b9:1d:57:52:67:3d:e7:90:da:6e:a6:d9:
         16:88:d9:50:6b:a0:fc:54:f9:cf:a5:9e:a3:2f:30:13:24:a9:
         de:82:de:ba:82:45:93:45:77:83:6f:63:63:2a:d2:87:ff:07:
         36:11:a8:b2:c2:04:36:3e:d8:ec:10:d1:43:b0:e5:de:22:15:
         bb:19:16:88:1d:50:1d:08:af:03:a9:22:d8:74:de:b5:2f:7e:
         fb:cd:6e:54:88:c9:43:50:33:92:5a:6e:53:47:17:38:91:77:
         7e:41:00:45:34:ab:ad:f5:d9:00:a7:f0:fb:b5:50:2c:06:52:
         aa:70:84:e1:bd:3e:a3:22:06:70:16:09:9a:e6:6e:aa:ec:12:
         58:0c:0e:18:90:84:77:70:e9:da:8e:73:98:b8:da:c2:f0:45:
         44:9c:44:6d:1c:26:2c:1c:36:74:5e:3f:2e:4f:9d:a3:f0:a0:
         22:8a:e7:c1:26:c8:f7:09:17:1b:21:b6:e5:c6:46:63:5f:61:
         49:32:cb:40:18:ef:19:fd:86:4b:56:fc:10:02:c2:34:cc:6e:
         11:6a:fc:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WJzeLpUQjrOToaWpVun2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YjY2MGE2MTE5ODBjNjgyNzMxMzllMzJhZmZiNzRiNDU0
YTlkMzIwHhcNMjYwMTAxMDIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTFiYTU5NzA5ZDlhOTA2NTg1MmNjYzU4ZDJjNzc3ZGVjMzI4ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUhMy2yz5sKouI+tPDGKod/QUWxP
Xk9Nw2HuEen5rluQcETx3ETbBPiPWdJ9NYZZQrbd+YtCdXy0uGnQH60FIvsVbK07
OV8yrg9nGCWDydC3aV3sDiWI9MtRmkQF2IKFzHMF1Y7s77xE1xZE9gsJBJqzqS20
HfyJNouvyDag0UaeZL565bNhKnUfF7PAYYr288m4gP4QM/0ouTFlv6w8/tuW2OIW
xpRmf4qtV88dRCT8uL38pVmP6yABM30YtRm2TE6WYIuAZjr5kzqqoJsMB3yUJWnE
OpzOmeATcYPjApYpKp7DwKonsAPQlq3e/L7BIZNTKdozUqfYd93zOVxVIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAobpZcJ2akGWFLMxY0sd33sMo8KMB8GA1UdIwQY
MBaAFCS2YKYRmAxoJzE54yr/t0tFSp0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYt
NzA1MTk3NTA3YTU5LzEvQ2h1bGx3blpxUVpZVXN6RmpTeDNmZXd5andvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNmQ0YjUtNzZiYi00MzI0LTlhODYtNzA1MTk3NTA3YTU5
LzEvSkxaZ3BoR1lER2duTVRuakt2LTNTMFZLblRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0Q
MA0GCSqGSIb3DQEBCwUAA4IBAQDEu0ZuOzTXwNXSzFrUCfPYdkaZDe1LOxUjZbIp
b5kewAp9uFiFOwXjIfe5HVdSZz3nkNpuptkWiNlQa6D8VPnPpZ6jLzATJKnegt66
gkWTRXeDb2NjKtKH/wc2EaiywgQ2PtjsENFDsOXeIhW7GRaIHVAdCK8DqSLYdN61
L377zW5UiMlDUDOSWm5TRxc4kXd+QQBFNKut9dkAp/D7tVAsBlKqcIThvT6jIgZw
Fgma5m6q7BJYDA4YkIR3cOnajnOYuNrC8EVEnERtHCYsHDZ0Xj8uT52j8KAiiufB
Jsj3CRcbIbblxkZjX2FJMstAGO8Z/YZLVvwQAsI0zG4Ravyg
-----END CERTIFICATE-----