This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/4HGdwJ9XKTMjvxsJJx3zyDLYa54.roa
File:                     4HGdwJ9XKTMjvxsJJx3zyDLYa54.roa (raw, json)
Hash identifier:          jYE4b7p6t7BDzuGZyvDqlMeK+svfhmC8m+qt2BWH3iM=
Subject key identifier:   E0:71:9D:C0:9F:57:29:33:23:BF:1B:09:27:1D:F3:C8:32:D8:6B:9E
Certificate issuer:       /CN=61ce2e57f6f862ca3056e5fd5b3e6eac35540401
Certificate serial:       019B7AC926987A56B8DE0089DB9CA5D47580
Authority key identifier: 61:CE:2E:57:F6:F8:62:CA:30:56:E5:FD:5B:3E:6E:AC:35:54:04:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/4HGdwJ9XKTMjvxsJJx3zyDLYa54.roa
Signing time:             Thu 01 Jan 2026 18:19:21 +0000
ROA not before:           Thu 01 Jan 2026 18:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38938
IP address blocks:        2a04:8900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:26:98:7a:56:b8:de:00:89:db:9c:a5:d4:75:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ce2e57f6f862ca3056e5fd5b3e6eac35540401
        Validity
            Not Before: Jan  1 18:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0719dc09f57293323bf1b09271df3c832d86b9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1d:28:58:d8:66:8f:ad:35:9d:fd:a0:42:be:
                    1d:ec:d9:9a:6d:1a:7d:a1:66:59:0f:08:17:ce:1d:
                    06:40:f8:22:fa:f3:00:fa:d2:8b:6a:82:2d:5e:ca:
                    de:86:8e:12:5b:ee:73:ec:14:2b:68:24:e5:96:4b:
                    60:04:f1:f4:fc:e7:7e:59:9e:99:f7:84:92:55:5b:
                    42:1d:07:e0:12:b0:07:27:b8:20:b6:5f:af:ba:9c:
                    43:5c:0a:50:82:d4:8b:d3:67:97:ba:49:c3:c1:fc:
                    82:d0:af:54:53:e6:32:17:9e:1e:e1:27:c1:93:16:
                    78:03:c0:8a:e4:e1:24:48:37:49:4d:f6:96:fe:7a:
                    2f:87:61:23:de:77:28:57:c6:38:98:27:06:55:f8:
                    ea:12:17:3a:db:ce:5a:61:91:73:56:e2:3f:ec:ca:
                    60:46:ed:9a:bf:88:69:63:d5:8e:1b:49:f2:64:96:
                    7d:ce:7b:8d:82:70:89:78:f6:7f:ab:85:6f:95:e1:
                    fd:38:62:c6:75:41:7a:64:35:c9:bd:2d:22:17:b5:
                    27:36:82:c1:35:63:bd:e4:e8:3a:44:df:10:72:03:
                    6b:6c:c8:b9:27:41:d1:3d:c9:3e:c8:06:17:9c:af:
                    60:f5:fb:0b:cc:6a:0b:20:f5:7b:91:f9:fe:86:6c:
                    00:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:71:9D:C0:9F:57:29:33:23:BF:1B:09:27:1D:F3:C8:32:D8:6B:9E
            X509v3 Authority Key Identifier:
                keyid:61:CE:2E:57:F6:F8:62:CA:30:56:E5:FD:5B:3E:6E:AC:35:54:04:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/4HGdwJ9XKTMjvxsJJx3zyDLYa54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:af:c0:1c:93:5f:30:74:1a:f8:cf:2a:35:93:d8:f6:41:f8:
         66:f6:9f:31:c3:f2:0b:bf:87:4b:81:f6:17:ff:2c:5e:d0:ec:
         8f:ae:29:18:f7:6a:14:d6:4e:11:ae:b3:e1:60:bb:ee:45:9f:
         93:97:01:47:f7:40:ee:30:2a:f9:db:53:1d:60:43:24:2f:a8:
         4d:cf:e4:8f:db:ca:64:84:48:8d:c7:9a:d8:45:d7:b0:5a:52:
         97:b6:af:47:3d:f0:97:5b:b2:f1:52:02:8b:c8:5f:95:b3:13:
         a5:6b:2f:0d:6f:2c:15:f0:ab:b6:cb:26:d2:61:cc:0f:14:e4:
         f4:3f:84:70:6d:af:d8:93:74:fa:a6:56:c3:18:22:2a:f7:57:
         4c:96:d4:49:4d:0e:72:3a:42:12:c4:98:0e:f0:63:a5:9b:e5:
         60:8f:df:ef:58:eb:79:34:7f:6e:72:4b:bf:90:ef:e6:a9:33:
         f7:ef:15:af:04:9c:30:a9:3a:b8:62:86:a7:37:c7:42:c2:25:
         16:fc:a1:52:5b:34:19:8a:6e:d7:5d:88:1d:fa:82:df:d5:28:
         06:cd:a7:b6:64:21:1c:fa:ef:03:b5:2e:da:d1:d3:65:f3:88:
         52:97:3d:21:f6:41:16:cd:ff:07:c4:38:e4:c8:f6:3f:bb:f9:
         39:f5:8e:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6ySaYela43gCJ25yl1HWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxY2UyZTU3ZjZmODYyY2EzMDU2ZTVmZDViM2U2ZWFjMzU1
NDA0MDEwHhcNMjYwMTAxMTgxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDcxOWRjMDlmNTcyOTMzMjNiZjFiMDkyNzFkZjNjODMyZDg2YjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0B0oWNhmj601nf2gQr4d7NmabRp9
oWZZDwgXzh0GQPgi+vMA+tKLaoItXsreho4SW+5z7BQraCTllktgBPH0/Od+WZ6Z
94SSVVtCHQfgErAHJ7ggtl+vupxDXApQgtSL02eXuknDwfyC0K9UU+YyF54e4SfB
kxZ4A8CK5OEkSDdJTfaW/novh2Ej3ncoV8Y4mCcGVfjqEhc6285aYZFzVuI/7Mpg
Ru2av4hpY9WOG0nyZJZ9znuNgnCJePZ/q4VvleH9OGLGdUF6ZDXJvS0iF7UnNoLB
NWO95Og6RN8QcgNrbMi5J0HRPck+yAYXnK9g9fsLzGoLIPV7kfn+hmwAWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOBxncCfVykzI78bCScd88gy2GueMB8GA1UdIwQY
MBaAFGHOLlf2+GLKMFbl/Vs+bqw1VAQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWM0dVZfYjRZc293VnVYOVd6NXVyRFZVQkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84NzYyMDMtZThmZC00NzJmLWFmYzIt
OTkwMzg1NTU5ZDFjLzEvNEhHZHdKOVhLVE1qdnhzSkp4M3p5RExZYTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84NzYyMDMtZThmZC00NzJmLWFmYzItOTkwMzg1NTU5ZDFj
LzEvWWM0dVZfYjRZc293VnVYOVd6NXVyRFZVQkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgSJADAN
BgkqhkiG9w0BAQsFAAOCAQEAS6/AHJNfMHQa+M8qNZPY9kH4ZvafMcPyC7+HS4H2
F/8sXtDsj64pGPdqFNZOEa6z4WC77kWfk5cBR/dA7jAq+dtTHWBDJC+oTc/kj9vK
ZIRIjcea2EXXsFpSl7avRz3wl1uy8VICi8hflbMTpWsvDW8sFfCrtssm0mHMDxTk
9D+EcG2v2JN0+qZWwxgiKvdXTJbUSU0OcjpCEsSYDvBjpZvlYI/f71jreTR/bnJL
v5Dv5qkz9+8VrwScMKk6uGKGpzfHQsIlFvyhUls0GYpu112IHfqC39UoBs2ntmQh
HPrvA7Uu2tHTZfOIUpc9IfZBFs3/B8Q45Mj2P7v5OfWOwg==
-----END CERTIFICATE-----