This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/PmvPeyfuH32uVVKqSfQ5RmaGzZA.roa
File:                     PmvPeyfuH32uVVKqSfQ5RmaGzZA.roa (raw, json)
Hash identifier:          9iQB+r4y8DYdCOUHJllDHq/E35qdiIubyMUUaFVIXsY=
Subject key identifier:   3E:6B:CF:7B:27:EE:1F:7D:AE:55:52:AA:49:F4:39:46:66:86:CD:90
Certificate issuer:       /CN=f56769a42e44266f037ecb390d4115febe3861a4
Certificate serial:       019B7F82BD60BED8971151BDE27207C56B97
Authority key identifier: F5:67:69:A4:2E:44:26:6F:03:7E:CB:39:0D:41:15:FE:BE:38:61:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/PmvPeyfuH32uVVKqSfQ5RmaGzZA.roa
Signing time:             Fri 02 Jan 2026 16:20:33 +0000
ROA not before:           Fri 02 Jan 2026 16:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8283
IP address blocks:        2001:678:688::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:bd:60:be:d8:97:11:51:bd:e2:72:07:c5:6b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f56769a42e44266f037ecb390d4115febe3861a4
        Validity
            Not Before: Jan  2 16:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e6bcf7b27ee1f7dae5552aa49f439466686cd90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5b:3e:d0:08:3d:82:b2:73:f1:f3:5f:be:18:
                    8c:0e:02:96:2d:c0:01:7b:e7:35:70:4d:67:19:5a:
                    a4:36:c3:e3:e0:6e:6a:b5:7e:0d:47:af:0e:d1:8c:
                    eb:2c:96:15:2c:47:15:37:81:f5:dd:e9:36:d2:bd:
                    48:1f:51:53:53:66:28:01:de:34:af:a1:cd:2b:d0:
                    50:d7:19:45:ac:82:26:d9:33:c8:ab:3d:51:05:55:
                    e0:f9:11:cc:9b:78:1b:82:37:47:22:a5:54:3c:bd:
                    d1:ce:20:28:26:b7:d2:9c:7f:fd:35:3f:5c:98:5f:
                    46:2d:76:6b:85:ef:80:64:ef:51:82:79:aa:11:a5:
                    d1:0b:21:74:c9:7e:20:e5:ae:20:f7:75:1b:d7:9a:
                    dc:60:83:f6:23:33:44:40:8b:23:da:3c:da:88:43:
                    e5:f5:e0:b4:e9:46:08:a5:aa:33:46:a4:0d:dc:8d:
                    57:f3:e1:c8:b3:6d:69:d0:fc:27:eb:cb:8d:9f:3e:
                    48:1d:19:22:20:25:89:d2:3d:16:d0:b2:d8:0b:20:
                    b8:0c:1e:06:e1:97:68:20:bd:c9:cb:d9:e4:ff:0f:
                    5f:c2:ac:c7:1e:fa:56:6d:c6:80:9d:5d:38:df:2b:
                    bf:67:60:cc:82:8a:49:01:11:d8:c2:1d:21:0c:15:
                    a1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6B:CF:7B:27:EE:1F:7D:AE:55:52:AA:49:F4:39:46:66:86:CD:90
            X509v3 Authority Key Identifier:
                keyid:F5:67:69:A4:2E:44:26:6F:03:7E:CB:39:0D:41:15:FE:BE:38:61:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WdppC5EJm8Dfss5DUEV_r44YaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/PmvPeyfuH32uVVKqSfQ5RmaGzZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1d2fd-4dbd-4362-ac7b-7a3ffb00b716/1/9WdppC5EJm8Dfss5DUEV_r44YaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:688::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:30:90:13:99:71:f9:1b:8c:9b:ae:e6:2b:60:cc:55:6a:f9:
         3e:07:2b:c1:1c:13:09:d3:08:7b:ef:e7:76:00:cd:d3:63:0f:
         af:04:05:bb:9f:ee:17:32:2b:ff:e2:20:cb:03:12:ff:93:82:
         e8:01:93:07:16:12:00:84:1b:e3:20:50:01:88:21:bd:1b:ea:
         98:1b:df:8e:d1:8c:11:1d:4d:90:2b:3d:3f:d9:06:65:8b:f5:
         30:16:9a:26:84:34:67:b2:11:59:b0:10:f5:9c:b7:ea:42:1e:
         00:38:f9:2f:1b:67:7c:30:57:e1:ca:78:ce:4f:b3:39:68:72:
         bc:94:d7:f3:6c:f1:f6:5c:f0:1c:0f:2d:3e:fc:6a:e8:43:b8:
         e3:41:03:3d:2e:59:2e:6b:e6:cb:c6:e4:83:5a:af:90:52:95:
         2f:ce:9e:fb:fb:16:8e:04:bf:ac:36:9d:b7:4e:e2:f0:bc:68:
         a6:bb:86:a0:4c:c8:d1:54:d8:ad:28:05:36:7e:f0:ff:03:6a:
         9f:36:97:d4:e8:97:11:5a:95:26:3a:07:9e:ba:5b:8b:a9:c4:
         10:05:89:b2:af:bb:87:c3:71:1c:e0:02:da:c8:58:97:bd:34:
         4f:aa:52:c4:98:03:0b:c0:f4:97:b5:59:68:0e:7f:79:28:22:
         3d:1e:ef:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/gr1gvtiXEVG94nIHxWuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Njc2OWE0MmU0NDI2NmYwMzdlY2IzOTBkNDExNWZlYmUz
ODYxYTQwHhcNMjYwMTAyMTYyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTZiY2Y3YjI3ZWUxZjdkYWU1NTUyYWE0OWY0Mzk0NjY2ODZjZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApls+0Ag9grJz8fNfvhiMDgKWLcAB
e+c1cE1nGVqkNsPj4G5qtX4NR68O0YzrLJYVLEcVN4H13ek20r1IH1FTU2YoAd40
r6HNK9BQ1xlFrIIm2TPIqz1RBVXg+RHMm3gbgjdHIqVUPL3RziAoJrfSnH/9NT9c
mF9GLXZrhe+AZO9RgnmqEaXRCyF0yX4g5a4g93Ub15rcYIP2IzNEQIsj2jzaiEPl
9eC06UYIpaozRqQN3I1X8+HIs21p0Pwn68uNnz5IHRkiICWJ0j0W0LLYCyC4DB4G
4ZdoIL3Jy9nk/w9fwqzHHvpWbcaAnV043yu/Z2DMgopJARHYwh0hDBWhoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD5rz3sn7h99rlVSqkn0OUZmhs2QMB8GA1UdIwQY
MBaAFPVnaaQuRCZvA37LOQ1BFf6+OGGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdkcHBDNUVKbThEZnNzNURVRVZfcjQ0WWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWQyZmQtNGRiZC00MzYyLWFjN2It
N2EzZmZiMDBiNzE2LzEvUG12UGV5ZnVIMzJ1VlZLcVNmUTVSbWFHelpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWQyZmQtNGRiZC00MzYyLWFjN2ItN2EzZmZiMDBiNzE2
LzEvOVdkcHBDNUVKbThEZnNzNURVRVZfcjQ0WWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAaI
MA0GCSqGSIb3DQEBCwUAA4IBAQCXMJATmXH5G4ybruYrYMxVavk+ByvBHBMJ0wh7
7+d2AM3TYw+vBAW7n+4XMiv/4iDLAxL/k4LoAZMHFhIAhBvjIFABiCG9G+qYG9+O
0YwRHU2QKz0/2QZli/UwFpomhDRnshFZsBD1nLfqQh4AOPkvG2d8MFfhynjOT7M5
aHK8lNfzbPH2XPAcDy0+/GroQ7jjQQM9Llkua+bLxuSDWq+QUpUvzp77+xaOBL+s
Np23TuLwvGimu4agTMjRVNitKAU2fvD/A2qfNpfU6JcRWpUmOgeeuluLqcQQBYmy
r7uHw3Ec4ALayFiXvTRPqlLEmAMLwPSXtVloDn95KCI9Hu+C
-----END CERTIFICATE-----