This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/_xbk6TstsNtf1uEDvwohYt6Gqmg.roa
File:                     _xbk6TstsNtf1uEDvwohYt6Gqmg.roa (raw, json)
Hash identifier:          POljjhEax4aAurVZjBSXk9yYPwBhrXFZZutRKo1D0lI=
Subject key identifier:   FF:16:E4:E9:3B:2D:B0:DB:5F:D6:E1:03:BF:0A:21:62:DE:86:AA:68
Certificate issuer:       /CN=a49b83f5bde1a1dc93de69476837e9e3a37797af
Certificate serial:       019B7C1336BFA385EEBBE8034088E6C7D6AC
Authority key identifier: A4:9B:83:F5:BD:E1:A1:DC:93:DE:69:47:68:37:E9:E3:A3:77:97:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/_xbk6TstsNtf1uEDvwohYt6Gqmg.roa
Signing time:             Fri 02 Jan 2026 00:19:52 +0000
ROA not before:           Fri 02 Jan 2026 00:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     553
IP address blocks:        134.60.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:36:bf:a3:85:ee:bb:e8:03:40:88:e6:c7:d6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a49b83f5bde1a1dc93de69476837e9e3a37797af
        Validity
            Not Before: Jan  2 00:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff16e4e93b2db0db5fd6e103bf0a2162de86aa68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:11:84:bd:59:1f:fe:fc:2c:67:b4:b2:75:1f:
                    e8:43:b1:91:d3:ba:a5:89:41:f5:29:3d:fb:f7:0d:
                    83:fe:50:f5:74:bb:02:1b:ba:e0:6b:20:05:cd:03:
                    1c:e0:54:2d:5b:32:e7:59:bf:dc:98:13:38:d6:0f:
                    c9:f7:76:a2:57:7c:41:59:23:d0:f7:67:2f:e2:19:
                    fa:e6:1b:06:ee:bc:fa:64:ec:22:eb:02:50:b6:61:
                    ab:10:ab:b3:3f:45:de:50:89:59:50:76:c8:0b:54:
                    d5:60:41:8d:11:45:11:4d:85:fd:88:ea:9e:87:af:
                    6c:4f:5c:1f:ec:73:2a:2e:73:51:db:5d:fc:78:ac:
                    bc:3c:32:ed:a1:bd:46:88:81:fc:ef:5c:1b:3f:ea:
                    f9:0f:62:6c:e5:c3:9f:96:ec:b7:48:bf:d6:c0:ac:
                    8d:20:b3:66:72:57:ca:a5:77:6d:81:34:78:53:51:
                    2c:ef:46:33:85:71:57:70:68:e7:d0:8a:48:c2:39:
                    3d:51:7b:e4:25:08:56:e6:cb:98:c2:93:84:e5:d6:
                    60:0b:16:84:99:d4:38:cb:da:4f:ad:55:3f:1e:76:
                    8c:79:ea:f5:81:4a:cc:3d:dc:ca:01:9c:ac:e6:f2:
                    b3:66:ff:38:42:68:21:95:1e:6a:d3:a4:f4:c9:06:
                    48:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:16:E4:E9:3B:2D:B0:DB:5F:D6:E1:03:BF:0A:21:62:DE:86:AA:68
            X509v3 Authority Key Identifier:
                keyid:A4:9B:83:F5:BD:E1:A1:DC:93:DE:69:47:68:37:E9:E3:A3:77:97:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/_xbk6TstsNtf1uEDvwohYt6Gqmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:04:e8:d4:7c:eb:1e:b4:5b:e7:5f:15:6a:2d:52:e7:e0:0b:
         77:df:b0:32:14:44:55:5f:98:78:bb:81:b7:51:e5:01:88:aa:
         b8:cd:ff:56:1b:b4:13:5e:d4:d8:aa:15:80:e6:99:3a:b3:f7:
         09:70:19:3a:1d:4f:dd:3a:1b:0a:4a:0c:13:f6:eb:92:f6:9f:
         2f:47:66:3f:c1:ed:3b:89:77:63:cf:92:01:7a:bb:dd:cb:4e:
         a8:b6:90:9e:93:82:73:27:84:fa:cf:23:ca:1f:8a:bb:a7:a9:
         81:02:30:f5:92:06:6a:41:e0:40:68:a5:e8:73:c6:90:b2:f5:
         36:75:8f:52:20:d2:2e:ec:55:da:34:11:b4:9f:87:79:33:fc:
         83:5f:cc:00:49:16:d2:d6:57:79:45:1e:19:f4:c6:0b:6b:91:
         67:40:1e:be:8b:00:99:29:19:71:07:52:c2:05:4f:8e:85:e5:
         43:79:b9:11:65:fe:76:1f:a7:05:fd:60:25:15:a0:13:a2:f1:
         0c:91:47:2d:6f:de:78:64:13:03:4c:17:46:d3:b3:7e:9b:43:
         31:52:25:63:e3:29:46:23:7d:21:59:61:f8:f7:a8:83:9c:10:
         3a:94:20:ab:27:e1:3e:bc:8b:80:65:ca:78:c0:b2:e6:27:80:
         b4:7e:6a:59
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8Eza/o4Xuu+gDQIjmx9asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OWI4M2Y1YmRlMWExZGM5M2RlNjk0NzY4MzdlOWUzYTM3
Nzk3YWYwHhcNMjYwMTAyMDAxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE2ZTRlOTNiMmRiMGRiNWZkNmUxMDNiZjBhMjE2MmRlODZhYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxGEvVkf/vwsZ7SydR/oQ7GR07ql
iUH1KT379w2D/lD1dLsCG7rgayAFzQMc4FQtWzLnWb/cmBM41g/J93aiV3xBWSPQ
92cv4hn65hsG7rz6ZOwi6wJQtmGrEKuzP0XeUIlZUHbIC1TVYEGNEUURTYX9iOqe
h69sT1wf7HMqLnNR2138eKy8PDLtob1GiIH871wbP+r5D2Js5cOfluy3SL/WwKyN
ILNmclfKpXdtgTR4U1Es70YzhXFXcGjn0IpIwjk9UXvkJQhW5suYwpOE5dZgCxaE
mdQ4y9pPrVU/HnaMeer1gUrMPdzKAZys5vKzZv84QmghlR5q06T0yQZIxQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFP8W5Ok7LbDbX9bhA78KIWLehqpoMB8GA1UdIwQY
MBaAFKSbg/W94aHck95pR2g36eOjd5evMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEp1RDliM2hvZHlUM21sSGFEZnA0Nk4zbDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hZDFjNjktY2U1Ni00ZWRhLTg3ZWEt
OTg3NzE5ZWU2YTBjLzEvX3hiazZUc3RzTnRmMXVFRHZ3b2hZdDZHcW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hZDFjNjktY2U1Ni00ZWRhLTg3ZWEtOTg3NzE5ZWU2YTBj
LzEvcEp1RDliM2hvZHlUM21sSGFEZnA0Nk4zbDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhjwwDQYJ
KoZIhvcNAQELBQADggEBAJQE6NR86x60W+dfFWotUufgC3ffsDIURFVfmHi7gbdR
5QGIqrjN/1YbtBNe1NiqFYDmmTqz9wlwGTodT906GwpKDBP265L2ny9HZj/B7TuJ
d2PPkgF6u93LTqi2kJ6TgnMnhPrPI8ofirunqYECMPWSBmpB4EBopehzxpCy9TZ1
j1Ig0i7sVdo0EbSfh3kz/INfzABJFtLWV3lFHhn0xgtrkWdAHr6LAJkpGXEHUsIF
T46F5UN5uRFl/nYfpwX9YCUVoBOi8QyRRy1v3nhkEwNMF0bTs36bQzFSJWPjKUYj
fSFZYfj3qIOcEDqUIKsn4T68i4BlynjAsuYngLR+alk=
-----END CERTIFICATE-----