This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1YQKQTPcmBsvJwzO60JTrHHnGNo.roa
File:                     1YQKQTPcmBsvJwzO60JTrHHnGNo.roa (raw, json)
Hash identifier:          JZLN28K6i5BW02QRjjHEwLyhCh/ZFXibW+qwcy62Juo=
Subject key identifier:   D5:84:0A:41:33:DC:98:1B:2F:27:0C:CE:EB:42:53:AC:71:E7:18:DA
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019B7C802109407071D1F31C2EF3683F3620
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1YQKQTPcmBsvJwzO60JTrHHnGNo.roa
Signing time:             Fri 02 Jan 2026 02:18:50 +0000
ROA not before:           Fri 02 Jan 2026 02:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198100
IP address blocks:        2a0f:7803:ffb1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:21:09:40:70:71:d1:f3:1c:2e:f3:68:3f:36:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  2 02:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5840a4133dc981b2f270cceeb4253ac71e718da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:9f:1d:f3:2e:4d:41:d4:40:3c:74:7d:b4:
                    35:36:aa:e4:8d:5c:94:33:ec:fb:f1:4e:b3:6f:53:
                    8e:59:1e:72:b8:e4:46:b4:cb:0e:9c:29:5e:0c:66:
                    8f:09:5e:66:25:a9:2b:65:51:aa:88:ae:d9:6d:b2:
                    a9:d7:61:84:7b:1a:44:22:9b:a0:63:19:9a:90:d6:
                    01:dd:6f:7b:f3:8e:8f:2c:93:98:62:55:43:c3:48:
                    bf:b2:b2:04:64:bd:c4:20:ec:a7:cd:b6:00:40:de:
                    a8:2e:7b:f9:13:2c:90:55:22:9c:f1:1e:c8:91:8d:
                    d8:5b:90:ef:67:49:26:b6:04:3d:0d:c4:dc:1c:78:
                    72:f3:94:73:cc:a9:30:29:79:4f:a0:be:a2:75:8b:
                    6a:a5:33:c7:62:ae:53:24:e2:e5:b5:6d:28:1b:64:
                    a1:8b:d4:73:7a:85:0b:69:7a:01:d4:1a:32:bd:c3:
                    eb:97:71:dc:1c:27:d5:d4:90:28:00:09:3f:e4:9b:
                    c3:6f:df:62:13:6a:90:2d:65:43:ac:ad:9f:d0:16:
                    7a:b3:95:23:22:37:ba:b4:d8:e5:d6:e8:18:45:40:
                    ee:84:db:f9:04:97:6e:95:85:f6:78:92:1a:2f:01:
                    c7:9a:8a:03:6b:c0:01:1c:9e:f4:be:78:c1:45:24:
                    89:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:84:0A:41:33:DC:98:1B:2F:27:0C:CE:EB:42:53:AC:71:E7:18:DA
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1YQKQTPcmBsvJwzO60JTrHHnGNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ffb1::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:c7:48:a0:d0:f5:d2:a4:b4:46:6c:1c:e3:24:d2:b2:df:d3:
         fb:2a:e4:3a:76:c2:06:32:bf:61:b0:c0:02:aa:4c:39:e0:9b:
         7c:76:25:e6:6d:0a:88:28:5a:1f:be:33:8f:bd:a8:f0:74:3e:
         da:1c:7a:e6:6e:bd:69:77:d5:0b:52:81:0a:1c:44:a6:65:27:
         d3:6b:d8:fe:c9:70:f3:b1:59:56:36:a0:2b:81:20:ea:76:6e:
         54:bf:d0:73:27:91:75:89:52:8b:a8:b2:1a:fc:cf:0b:84:d5:
         e5:31:44:e9:4a:37:e7:4d:ce:9b:84:b0:02:1a:8a:88:33:c2:
         51:78:40:88:ae:48:de:47:18:68:de:0d:d7:86:8d:c9:9b:1c:
         e4:2c:ab:bc:60:50:f7:f8:a2:3b:d7:5a:d5:de:39:67:af:d5:
         87:c5:2b:bd:ea:06:17:b2:ca:30:2f:26:0a:3a:41:d3:93:df:
         d0:b6:ff:68:56:23:86:cc:04:16:83:54:cc:e1:95:ca:03:3f:
         07:cd:da:9d:af:bf:d1:b7:65:db:3f:26:0c:41:41:47:62:f8:
         b2:dd:ef:49:fe:a7:54:9b:cb:1d:93:99:c2:87:03:5e:4f:28:
         a6:5e:6f:d5:9d:43:d4:85:a0:72:b9:05:26:89:30:96:cb:5e:
         60:90:81:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8gCEJQHBx0fMcLvNoPzYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjYwMTAyMDIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg0MGE0MTMzZGM5ODFiMmYyNzBjY2VlYjQyNTNhYzcxZTcxOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOqfHfMuTUHUQDx0fbQ1NqrkjVyU
M+z78U6zb1OOWR5yuORGtMsOnCleDGaPCV5mJakrZVGqiK7ZbbKp12GEexpEIpug
YxmakNYB3W97846PLJOYYlVDw0i/srIEZL3EIOynzbYAQN6oLnv5EyyQVSKc8R7I
kY3YW5DvZ0kmtgQ9DcTcHHhy85RzzKkwKXlPoL6idYtqpTPHYq5TJOLltW0oG2Sh
i9RzeoULaXoB1BoyvcPrl3HcHCfV1JAoAAk/5JvDb99iE2qQLWVDrK2f0BZ6s5Uj
Ije6tNjl1ugYRUDuhNv5BJdulYX2eJIaLwHHmooDa8ABHJ70vnjBRSSJaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNWECkEz3JgbLycMzutCU6xx5xjaMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMVlRS1FUUGNtQnN2Snd6TzYwSlRySEhuR05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/+x
MA0GCSqGSIb3DQEBCwUAA4IBAQA2x0ig0PXSpLRGbBzjJNKy39P7KuQ6dsIGMr9h
sMACqkw54Jt8diXmbQqIKFofvjOPvajwdD7aHHrmbr1pd9ULUoEKHESmZSfTa9j+
yXDzsVlWNqArgSDqdm5Uv9BzJ5F1iVKLqLIa/M8LhNXlMUTpSjfnTc6bhLACGoqI
M8JReECIrkjeRxho3g3Xho3JmxzkLKu8YFD3+KI711rV3jlnr9WHxSu96gYXssow
LyYKOkHTk9/Qtv9oViOGzAQWg1TM4ZXKAz8Hzdqdr7/Rt2XbPyYMQUFHYviy3e9J
/qdUm8sdk5nChwNeTyimXm/VnUPUhaByuQUmiTCWy15gkIH3
-----END CERTIFICATE-----