This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/fNmRYBB_y5qrTpD_HG4Mj6gKJGg.roa
File:                     fNmRYBB_y5qrTpD_HG4Mj6gKJGg.roa (raw, json)
Hash identifier:          GCMtnktG1EHO/VdELDulMItSCpc0TfpSbN+GlUgxuiE=
Subject key identifier:   7C:D9:91:60:10:7F:CB:9A:AB:4E:90:FF:1C:6E:0C:8F:A8:0A:24:68
Certificate issuer:       /CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
Certificate serial:       019B7C809757C837988909F4422F57AFD441
Authority key identifier: BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/fNmRYBB_y5qrTpD_HG4Mj6gKJGg.roa
Signing time:             Fri 02 Jan 2026 02:19:20 +0000
ROA not before:           Fri 02 Jan 2026 02:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:67c:2ccc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:20:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:97:57:c8:37:98:89:09:f4:42:2f:57:af:d4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
        Validity
            Not Before: Jan  2 02:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cd99160107fcb9aab4e90ff1c6e0c8fa80a2468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6b:db:1b:05:fa:cf:91:f1:4f:cd:2a:3c:00:
                    3c:9f:d6:64:e3:54:a6:88:d0:e1:df:b3:ad:5d:c0:
                    f8:1d:d5:16:25:f2:d9:f1:7c:86:e0:74:fd:6b:7f:
                    23:bf:8a:b5:70:35:7b:83:dd:7d:33:7e:a4:04:5b:
                    76:b8:5c:fd:1e:e3:2f:5f:76:aa:7d:f3:67:d5:68:
                    55:fa:61:fa:71:bf:a1:34:0c:74:91:29:68:b8:f5:
                    33:e0:bd:16:69:9d:ff:f6:2a:64:3d:1e:91:94:e3:
                    02:91:db:06:2a:52:7d:2f:65:01:c9:fb:89:06:49:
                    9e:7b:08:bc:f3:47:64:e5:12:9f:2b:e4:69:8d:41:
                    89:30:db:63:88:e4:c5:97:12:0b:36:5e:43:93:d7:
                    c7:c6:b9:73:2b:1a:54:e0:ea:50:22:01:9c:8e:3e:
                    ab:49:04:e0:00:22:28:72:03:ca:e5:70:5e:51:52:
                    99:45:03:eb:00:82:ec:45:6b:db:07:a0:ad:98:4f:
                    0d:59:01:86:bb:c2:b4:ca:50:59:71:f0:7a:fc:e1:
                    5a:a4:1a:bf:e0:7b:2d:37:36:fb:19:42:a2:dd:50:
                    b7:30:19:1f:4f:e5:59:e0:0b:02:5f:56:e7:e9:9b:
                    10:46:d1:48:d7:54:ae:c9:4c:02:7f:ca:6b:bf:1e:
                    09:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D9:91:60:10:7F:CB:9A:AB:4E:90:FF:1C:6E:0C:8F:A8:0A:24:68
            X509v3 Authority Key Identifier:
                keyid:BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/fNmRYBB_y5qrTpD_HG4Mj6gKJGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ccc::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:d7:5b:6b:51:81:31:66:a8:94:36:71:08:79:fc:58:20:8e:
         0b:dc:8b:a5:ac:8c:97:20:19:c0:ea:f5:11:36:c1:08:cf:3b:
         7d:be:4a:e8:4e:ab:d8:56:2c:46:f3:b8:c0:a0:1c:38:93:a5:
         d2:04:df:b9:d4:58:2f:e6:71:1e:f7:f2:49:62:19:2d:9b:3c:
         02:f0:96:b6:ec:12:32:10:2d:b1:17:6e:d4:5b:c9:ac:3e:10:
         46:cd:a0:ec:3c:68:f6:1d:a9:4b:76:83:19:ad:14:ec:d3:04:
         06:7f:a6:a6:f3:42:58:08:41:87:d2:26:00:81:3a:63:b7:de:
         d0:ad:9d:7c:42:e3:8d:1d:3e:ed:d5:1f:71:2a:34:01:28:28:
         e5:1e:3e:9b:20:cf:a2:d4:b6:62:1c:4e:c6:fe:d3:a7:68:32:
         0b:cf:24:04:c5:36:2f:1a:5f:c8:40:08:a8:d4:82:61:7b:e0:
         f0:12:ce:55:e3:ea:9f:2a:fb:76:7a:7b:92:02:ba:b9:2c:74:
         67:fd:7f:70:94:0c:c4:31:11:53:d5:c6:24:ce:b5:8f:64:2c:
         37:32:41:0d:37:e4:d6:f2:28:ba:31:8e:e6:d2:cd:e2:1c:d5:
         c0:33:f9:05:28:fa:71:f9:d7:a6:76:59:fe:7a:47:fc:c5:c8:
         4d:1a:c9:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8gJdXyDeYiQn0Qi9Xr9RBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTZhYzI4Zjk1NGUxM2RjYjdkYjY5YmMyMjJiNzg1YjRk
NzVmMmMwHhcNMjYwMTAyMDIxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q5OTE2MDEwN2ZjYjlhYWI0ZTkwZmYxYzZlMGM4ZmE4MGEyNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2vbGwX6z5HxT80qPAA8n9Zk41Sm
iNDh37OtXcD4HdUWJfLZ8XyG4HT9a38jv4q1cDV7g919M36kBFt2uFz9HuMvX3aq
ffNn1WhV+mH6cb+hNAx0kSlouPUz4L0WaZ3/9ipkPR6RlOMCkdsGKlJ9L2UByfuJ
Bkmeewi880dk5RKfK+RpjUGJMNtjiOTFlxILNl5Dk9fHxrlzKxpU4OpQIgGcjj6r
SQTgACIocgPK5XBeUVKZRQPrAILsRWvbB6CtmE8NWQGGu8K0ylBZcfB6/OFapBq/
4HstNzb7GUKi3VC3MBkfT+VZ4AsCX1bn6ZsQRtFI11SuyUwCf8prvx4JJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHzZkWAQf8uaq06Q/xxuDI+oCiRoMB8GA1UdIwQY
MBaAFL3mrCj5VOE9y322m8Iit4W0118sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEt
Y2FlNmM3MjVkOTJmLzEvZk5tUllCQl95NXFyVHBEX0hHNE1qNmdLSkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEtY2FlNmM3MjVkOTJm
LzEvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCzM
MA0GCSqGSIb3DQEBCwUAA4IBAQBr11trUYExZqiUNnEIefxYII4L3IulrIyXIBnA
6vURNsEIzzt9vkroTqvYVixG87jAoBw4k6XSBN+51Fgv5nEe9/JJYhktmzwC8Ja2
7BIyEC2xF27UW8msPhBGzaDsPGj2HalLdoMZrRTs0wQGf6am80JYCEGH0iYAgTpj
t97QrZ18QuONHT7t1R9xKjQBKCjlHj6bIM+i1LZiHE7G/tOnaDILzyQExTYvGl/I
QAio1IJhe+DwEs5V4+qfKvt2enuSArq5LHRn/X9wlAzEMRFT1cYkzrWPZCw3MkEN
N+TW8ii6MY7m0s3iHNXAM/kFKPpx+demdln+ekf8xchNGskf
-----END CERTIFICATE-----