This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/20o6hg6yaVER6kVktlRC-JCESYQ.roa
File:                     20o6hg6yaVER6kVktlRC-JCESYQ.roa (raw, json)
Hash identifier:          ymV3XWOtE6TVopl8yntMuzhkTH9LeMDDpjSynZ9Lzd0=
Subject key identifier:   DB:4A:3A:86:0E:B2:69:51:11:EA:45:64:B6:54:42:F8:90:84:49:84
Certificate issuer:       /CN=fd15482a656009aa1bc805148368d1ebdf8f62c8
Certificate serial:       019B7CEDDED0F724DA09CF30334E52C31ECF
Authority key identifier: FD:15:48:2A:65:60:09:AA:1B:C8:05:14:83:68:D1:EB:DF:8F:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_RVIKmVgCaobyAUUg2jR69-PYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/20o6hg6yaVER6kVktlRC-JCESYQ.roa
Signing time:             Fri 02 Jan 2026 04:18:42 +0000
ROA not before:           Fri 02 Jan 2026 04:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206362
IP address blocks:        2001:678:fdc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/_RVIKmVgCaobyAUUg2jR69-PYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/_RVIKmVgCaobyAUUg2jR69-PYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_RVIKmVgCaobyAUUg2jR69-PYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:de:d0:f7:24:da:09:cf:30:33:4e:52:c3:1e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd15482a656009aa1bc805148368d1ebdf8f62c8
        Validity
            Not Before: Jan  2 04:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db4a3a860eb2695111ea4564b65442f890844984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4f:f6:3b:5b:d8:eb:28:87:be:0f:4b:07:3a:
                    61:95:5e:06:3d:3c:46:96:c2:ca:5b:90:7e:1a:fc:
                    29:06:ea:ab:b8:d5:83:6b:56:52:39:13:ef:ad:9c:
                    a8:1e:52:11:ff:8b:82:64:c2:25:bd:c7:6d:d5:c9:
                    cc:0d:e7:3f:3a:3c:d2:c2:22:22:e1:e1:93:33:78:
                    fa:5e:99:94:d3:6e:f1:9a:cc:38:28:23:a6:a4:ea:
                    9d:41:21:6a:a5:35:63:2a:d3:61:14:1d:d2:63:11:
                    86:00:7e:cc:7e:6d:7a:a3:2f:75:4c:9e:6a:7f:b9:
                    68:ef:18:d1:17:ce:89:18:56:4d:16:3c:b2:f3:e9:
                    9d:45:e9:b3:20:ec:d6:0e:2f:08:0b:b1:64:fd:c9:
                    cb:e2:da:9c:7f:6e:b4:b5:b0:56:c1:a2:c1:b0:96:
                    62:58:33:05:2b:e4:cd:e9:f2:1e:63:5c:d4:c2:01:
                    98:cc:ac:e9:55:9a:e3:0e:97:0a:42:a2:c6:3b:1e:
                    2d:a0:8e:e7:87:0f:80:93:ec:7e:37:cf:6e:1d:82:
                    58:45:61:8e:86:27:91:79:5b:b1:98:cf:0b:16:2f:
                    27:f0:5f:de:05:65:32:a3:ec:f0:ee:c0:72:3f:24:
                    3b:07:c9:4d:69:84:a0:8d:91:d2:be:eb:f3:5c:a8:
                    99:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:4A:3A:86:0E:B2:69:51:11:EA:45:64:B6:54:42:F8:90:84:49:84
            X509v3 Authority Key Identifier:
                keyid:FD:15:48:2A:65:60:09:AA:1B:C8:05:14:83:68:D1:EB:DF:8F:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_RVIKmVgCaobyAUUg2jR69-PYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/20o6hg6yaVER6kVktlRC-JCESYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/cee9db-6401-4497-85d1-917c80b14862/1/_RVIKmVgCaobyAUUg2jR69-PYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fdc::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:ee:14:6c:f2:d4:39:c0:78:49:60:aa:73:f1:cd:4f:1e:a8:
         ae:f1:8d:60:b8:52:d6:88:25:55:95:8a:d8:cf:16:24:e6:70:
         a1:5b:27:66:f5:a8:99:0d:57:91:52:7a:5a:8e:a7:3d:ea:56:
         f8:c9:20:e9:11:41:6f:3e:81:bb:44:38:17:4d:9a:00:8f:91:
         9b:4c:0a:3e:ce:49:37:8f:b5:1a:7a:fd:c4:06:6c:23:78:db:
         49:d1:01:6d:2b:90:41:c3:8a:87:85:d6:0d:41:d6:20:1c:8e:
         57:ee:40:8c:dc:d8:d9:3f:1d:07:c2:f8:48:cd:49:50:96:ee:
         ef:a4:b6:dc:5d:02:da:66:ee:94:c2:5c:2e:7b:10:a0:ba:54:
         2e:58:f2:b6:59:24:7b:b0:bf:88:47:e1:0c:07:d1:c3:83:9e:
         ab:73:98:c7:43:00:2c:34:fe:79:16:0c:9c:ac:bc:9d:bf:aa:
         0b:da:d0:76:89:9f:3e:af:36:24:6f:2b:0b:f2:a2:f4:87:63:
         37:db:ce:5e:a1:46:58:73:24:e3:f0:2e:6b:de:60:c8:da:bd:
         52:8d:a6:73:16:b6:66:3e:30:7a:99:c1:01:5c:7f:3c:f8:19:
         dc:d1:56:4b:7c:83:34:ae:8e:53:e5:d3:6e:24:18:81:ed:60:
         71:65:83:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87d7Q9yTaCc8wM05Swx7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMTU0ODJhNjU2MDA5YWExYmM4MDUxNDgzNjhkMWViZGY4
ZjYyYzgwHhcNMjYwMTAyMDQxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjRhM2E4NjBlYjI2OTUxMTFlYTQ1NjRiNjU0NDJmODkwODQ0OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0/2O1vY6yiHvg9LBzphlV4GPTxG
lsLKW5B+GvwpBuqruNWDa1ZSORPvrZyoHlIR/4uCZMIlvcdt1cnMDec/OjzSwiIi
4eGTM3j6XpmU027xmsw4KCOmpOqdQSFqpTVjKtNhFB3SYxGGAH7Mfm16oy91TJ5q
f7lo7xjRF86JGFZNFjyy8+mdRemzIOzWDi8IC7Fk/cnL4tqcf260tbBWwaLBsJZi
WDMFK+TN6fIeY1zUwgGYzKzpVZrjDpcKQqLGOx4toI7nhw+Ak+x+N89uHYJYRWGO
hieReVuxmM8LFi8n8F/eBWUyo+zw7sByPyQ7B8lNaYSgjZHSvuvzXKiZ3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNtKOoYOsmlREepFZLZUQviQhEmEMB8GA1UdIwQY
MBaAFP0VSCplYAmqG8gFFINo0evfj2LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1JWSUttVmdDYW9ieUFVVWcyalI2OS1QWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9jZWU5ZGItNjQwMS00NDk3LTg1ZDEt
OTE3YzgwYjE0ODYyLzEvMjBvNmhnNnlhVkVSNmtWa3RsUkMtSkNFU1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9jZWU5ZGItNjQwMS00NDk3LTg1ZDEtOTE3YzgwYjE0ODYy
LzEvX1JWSUttVmdDYW9ieUFVVWcyalI2OS1QWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA/c
MA0GCSqGSIb3DQEBCwUAA4IBAQBj7hRs8tQ5wHhJYKpz8c1PHqiu8Y1guFLWiCVV
lYrYzxYk5nChWydm9aiZDVeRUnpajqc96lb4ySDpEUFvPoG7RDgXTZoAj5GbTAo+
zkk3j7Uaev3EBmwjeNtJ0QFtK5BBw4qHhdYNQdYgHI5X7kCM3NjZPx0HwvhIzUlQ
lu7vpLbcXQLaZu6UwlwuexCgulQuWPK2WSR7sL+IR+EMB9HDg56rc5jHQwAsNP55
FgycrLydv6oL2tB2iZ8+rzYkbysL8qL0h2M3285eoUZYcyTj8C5r3mDI2r1SjaZz
FrZmPjB6mcEBXH88+Bnc0VZLfIM0ro5T5dNuJBiB7WBxZYPT
-----END CERTIFICATE-----