This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/kGGKQ_LOCr5Ln0myybbsd-XEkBI.roa
File:                     kGGKQ_LOCr5Ln0myybbsd-XEkBI.roa (raw, json)
Hash identifier:          hCLc2O3yec3r2DP8hOWsVfY8Un9Qk+FYyJmGArXKVWo=
Subject key identifier:   90:61:8A:43:F2:CE:0A:BE:4B:9F:49:B2:C9:B6:EC:77:E5:C4:90:12
Certificate issuer:       /CN=bbe1bd6b0d589e1a0f90badf735020714f0ecf7a
Certificate serial:       019BF9CD77C34CC8F5489D80D3C3645A79CD
Authority key identifier: BB:E1:BD:6B:0D:58:9E:1A:0F:90:BA:DF:73:50:20:71:4F:0E:CF:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/kGGKQ_LOCr5Ln0myybbsd-XEkBI.roa
Signing time:             Mon 26 Jan 2026 10:15:50 +0000
ROA not before:           Mon 26 Jan 2026 10:15:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        2001:678:1114::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:cd:77:c3:4c:c8:f5:48:9d:80:d3:c3:64:5a:79:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe1bd6b0d589e1a0f90badf735020714f0ecf7a
        Validity
            Not Before: Jan 26 10:15:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90618a43f2ce0abe4b9f49b2c9b6ec77e5c49012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f1:84:bb:94:b4:31:e6:ff:ca:4c:61:69:42:
                    55:db:e7:e9:d8:64:92:0b:01:29:7e:a5:27:49:13:
                    05:7c:61:48:92:25:45:34:d2:7e:cc:90:dd:fe:ed:
                    e9:19:6d:6e:15:4b:24:67:09:ea:5e:75:1a:77:3c:
                    b6:8a:6a:09:6b:16:9e:c3:ca:70:a8:b7:19:73:ab:
                    cd:09:a3:cc:89:bb:85:fc:e6:1e:d3:34:bb:d3:b4:
                    1b:be:53:24:78:97:a1:ab:ec:c3:45:d3:b9:27:08:
                    84:b1:2d:43:7e:f7:5e:f4:c1:dc:42:54:4a:4d:ca:
                    1e:28:33:4c:a8:43:0f:85:e9:64:5f:46:d9:80:2a:
                    c3:91:20:84:32:df:b3:4b:23:9c:79:e8:5e:83:cc:
                    44:d1:b4:56:43:f4:f3:7d:49:31:6f:5d:52:c4:5b:
                    28:f3:29:13:d5:ca:c5:cf:ef:22:50:8d:c7:33:da:
                    7a:59:ee:25:e8:59:a9:a8:03:09:3e:0c:a2:e7:fe:
                    63:55:d0:8a:45:aa:c2:de:fb:68:3e:41:78:7f:86:
                    5f:61:7a:81:05:dd:64:03:9a:a7:42:2e:ff:04:86:
                    9c:6d:32:35:34:33:47:72:2a:9e:af:05:70:19:00:
                    a9:51:53:c7:b7:0e:f0:24:2d:08:37:82:46:e0:32:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:61:8A:43:F2:CE:0A:BE:4B:9F:49:B2:C9:B6:EC:77:E5:C4:90:12
            X509v3 Authority Key Identifier:
                keyid:BB:E1:BD:6B:0D:58:9E:1A:0F:90:BA:DF:73:50:20:71:4F:0E:CF:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/kGGKQ_LOCr5Ln0myybbsd-XEkBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/815e08-a5cf-4f01-90cb-617d17be3004/1/u-G9aw1YnhoPkLrfc1AgcU8Oz3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1114::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:f4:ae:0a:9b:ad:1b:94:91:3e:e9:a3:37:fd:f5:e0:a9:43:
         66:cb:f6:8f:39:f7:71:fe:fb:e5:0b:c2:dd:ac:d2:40:29:0b:
         b0:de:4c:fe:20:ca:53:77:ef:60:e6:03:91:c9:d6:5f:0f:c7:
         cd:c1:c5:8d:31:e1:d0:3d:67:87:e6:1e:6c:65:c1:97:14:3d:
         44:12:9a:84:c4:7f:1f:ee:28:2e:6e:97:e5:42:70:38:81:49:
         2c:9c:df:5b:17:42:79:4a:4a:b4:80:b7:c1:b0:d0:9a:94:18:
         d5:b8:73:a4:e4:4e:31:8c:13:8d:e4:1b:63:90:bb:97:42:5e:
         cb:49:a5:26:b6:14:99:d2:68:8f:d0:66:02:5c:00:35:29:55:
         53:fc:89:5e:46:fb:ae:a0:27:4a:81:8a:93:8c:da:51:ac:d0:
         68:b3:8e:93:90:ab:9f:f4:48:c9:d4:0f:24:de:89:89:00:80:
         33:0f:c8:e9:b1:c2:95:31:a9:1a:ca:7d:58:a3:49:fb:7b:71:
         0b:78:a7:c7:39:b7:dc:c5:31:31:ed:d0:91:1c:fe:8a:4a:8c:
         32:ac:64:9e:48:8d:27:e9:65:41:01:c0:6c:51:37:e7:01:18:
         61:84:90:07:ec:c2:74:9a:fe:7c:a3:ba:22:7f:2c:f1:96:71:
         37:be:49:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZv5zXfDTMj1SJ2A08NkWnnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTFiZDZiMGQ1ODllMWEwZjkwYmFkZjczNTAyMDcxNGYw
ZWNmN2EwHhcNMjYwMTI2MTAxNTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDYxOGE0M2YyY2UwYWJlNGI5ZjQ5YjJjOWI2ZWM3N2U1YzQ5MDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfGEu5S0Meb/ykxhaUJV2+fp2GSS
CwEpfqUnSRMFfGFIkiVFNNJ+zJDd/u3pGW1uFUskZwnqXnUadzy2imoJaxaew8pw
qLcZc6vNCaPMibuF/OYe0zS707QbvlMkeJehq+zDRdO5JwiEsS1Dfvde9MHcQlRK
TcoeKDNMqEMPhelkX0bZgCrDkSCEMt+zSyOceeheg8xE0bRWQ/TzfUkxb11SxFso
8ykT1crFz+8iUI3HM9p6We4l6FmpqAMJPgyi5/5jVdCKRarC3vtoPkF4f4ZfYXqB
Bd1kA5qnQi7/BIacbTI1NDNHciqerwVwGQCpUVPHtw7wJC0IN4JG4DILMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJBhikPyzgq+S59Jssm27HflxJASMB8GA1UdIwQY
MBaAFLvhvWsNWJ4aD5C633NQIHFPDs96MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1HOWF3MVluaG9Qa0xyZmMxQWdjVThPejNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84MTVlMDgtYTVjZi00ZjAxLTkwY2It
NjE3ZDE3YmUzMDA0LzEva0dHS1FfTE9DcjVMbjBteXliYnNkLVhFa0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84MTVlMDgtYTVjZi00ZjAxLTkwY2ItNjE3ZDE3YmUzMDA0
LzEvdS1HOWF3MVluaG9Qa0xyZmMxQWdjVThPejNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBEU
MA0GCSqGSIb3DQEBCwUAA4IBAQCb9K4Km60blJE+6aM3/fXgqUNmy/aPOfdx/vvl
C8LdrNJAKQuw3kz+IMpTd+9g5gORydZfD8fNwcWNMeHQPWeH5h5sZcGXFD1EEpqE
xH8f7igubpflQnA4gUksnN9bF0J5Skq0gLfBsNCalBjVuHOk5E4xjBON5BtjkLuX
Ql7LSaUmthSZ0miP0GYCXAA1KVVT/IleRvuuoCdKgYqTjNpRrNBos46TkKuf9EjJ
1A8k3omJAIAzD8jpscKVMakayn1Yo0n7e3ELeKfHObfcxTEx7dCRHP6KSowyrGSe
SI0n6WVBAcBsUTfnARhhhJAH7MJ0mv58o7oifyzxlnE3vkkj
-----END CERTIFICATE-----