This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1j1sIxN7dokPMeqtWpa2O79IJ2E.roa
File:                     1j1sIxN7dokPMeqtWpa2O79IJ2E.roa (raw, json)
Hash identifier:          curzmuQMCpShAx5Xjvb+jxSDTma4OGIGe6t1amKgW4Y=
Subject key identifier:   D6:3D:6C:23:13:7B:76:89:0F:31:EA:AD:5A:96:B6:3B:BF:48:27:61
Certificate issuer:       /CN=d6aa89f7b722279c032942dcf24865f6d72d6501
Certificate serial:       019B797E068C343A054BB462C836DE8EF296
Authority key identifier: D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1j1sIxN7dokPMeqtWpa2O79IJ2E.roa
Signing time:             Thu 01 Jan 2026 12:17:40 +0000
ROA not before:           Thu 01 Jan 2026 12:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        62.12.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:06:8c:34:3a:05:4b:b4:62:c8:36:de:8e:f2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa89f7b722279c032942dcf24865f6d72d6501
        Validity
            Not Before: Jan  1 12:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d63d6c23137b76890f31eaad5a96b63bbf482761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8b:f5:4e:6e:2a:74:ab:9d:c8:cf:e0:a8:f3:
                    68:27:cf:7a:0a:f8:73:58:47:3d:ad:78:c3:d8:41:
                    a9:f5:c5:29:35:30:84:b7:88:66:2a:91:57:c1:13:
                    a9:4a:47:19:99:ac:e8:9f:9b:78:6b:58:ee:28:fb:
                    6a:2a:c0:bc:a7:68:7d:db:b4:89:b9:3c:dc:8c:24:
                    80:58:ca:e5:28:d8:a1:04:65:91:db:97:30:de:b5:
                    7a:c2:26:f7:49:f5:c2:49:20:d5:53:ba:6b:b3:60:
                    49:26:5d:9f:61:90:7c:c0:a8:f2:98:29:2d:b5:d2:
                    35:ea:b2:17:34:d1:0c:17:ed:1e:dc:b1:53:ee:03:
                    51:af:11:9d:2b:e4:5b:10:de:fc:fe:d1:5e:f7:cf:
                    6f:86:16:e8:eb:a6:33:81:17:e7:45:19:fa:59:a0:
                    f4:8c:57:71:c3:35:27:da:44:e0:3f:ba:c9:0a:b6:
                    8b:e2:fd:c4:b3:70:95:65:d4:e6:7c:88:ff:6e:87:
                    8c:9d:44:31:05:94:a3:88:f7:ab:16:be:10:90:27:
                    ca:fb:a1:7b:96:0c:c3:61:e6:59:9f:dd:66:b0:9f:
                    6b:5a:62:f5:49:4f:48:8f:06:62:ee:56:c1:e1:68:
                    7a:c2:22:fc:d6:5f:54:62:24:09:38:c9:36:e5:2c:
                    25:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3D:6C:23:13:7B:76:89:0F:31:EA:AD:5A:96:B6:3B:BF:48:27:61
            X509v3 Authority Key Identifier:
                keyid:D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1j1sIxN7dokPMeqtWpa2O79IJ2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.12.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:01:ea:fc:e3:bf:8d:e2:17:59:38:aa:e6:fe:69:df:77:d9:
         0a:ce:51:03:02:6a:c5:72:cf:05:e4:6f:6f:e5:c1:6b:5f:b7:
         26:26:b1:13:af:dd:dd:6e:28:f7:e8:de:bf:68:f1:d5:1c:e1:
         cd:42:38:f2:92:0f:a6:01:5d:85:f4:3e:9e:66:1f:6f:f3:cb:
         c3:d7:ae:ea:5c:82:3c:7f:cd:ac:e8:a0:fe:27:26:84:08:a4:
         07:19:62:89:40:c3:75:f7:b4:68:8e:d7:a1:6a:64:a0:fb:2c:
         10:97:ed:9f:26:e7:f1:61:5d:54:f4:6a:38:82:c0:59:36:a3:
         6b:70:41:4b:39:14:05:6c:d0:35:4d:67:15:12:27:9b:67:7c:
         c0:25:3d:fe:77:9f:e5:48:8d:a1:77:8a:76:07:b6:45:33:88:
         00:1a:d0:2f:cd:4b:26:9b:d9:79:19:ca:50:3e:99:fc:08:a0:
         6f:c5:0f:49:bd:cf:75:17:48:0a:c5:ed:9a:61:f4:11:c6:cc:
         76:ce:28:18:5f:96:53:30:fe:8d:4c:29:6b:9f:50:95:15:f7:
         05:4c:47:69:9f:a7:31:d3:b8:a4:66:86:80:c5:a2:06:3a:f2:
         5a:31:7d:c4:dd:b1:0e:f6:51:e1:99:f9:92:a3:37:87:71:f6:
         32:86:86:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgaMNDoFS7RiyDbejvKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWE4OWY3YjcyMjI3OWMwMzI5NDJkY2YyNDg2NWY2ZDcy
ZDY1MDEwHhcNMjYwMTAxMTIxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNkNmMyMzEzN2I3Njg5MGYzMWVhYWQ1YTk2YjYzYmJmNDgyNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Iv1Tm4qdKudyM/gqPNoJ896Cvhz
WEc9rXjD2EGp9cUpNTCEt4hmKpFXwROpSkcZmazon5t4a1juKPtqKsC8p2h927SJ
uTzcjCSAWMrlKNihBGWR25cw3rV6wib3SfXCSSDVU7prs2BJJl2fYZB8wKjymCkt
tdI16rIXNNEMF+0e3LFT7gNRrxGdK+RbEN78/tFe989vhhbo66YzgRfnRRn6WaD0
jFdxwzUn2kTgP7rJCraL4v3Es3CVZdTmfIj/boeMnUQxBZSjiPerFr4QkCfK+6F7
lgzDYeZZn91msJ9rWmL1SU9IjwZi7lbB4Wh6wiL81l9UYiQJOMk25Swl5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNY9bCMTe3aJDzHqrVqWtju/SCdhMB8GA1UdIwQY
MBaAFNaqife3IiecAylC3PJIZfbXLWUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYt
OGJhNjg4ODY2OWNmLzEvMWoxc0l4Tjdkb2tQTWVxdFdwYTJPNzlJSjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYtOGJhNjg4ODY2OWNm
LzEvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPgw4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhAer847+N4hdZOKrm/mnfd9kKzlEDAmrFcs8F5G9v
5cFrX7cmJrETr93dbij36N6/aPHVHOHNQjjykg+mAV2F9D6eZh9v88vD167qXII8
f82s6KD+JyaECKQHGWKJQMN197RojtehamSg+ywQl+2fJufxYV1U9Go4gsBZNqNr
cEFLORQFbNA1TWcVEiebZ3zAJT3+d5/lSI2hd4p2B7ZFM4gAGtAvzUsmm9l5GcpQ
Ppn8CKBvxQ9Jvc91F0gKxe2aYfQRxsx2zigYX5ZTMP6NTClrn1CVFfcFTEdpn6cx
07ikZoaAxaIGOvJaMX3E3bEO9lHhmfmSozeHcfYyhobh
-----END CERTIFICATE-----