This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/TnpKsIrCpfum69mVWYffLpmGkW4.roa
File:                     TnpKsIrCpfum69mVWYffLpmGkW4.roa (raw, json)
Hash identifier:          GTcF25unpZajDdgtvW9ktN1du2kJWKPqouAAWsJtWlU=
Subject key identifier:   4E:7A:4A:B0:8A:C2:A5:FB:A6:EB:D9:95:59:87:DF:2E:99:86:91:6E
Certificate issuer:       /CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
Certificate serial:       019B7E378E7452CB35906BFED0AEF5A784C7
Authority key identifier: CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/TnpKsIrCpfum69mVWYffLpmGkW4.roa
Signing time:             Fri 02 Jan 2026 10:18:48 +0000
ROA not before:           Fri 02 Jan 2026 10:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15542
IP address blocks:        2001:67c:2c24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:8e:74:52:cb:35:90:6b:fe:d0:ae:f5:a7:84:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
        Validity
            Not Before: Jan  2 10:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e7a4ab08ac2a5fba6ebd9955987df2e9986916e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a0:ca:54:33:61:3c:02:ab:ad:5d:ff:af:27:
                    2c:4a:66:df:cc:fb:cf:45:b4:79:62:a2:8d:30:d9:
                    48:8b:45:dd:e4:f0:b8:e4:bf:f6:5e:cf:9f:ad:68:
                    ca:87:46:fb:f6:12:59:bc:99:bf:db:6e:da:01:57:
                    bf:ec:e7:43:7e:85:1c:24:08:d8:06:f0:2f:2d:7b:
                    29:1b:fa:9a:c5:4c:8a:88:e6:7b:0b:4a:08:eb:36:
                    15:ef:b4:b0:11:b1:30:9a:4f:34:9f:ea:af:86:c4:
                    a8:64:4c:3f:f2:8d:84:c8:e4:73:fc:0f:e8:d8:0f:
                    a2:fb:83:3f:3b:67:d4:cf:aa:38:3b:0a:90:dc:ad:
                    58:59:d7:da:54:63:84:5f:93:08:7e:d0:c5:f2:92:
                    56:01:96:0b:53:f7:9b:c2:4a:c5:0d:3c:1b:0c:94:
                    9f:5b:f5:be:f0:e1:39:8b:c9:64:31:5b:79:43:70:
                    aa:c1:99:58:6a:23:81:7e:ee:f9:a0:00:d5:e0:f2:
                    f0:ba:48:99:be:d2:f5:2d:6d:86:f0:84:44:93:8e:
                    5f:f2:e6:d6:36:7a:7f:9d:ba:f7:20:77:bb:23:f7:
                    5e:78:f2:eb:55:79:ef:27:0c:35:f9:05:7f:3c:d7:
                    75:5e:67:d9:6b:d5:76:37:4d:41:fc:79:09:d7:5a:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7A:4A:B0:8A:C2:A5:FB:A6:EB:D9:95:59:87:DF:2E:99:86:91:6E
            X509v3 Authority Key Identifier:
                keyid:CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/TnpKsIrCpfum69mVWYffLpmGkW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c24::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:c7:e9:7a:41:98:a0:88:ba:18:8a:0a:9f:fd:42:60:56:8a:
         be:a3:51:c5:f1:80:af:0b:fc:50:25:43:f1:16:ed:6b:e3:97:
         2e:1e:da:8e:43:88:d8:cb:e6:a6:ab:02:fc:9f:39:a3:b0:00:
         79:27:67:8f:24:c4:d8:15:bf:8b:a8:d1:2f:57:3a:02:f6:f6:
         23:1c:b6:83:81:9a:77:0c:16:3e:4f:0c:95:37:8b:d5:24:66:
         7d:c7:32:fa:13:98:f3:9c:ce:33:3e:9b:d4:12:82:87:7f:72:
         09:c3:2a:bb:00:5e:e8:57:b3:fb:99:c3:55:0e:01:81:59:0d:
         2d:eb:88:9b:f4:18:45:d0:b4:3e:f7:09:00:58:00:6e:48:ad:
         f7:b1:29:3b:5b:f5:4c:aa:c4:4d:b7:6f:2f:91:c0:e0:18:27:
         14:97:1d:94:85:f3:f6:4f:50:49:ea:d3:29:af:cc:b3:f7:b4:
         0b:14:c5:26:cb:ca:d3:10:0f:78:81:19:f6:86:f0:ed:01:0f:
         21:b3:9c:b5:2a:ec:75:8c:e4:5d:67:34:46:36:73:9e:28:e8:
         7c:e1:7c:8d:09:16:50:dd:c4:e9:f7:70:c2:8b:c4:05:ad:21:
         9f:81:f0:8c:02:75:05:80:ca:34:01:4b:78:f4:ef:b4:9e:8a:
         1b:22:4a:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+N450Uss1kGv+0K71p4THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZmE4OGMyMmIxZTdjNTJkZTcxYTM3NjQzZGVhM2MzZmNk
ZDQ5NTQwHhcNMjYwMTAyMTAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdhNGFiMDhhYzJhNWZiYTZlYmQ5OTU1OTg3ZGYyZTk5ODY5MTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6DKVDNhPAKrrV3/rycsSmbfzPvP
RbR5YqKNMNlIi0Xd5PC45L/2Xs+frWjKh0b79hJZvJm/227aAVe/7OdDfoUcJAjY
BvAvLXspG/qaxUyKiOZ7C0oI6zYV77SwEbEwmk80n+qvhsSoZEw/8o2EyORz/A/o
2A+i+4M/O2fUz6o4OwqQ3K1YWdfaVGOEX5MIftDF8pJWAZYLU/ebwkrFDTwbDJSf
W/W+8OE5i8lkMVt5Q3CqwZlYaiOBfu75oADV4PLwukiZvtL1LW2G8IREk45f8ubW
Nnp/nbr3IHe7I/deePLrVXnvJww1+QV/PNd1XmfZa9V2N01B/HkJ11qszwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE56SrCKwqX7puvZlVmH3y6ZhpFuMB8GA1UdIwQY
MBaAFMz6iMIrHnxS3nGjdkPeo8P83UlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2Yjkt
ODI3YjY0M2FmM2Q3LzEvVG5wS3NJckNwZnVtNjltVldZZmZMcG1Ha1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2YjktODI3YjY0M2FmM2Q3
LzEvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCwk
MA0GCSqGSIb3DQEBCwUAA4IBAQBGx+l6QZigiLoYigqf/UJgVoq+o1HF8YCvC/xQ
JUPxFu1r45cuHtqOQ4jYy+amqwL8nzmjsAB5J2ePJMTYFb+LqNEvVzoC9vYjHLaD
gZp3DBY+TwyVN4vVJGZ9xzL6E5jznM4zPpvUEoKHf3IJwyq7AF7oV7P7mcNVDgGB
WQ0t64ib9BhF0LQ+9wkAWABuSK33sSk7W/VMqsRNt28vkcDgGCcUlx2UhfP2T1BJ
6tMpr8yz97QLFMUmy8rTEA94gRn2hvDtAQ8hs5y1Kux1jORdZzRGNnOeKOh84XyN
CRZQ3cTp93DCi8QFrSGfgfCMAnUFgMo0AUt49O+0noobIkoB
-----END CERTIFICATE-----