This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/wOCmhg5ukUDjqYrrNe8HL0c6WHY.roa
File:                     wOCmhg5ukUDjqYrrNe8HL0c6WHY.roa (raw, json)
Hash identifier:          py0DTzjoQh1bUaOEwoDGjjlil3qVagDVLMDa9WBCMVE=
Subject key identifier:   C0:E0:A6:86:0E:6E:91:40:E3:A9:8A:EB:35:EF:07:2F:47:3A:58:76
Certificate issuer:       /CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
Certificate serial:       019B7E3819A6D4A82F1DA7680E60E3A25DD9
Authority key identifier: 53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/wOCmhg5ukUDjqYrrNe8HL0c6WHY.roa
Signing time:             Fri 02 Jan 2026 10:19:24 +0000
ROA not before:           Fri 02 Jan 2026 10:19:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:678:868::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:19:a6:d4:a8:2f:1d:a7:68:0e:60:e3:a2:5d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53855c8ece9bd6f8e3940202212ce09b05f5f8a0
        Validity
            Not Before: Jan  2 10:19:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0e0a6860e6e9140e3a98aeb35ef072f473a5876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:77:6d:e1:34:c3:77:5f:8a:02:42:ea:b8:40:
                    42:a8:b5:b8:c3:bf:03:cb:a8:01:6a:c4:6c:6c:c7:
                    99:85:b6:b9:f1:1a:73:8c:3d:9c:0c:b1:bb:31:25:
                    e8:ae:14:45:e1:87:e1:8c:a7:51:1d:89:0e:6f:db:
                    31:74:2b:ff:8b:d0:a2:fa:ce:85:08:62:5e:9b:86:
                    ad:3a:8b:f7:4e:a7:79:eb:06:07:ff:88:80:17:90:
                    55:ca:5c:99:b4:3b:c8:44:2a:02:1e:31:52:da:19:
                    e1:f2:49:8f:2e:14:91:62:f3:6c:6b:0c:b8:a9:5b:
                    59:80:32:ca:cd:69:fe:e3:7c:9a:86:62:46:3a:fa:
                    37:21:24:f4:6a:83:9a:17:e0:ea:17:c5:9f:6f:29:
                    c6:2a:ba:00:8f:83:36:54:8d:79:d8:dc:42:da:a0:
                    8d:16:7b:1e:3b:00:39:72:e9:db:1f:74:32:ab:51:
                    ae:fe:68:9d:2a:3a:f0:ef:a0:29:3e:20:59:2b:16:
                    09:2b:8f:8b:01:5c:31:1e:ad:91:64:43:29:22:01:
                    60:b0:c7:04:e5:ee:78:8c:3f:fe:1d:f1:52:47:b0:
                    b2:76:bd:d8:b3:48:60:4e:a1:89:f6:09:8b:7f:73:
                    de:e1:29:69:5c:8a:47:6a:17:9d:da:cd:70:69:8e:
                    e4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E0:A6:86:0E:6E:91:40:E3:A9:8A:EB:35:EF:07:2F:47:3A:58:76
            X509v3 Authority Key Identifier:
                keyid:53:85:5C:8E:CE:9B:D6:F8:E3:94:02:02:21:2C:E0:9B:05:F5:F8:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4Vcjs6b1vjjlAICISzgmwX1-KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/wOCmhg5ukUDjqYrrNe8HL0c6WHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8336b0-cbe4-4da2-841b-1cefd1fa10a6/1/U4Vcjs6b1vjjlAICISzgmwX1-KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:868::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:0e:1e:8c:4b:31:6c:c6:c9:37:15:81:74:97:b0:e7:c6:ad:
         42:db:7c:ad:e5:23:6c:f3:34:e9:22:2a:74:d8:47:aa:95:e6:
         23:07:63:76:93:f0:c2:12:82:8d:35:57:1a:7c:20:48:43:eb:
         35:1c:6a:09:0e:ef:b3:4e:b4:58:1f:06:85:fd:87:7d:55:1d:
         08:54:cd:65:72:96:aa:0f:02:3b:2f:c5:dc:bc:fd:37:84:52:
         a2:d2:c4:60:e3:a1:bf:d6:fe:2a:a9:d0:f5:52:ef:80:dd:44:
         f8:61:ee:67:67:26:d8:f7:cb:49:02:04:20:7b:ca:a5:e9:51:
         d9:31:95:3c:b5:94:7c:02:47:8f:ac:f7:30:b2:2a:19:36:31:
         69:a2:31:bf:87:77:4b:af:68:3f:b4:a0:fa:3c:9b:15:88:c3:
         89:e8:ab:08:91:a8:9b:d1:a2:ff:92:ae:93:32:85:21:89:b5:
         30:b9:1f:a6:4b:b1:63:71:d9:b9:ee:ef:41:db:83:31:cd:8c:
         d4:ac:a4:c8:6d:80:26:47:63:f9:a0:91:92:b7:54:8d:02:e2:
         c9:ea:8f:1b:97:27:dc:d7:2c:43:96:63:5a:ea:9f:76:f6:e7:
         31:31:fc:70:1d:24:0d:42:40:1a:a7:2e:95:bc:5c:1c:28:7d:
         76:a0:62:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OBmm1KgvHadoDmDjol3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODU1YzhlY2U5YmQ2ZjhlMzk0MDIwMjIxMmNlMDliMDVm
NWY4YTAwHhcNMjYwMTAyMTAxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGUwYTY4NjBlNmU5MTQwZTNhOThhZWIzNWVmMDcyZjQ3M2E1ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXdt4TTDd1+KAkLquEBCqLW4w78D
y6gBasRsbMeZhba58RpzjD2cDLG7MSXorhRF4YfhjKdRHYkOb9sxdCv/i9Ci+s6F
CGJem4atOov3Tqd56wYH/4iAF5BVylyZtDvIRCoCHjFS2hnh8kmPLhSRYvNsawy4
qVtZgDLKzWn+43yahmJGOvo3IST0aoOaF+DqF8WfbynGKroAj4M2VI152NxC2qCN
FnseOwA5cunbH3Qyq1Gu/midKjrw76ApPiBZKxYJK4+LAVwxHq2RZEMpIgFgsMcE
5e54jD/+HfFSR7Cydr3Ys0hgTqGJ9gmLf3Pe4SlpXIpHahed2s1waY7klwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMDgpoYObpFA46mK6zXvBy9HOlh2MB8GA1UdIwQY
MBaAFFOFXI7Om9b445QCAiEs4JsF9figMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWIt
MWNlZmQxZmExMGE2LzEvd09DbWhnNXVrVURqcVlyck5lOEhMMGM2V0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84MzM2YjAtY2JlNC00ZGEyLTg0MWItMWNlZmQxZmExMGE2
LzEvVTRWY2pzNmIxdmpqbEFJQ0lTemdtd1gxLUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAho
MA0GCSqGSIb3DQEBCwUAA4IBAQAlDh6MSzFsxsk3FYF0l7Dnxq1C23yt5SNs8zTp
Iip02EeqleYjB2N2k/DCEoKNNVcafCBIQ+s1HGoJDu+zTrRYHwaF/Yd9VR0IVM1l
cpaqDwI7L8XcvP03hFKi0sRg46G/1v4qqdD1Uu+A3UT4Ye5nZybY98tJAgQge8ql
6VHZMZU8tZR8AkePrPcwsioZNjFpojG/h3dLr2g/tKD6PJsViMOJ6KsIkaib0aL/
kq6TMoUhibUwuR+mS7Fjcdm57u9B24MxzYzUrKTIbYAmR2P5oJGSt1SNAuLJ6o8b
lyfc1yxDlmNa6p929ucxMfxwHSQNQkAapy6VvFwcKH12oGLg
-----END CERTIFICATE-----
Generated at Wed Jan 21 12:19:03 2026 by rpki-client