This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/Vhdyvlmm2QhYL_DxOw7zRtqN9Zg.roa
File:                     Vhdyvlmm2QhYL_DxOw7zRtqN9Zg.roa (raw, json)
Hash identifier:          Fgu5qryHdVy6pShgsQWdQm6ItENpj8eEaKZ2+YL90F8=
Subject key identifier:   56:17:72:BE:59:A6:D9:08:58:2F:F0:F1:3B:0E:F3:46:DA:8D:F5:98
Certificate issuer:       /CN=20ebaf554c91468c10524baf742ea4b1a5d0b49c
Certificate serial:       019B791138D3297586B5C6140E940EC6112D
Authority key identifier: 20:EB:AF:55:4C:91:46:8C:10:52:4B:AF:74:2E:A4:B1:A5:D0:B4:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOuvVUyRRowQUkuvdC6ksaXQtJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/Vhdyvlmm2QhYL_DxOw7zRtqN9Zg.roa
Signing time:             Thu 01 Jan 2026 10:18:50 +0000
ROA not before:           Thu 01 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212834
IP address blocks:        2001:678:de8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/IOuvVUyRRowQUkuvdC6ksaXQtJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/IOuvVUyRRowQUkuvdC6ksaXQtJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOuvVUyRRowQUkuvdC6ksaXQtJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:38:d3:29:75:86:b5:c6:14:0e:94:0e:c6:11:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20ebaf554c91468c10524baf742ea4b1a5d0b49c
        Validity
            Not Before: Jan  1 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=561772be59a6d908582ff0f13b0ef346da8df598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f2:d7:71:9f:1b:38:05:f1:93:94:4f:6b:a8:
                    ef:58:5c:61:7e:7d:51:a2:83:8a:c4:fb:97:7d:08:
                    07:bc:b2:aa:b1:51:a3:70:61:b1:ca:0d:b2:e9:96:
                    66:71:aa:74:d0:d2:54:01:4a:18:fe:d9:02:e7:2a:
                    fa:9c:14:75:35:a5:40:1a:e6:39:9f:45:b6:a1:dd:
                    30:83:b2:36:16:e4:3b:21:2d:96:12:cd:dd:7b:c8:
                    2b:58:be:e8:73:d1:d0:2c:15:cb:63:72:72:5c:c6:
                    63:01:9e:ae:52:8a:ac:be:02:31:95:8e:05:b6:18:
                    8d:87:7c:cf:10:17:22:55:94:b0:9e:9f:b8:99:28:
                    f8:dc:09:be:2e:7a:f8:a9:49:c8:c7:5f:8c:23:e7:
                    53:24:80:eb:29:2e:47:ab:f8:6f:2a:30:f1:4c:ad:
                    56:81:15:9d:d1:a0:91:3f:3e:66:88:58:fb:08:7d:
                    22:13:eb:37:ef:1c:ee:14:04:1f:28:9d:8e:40:48:
                    45:66:1f:52:6d:57:fa:30:c7:88:0d:5b:57:15:15:
                    c1:3e:4d:6b:3a:53:4c:0e:20:9d:4e:9a:e9:05:f7:
                    cb:a7:d2:e2:72:43:df:e6:5b:de:76:22:ea:bb:6a:
                    c5:7d:a8:55:5e:4d:7a:af:ad:98:f0:16:c1:fd:e7:
                    5d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:17:72:BE:59:A6:D9:08:58:2F:F0:F1:3B:0E:F3:46:DA:8D:F5:98
            X509v3 Authority Key Identifier:
                keyid:20:EB:AF:55:4C:91:46:8C:10:52:4B:AF:74:2E:A4:B1:A5:D0:B4:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOuvVUyRRowQUkuvdC6ksaXQtJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/Vhdyvlmm2QhYL_DxOw7zRtqN9Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3f1c35-5a68-4786-9181-59f19fa10a1c/1/IOuvVUyRRowQUkuvdC6ksaXQtJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:de8::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:ac:1f:68:1f:38:e6:72:c0:95:a4:d9:ae:5f:bb:9d:4a:c0:
         ca:7d:f9:17:90:00:2e:09:19:25:8b:8b:65:b2:c6:91:02:bf:
         83:79:93:34:cb:65:30:fe:e3:d8:24:c1:f3:e5:80:6b:fc:28:
         24:48:c2:7d:49:c9:be:7a:ca:74:0c:25:8d:56:03:41:c5:4d:
         fc:ae:c6:7a:3c:00:b5:b6:ab:3a:9b:e2:5a:f4:88:4e:90:57:
         2e:c3:04:5e:91:2a:f8:ff:ff:1e:3a:0d:95:cc:14:46:9e:bc:
         a3:96:57:f8:a9:6b:96:7b:b9:18:c4:95:3d:03:d6:62:00:39:
         40:66:85:be:33:07:a5:ce:51:b0:82:ef:de:80:e4:fc:97:bb:
         3e:0d:f0:00:c3:c8:c7:48:4f:f6:35:c8:fc:eb:36:b9:d4:13:
         45:94:64:47:8c:05:b2:1f:d4:55:96:72:5b:3a:67:94:4b:1d:
         c0:d9:1d:98:de:24:1b:d4:7a:b2:08:e7:f5:ad:0c:c5:9f:2d:
         76:54:1d:e2:53:2a:a4:fa:ce:6e:8d:85:1b:fd:5f:bd:ec:2d:
         83:f5:f4:d2:07:f3:b1:5f:63:ec:ed:33:83:fa:90:92:1a:43:
         cd:12:cf:d3:d1:5a:75:e7:fa:b2:af:bc:c5:37:ca:ae:68:65:
         06:f8:53:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5ETjTKXWGtcYUDpQOxhEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZWJhZjU1NGM5MTQ2OGMxMDUyNGJhZjc0MmVhNGIxYTVk
MGI0OWMwHhcNMjYwMTAxMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjE3NzJiZTU5YTZkOTA4NTgyZmYwZjEzYjBlZjM0NmRhOGRmNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/LXcZ8bOAXxk5RPa6jvWFxhfn1R
ooOKxPuXfQgHvLKqsVGjcGGxyg2y6ZZmcap00NJUAUoY/tkC5yr6nBR1NaVAGuY5
n0W2od0wg7I2FuQ7IS2WEs3de8grWL7oc9HQLBXLY3JyXMZjAZ6uUoqsvgIxlY4F
thiNh3zPEBciVZSwnp+4mSj43Am+Lnr4qUnIx1+MI+dTJIDrKS5Hq/hvKjDxTK1W
gRWd0aCRPz5miFj7CH0iE+s37xzuFAQfKJ2OQEhFZh9SbVf6MMeIDVtXFRXBPk1r
OlNMDiCdTprpBffLp9LickPf5lvediLqu2rFfahVXk16r62Y8BbB/edd6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFYXcr5ZptkIWC/w8TsO80bajfWYMB8GA1UdIwQY
MBaAFCDrr1VMkUaMEFJLr3QupLGl0LScMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU91dlZVeVJSb3dRVWt1dmRDNmtzYVhRdEp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zZjFjMzUtNWE2OC00Nzg2LTkxODEt
NTlmMTlmYTEwYTFjLzEvVmhkeXZsbW0yUWhZTF9EeE93N3pSdHFOOVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zZjFjMzUtNWE2OC00Nzg2LTkxODEtNTlmMTlmYTEwYTFj
LzEvSU91dlZVeVJSb3dRVWt1dmRDNmtzYVhRdEp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA3o
MA0GCSqGSIb3DQEBCwUAA4IBAQBdrB9oHzjmcsCVpNmuX7udSsDKffkXkAAuCRkl
i4tlssaRAr+DeZM0y2Uw/uPYJMHz5YBr/CgkSMJ9Scm+esp0DCWNVgNBxU38rsZ6
PAC1tqs6m+Ja9IhOkFcuwwRekSr4//8eOg2VzBRGnryjllf4qWuWe7kYxJU9A9Zi
ADlAZoW+MwelzlGwgu/egOT8l7s+DfAAw8jHSE/2Ncj86za51BNFlGRHjAWyH9RV
lnJbOmeUSx3A2R2Y3iQb1HqyCOf1rQzFny12VB3iUyqk+s5ujYUb/V+97C2D9fTS
B/OxX2Ps7TOD+pCSGkPNEs/T0Vp15/qyr7zFN8quaGUG+FPG
-----END CERTIFICATE-----