This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/lz8LsNgX1D_wsrCHWat-j5v2uVI.roa
File:                     lz8LsNgX1D_wsrCHWat-j5v2uVI.roa (raw, json)
Hash identifier:          vw9y4aHyYuZp50dhE6CiKPwsukwzG4Dv5+i3W21W3u4=
Subject key identifier:   97:3F:0B:B0:D8:17:D4:3F:F0:B2:B0:87:59:AB:7E:8F:9B:F6:B9:52
Certificate issuer:       /CN=5e51c193fb7ff1746a215c41817f50ecba5a581a
Certificate serial:       019B7F841100DA88FB76240B98F8A08C6A80
Authority key identifier: 5E:51:C1:93:FB:7F:F1:74:6A:21:5C:41:81:7F:50:EC:BA:5A:58:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/lz8LsNgX1D_wsrCHWat-j5v2uVI.roa
Signing time:             Fri 02 Jan 2026 16:22:00 +0000
ROA not before:           Fri 02 Jan 2026 16:22:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:678:f8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:11:00:da:88:fb:76:24:0b:98:f8:a0:8c:6a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e51c193fb7ff1746a215c41817f50ecba5a581a
        Validity
            Not Before: Jan  2 16:22:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=973f0bb0d817d43ff0b2b08759ab7e8f9bf6b952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:15:1d:e8:0a:21:ba:53:f1:2d:7d:8e:c1:d4:
                    91:39:bd:d0:ef:9c:4e:b8:1c:a7:7e:b0:5f:63:f6:
                    c8:7b:73:a8:a6:f8:1d:26:cf:cf:01:c3:f6:0c:25:
                    c9:ac:ea:f5:26:b9:3d:11:52:17:1c:be:41:3f:18:
                    9b:3c:5f:f4:06:47:a7:a5:ac:57:f6:1e:00:4e:e0:
                    8e:0f:e0:97:be:c0:5c:a4:a9:f4:61:21:09:af:0c:
                    3c:76:69:76:6c:62:3f:45:3b:72:b3:67:2d:42:ea:
                    bc:c1:82:2d:83:ab:51:0d:86:40:8c:10:63:12:a8:
                    bb:78:b8:b8:0f:18:77:26:5a:6a:4e:c1:36:e2:6a:
                    80:49:e0:34:2a:8d:50:07:b1:47:f9:bd:33:48:58:
                    d8:bc:b7:7b:c8:78:a8:d4:9e:24:59:16:ee:38:19:
                    ec:55:47:a1:59:3f:66:8d:ac:5b:fb:e3:ae:51:a4:
                    57:80:f2:a1:5e:09:51:df:21:8a:29:13:1d:88:6b:
                    70:7c:ec:f6:7a:70:03:75:0f:da:dd:b4:bf:90:a4:
                    f7:19:44:d3:8c:fd:a2:fc:b0:31:45:24:36:f4:5a:
                    95:e9:21:ce:8d:7c:5b:44:d9:84:de:40:fa:1c:e1:
                    48:13:27:a4:53:3d:65:7e:00:b6:1a:f5:54:36:5a:
                    db:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:3F:0B:B0:D8:17:D4:3F:F0:B2:B0:87:59:AB:7E:8F:9B:F6:B9:52
            X509v3 Authority Key Identifier:
                keyid:5E:51:C1:93:FB:7F:F1:74:6A:21:5C:41:81:7F:50:EC:BA:5A:58:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/lz8LsNgX1D_wsrCHWat-j5v2uVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b8072f-f355-4dd6-9393-6a65d8041803/1/XlHBk_t_8XRqIVxBgX9Q7LpaWBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:53:bb:8d:75:68:26:fb:32:68:a4:7b:9d:89:a7:d8:26:bd:
         58:55:f1:9f:ff:3f:29:cf:dd:21:86:4e:60:9a:e2:1f:65:15:
         6e:28:d5:e8:db:a7:5e:20:1d:ed:d3:dc:2a:2e:24:12:a4:0e:
         25:53:c1:d0:58:a3:1b:b7:a2:2e:93:9a:1a:21:4c:40:71:bb:
         2d:9a:8b:2a:43:6a:a3:1e:4a:f1:51:44:c9:25:95:a5:73:5c:
         82:b6:40:2b:86:1a:42:2e:dd:11:5a:9a:cc:18:23:94:ae:f8:
         64:1a:6e:86:36:07:62:19:15:cd:e1:2d:3f:3c:56:fc:3b:e3:
         6d:bc:b7:34:04:fa:c3:f0:4a:40:3b:25:59:0f:f4:8e:03:0e:
         9d:73:be:a6:fb:e5:bf:8d:46:81:27:42:33:e3:fc:08:ca:0c:
         39:64:ac:fc:40:5c:9a:f3:4a:49:f6:fa:12:3b:4f:e4:de:8a:
         16:73:d2:85:41:b4:04:08:a8:8c:37:b7:8f:a0:5c:de:02:95:
         20:b1:b8:40:5c:43:22:e6:a2:df:72:33:9b:45:7e:4d:5e:40:
         a0:aa:58:50:3a:37:dc:a2:9a:13:bc:a1:96:7a:60:25:56:20:
         56:e1:18:dd:b1:ea:30:dc:e7:62:51:83:2b:3f:03:10:78:07:
         8c:4d:bb:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hBEA2oj7diQLmPigjGqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNTFjMTkzZmI3ZmYxNzQ2YTIxNWM0MTgxN2Y1MGVjYmE1
YTU4MWEwHhcNMjYwMTAyMTYyMjAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzNmMGJiMGQ4MTdkNDNmZjBiMmIwODc1OWFiN2U4ZjliZjZiOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RUd6AohulPxLX2OwdSROb3Q75xO
uBynfrBfY/bIe3OopvgdJs/PAcP2DCXJrOr1Jrk9EVIXHL5BPxibPF/0BkenpaxX
9h4ATuCOD+CXvsBcpKn0YSEJrww8dml2bGI/RTtys2ctQuq8wYItg6tRDYZAjBBj
Eqi7eLi4Dxh3JlpqTsE24mqASeA0Ko1QB7FH+b0zSFjYvLd7yHio1J4kWRbuOBns
VUehWT9mjaxb++OuUaRXgPKhXglR3yGKKRMdiGtwfOz2enADdQ/a3bS/kKT3GUTT
jP2i/LAxRSQ29FqV6SHOjXxbRNmE3kD6HOFIEyekUz1lfgC2GvVUNlrbTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJc/C7DYF9Q/8LKwh1mrfo+b9rlSMB8GA1UdIwQY
MBaAFF5RwZP7f/F0aiFcQYF/UOy6WlgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGxIQmtfdF84WFJxSVZ4QmdYOVE3THBhV0JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iODA3MmYtZjM1NS00ZGQ2LTkzOTMt
NmE2NWQ4MDQxODAzLzEvbHo4THNOZ1gxRF93c3JDSFdhdC1qNXYydVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iODA3MmYtZjM1NS00ZGQ2LTkzOTMtNmE2NWQ4MDQxODAz
LzEvWGxIQmtfdF84WFJxSVZ4QmdYOVE3THBhV0JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA+M
MA0GCSqGSIb3DQEBCwUAA4IBAQB7U7uNdWgm+zJopHudiafYJr1YVfGf/z8pz90h
hk5gmuIfZRVuKNXo26deIB3t09wqLiQSpA4lU8HQWKMbt6Iuk5oaIUxAcbstmosq
Q2qjHkrxUUTJJZWlc1yCtkArhhpCLt0RWprMGCOUrvhkGm6GNgdiGRXN4S0/PFb8
O+NtvLc0BPrD8EpAOyVZD/SOAw6dc76m++W/jUaBJ0Iz4/wIygw5ZKz8QFya80pJ
9voSO0/k3ooWc9KFQbQECKiMN7ePoFzeApUgsbhAXEMi5qLfcjObRX5NXkCgqlhQ
OjfcopoTvKGWemAlViBW4Rjdseow3OdiUYMrPwMQeAeMTbs6
-----END CERTIFICATE-----