This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/4Nxhtu54I66l-A4x2-N5VZOs8rE.roa
File:                     4Nxhtu54I66l-A4x2-N5VZOs8rE.roa (raw, json)
Hash identifier:          Dujla4VJ+3O64diDYHUApL6s+2AEAz0vuNGaE34Rkag=
Subject key identifier:   E0:DC:61:B6:EE:78:23:AE:A5:F8:0E:31:DB:E3:79:55:93:AC:F2:B1
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B99092F8FF794E972D3B8DB0685771BE0
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/4Nxhtu54I66l-A4x2-N5VZOs8rE.roa
Signing time:             Wed 07 Jan 2026 15:17:54 +0000
ROA not before:           Wed 07 Jan 2026 15:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     131633
IP address blocks:        2a14:67c3:9450::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:99:09:2f:8f:f7:94:e9:72:d3:b8:db:06:85:77:1b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  7 15:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0dc61b6ee7823aea5f80e31dbe3795593acf2b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c5:e1:2b:0d:58:26:4a:a4:4f:cd:80:fe:07:
                    3c:78:18:3d:9d:f6:c5:da:70:f3:af:c0:13:58:1d:
                    19:f9:7c:e3:19:c5:c2:12:ea:b2:6c:44:fa:28:36:
                    98:8f:a1:c7:37:66:71:9b:4d:b3:8b:a6:0d:22:cd:
                    a0:93:f3:11:f2:4a:d9:44:15:03:c4:e3:30:0c:d6:
                    35:ba:26:ff:2f:2b:f8:f1:a4:ed:b3:92:a9:1b:b2:
                    e0:5d:eb:30:6d:2d:93:db:4b:a9:cc:d1:63:5d:d4:
                    1a:ec:83:e3:fe:c7:00:e0:f4:4d:5c:27:44:9d:bf:
                    27:89:a4:77:5f:7a:7d:3c:5a:42:70:bc:6c:d1:a9:
                    32:50:d0:c7:99:cf:30:68:99:da:90:8c:3a:d0:b1:
                    18:4a:79:19:6b:7c:49:fa:63:a6:8d:3b:0d:3d:99:
                    a9:c1:c2:4b:63:6c:af:27:43:49:70:8b:0f:87:fe:
                    1c:25:12:37:4a:32:4f:55:5d:1d:05:ae:28:99:74:
                    92:38:b0:e6:28:e6:30:b7:19:ff:dd:45:4d:82:ab:
                    dd:0f:c6:f3:40:cf:40:24:ed:ec:35:e8:f5:8d:41:
                    e1:01:d0:b8:3e:0f:f5:9c:24:a1:2a:fc:d2:7d:5e:
                    dc:31:60:29:02:b1:43:d1:93:7e:1e:5a:a9:45:4e:
                    67:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DC:61:B6:EE:78:23:AE:A5:F8:0E:31:DB:E3:79:55:93:AC:F2:B1
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/4Nxhtu54I66l-A4x2-N5VZOs8rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:9450::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:76:13:53:ee:a1:3d:3f:c4:9d:49:2e:2d:04:b9:fe:b5:81:
         f9:12:86:64:78:73:77:7e:1c:5f:e9:06:b7:6b:8f:b8:73:02:
         de:d1:cf:cc:b1:2f:51:56:b3:3b:a6:47:6b:4f:1a:4e:2e:60:
         dc:58:f4:ce:c9:e4:53:e6:76:bb:78:6d:ac:9e:b9:eb:ca:65:
         7f:23:af:2e:80:f6:e0:eb:92:d8:fe:b2:80:ac:80:b5:04:4a:
         81:a0:d5:1e:11:42:25:67:a0:19:cf:e5:c2:81:0c:26:f7:99:
         3c:71:7b:8d:1c:bc:9b:96:61:05:aa:52:1f:aa:dd:2d:3c:f7:
         18:5e:a9:59:79:d4:ca:ab:80:69:a6:0c:ba:a0:3b:9b:71:58:
         31:f3:5a:a2:98:6f:94:90:f5:e7:7e:4d:d5:de:20:e8:75:d0:
         cb:1a:f3:1a:7b:60:86:f4:d4:c4:56:b7:2f:2c:c8:b3:68:c9:
         cc:13:00:49:24:22:2e:e0:b4:2a:bf:9a:b7:c7:39:75:3c:82:
         aa:e0:f4:d7:fd:cc:57:81:ae:66:21:42:a8:f6:11:61:eb:13:
         e0:a5:d7:5a:b7:99:e2:0c:c9:ac:16:ea:c9:cd:6b:90:c4:c8:
         88:53:18:e1:0b:25:8f:33:8e:41:0d:fb:d0:78:82:56:08:9a:
         3b:db:cc:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZuZCS+P95TpctO42waFdxvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTA3MTUxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGRjNjFiNmVlNzgyM2FlYTVmODBlMzFkYmUzNzk1NTkzYWNmMmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMXhKw1YJkqkT82A/gc8eBg9nfbF
2nDzr8ATWB0Z+XzjGcXCEuqybET6KDaYj6HHN2Zxm02zi6YNIs2gk/MR8krZRBUD
xOMwDNY1uib/Lyv48aTts5KpG7LgXeswbS2T20upzNFjXdQa7IPj/scA4PRNXCdE
nb8niaR3X3p9PFpCcLxs0akyUNDHmc8waJnakIw60LEYSnkZa3xJ+mOmjTsNPZmp
wcJLY2yvJ0NJcIsPh/4cJRI3SjJPVV0dBa4omXSSOLDmKOYwtxn/3UVNgqvdD8bz
QM9AJO3sNej1jUHhAdC4Pg/1nCShKvzSfV7cMWApArFD0ZN+HlqpRU5nRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFODcYbbueCOupfgOMdvjeVWTrPKxMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvNE54aHR1NTRJNjZsLUE0eDItTjVWWk9zOHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnw5RQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBhdhNT7qE9P8SdSS4tBLn+tYH5EoZkeHN3fhxf
6Qa3a4+4cwLe0c/MsS9RVrM7pkdrTxpOLmDcWPTOyeRT5na7eG2snrnrymV/I68u
gPbg65LY/rKArIC1BEqBoNUeEUIlZ6AZz+XCgQwm95k8cXuNHLyblmEFqlIfqt0t
PPcYXqlZedTKq4Bppgy6oDubcVgx81qimG+UkPXnfk3V3iDoddDLGvMae2CG9NTE
VrcvLMizaMnMEwBJJCIu4LQqv5q3xzl1PIKq4PTX/cxXga5mIUKo9hFh6xPgpdda
t5niDMmsFurJzWuQxMiIUxjhCyWPM45BDfvQeIJWCJo728yb
-----END CERTIFICATE-----