This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VKbg6QC4XA4g6neus15dnSB3WbI.roa
File:                     VKbg6QC4XA4g6neus15dnSB3WbI.roa (raw, json)
Hash identifier:          9sbFMpuze7ZDRp3dU1NyXXw+y9zZFrUOL6OQbpefK20=
Subject key identifier:   54:A6:E0:E9:00:B8:5C:0E:20:EA:77:AE:B3:5E:5D:9D:20:77:59:B2
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B7F6B9E43DFA56EC4034FF9AC1DA98084
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VKbg6QC4XA4g6neus15dnSB3WbI.roa
Signing time:             Fri 02 Jan 2026 15:55:17 +0000
ROA not before:           Fri 02 Jan 2026 15:55:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204789
IP address blocks:        2a14:67c3:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:6b:9e:43:df:a5:6e:c4:03:4f:f9:ac:1d:a9:80:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  2 15:55:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54a6e0e900b85c0e20ea77aeb35e5d9d207759b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:f6:67:b8:14:32:a5:62:8d:0d:84:17:de:
                    a3:09:08:c0:f8:0d:1d:a0:d8:c8:9b:cf:d9:c0:11:
                    96:95:1b:fb:f4:58:7c:f3:c9:63:6b:d0:80:26:9f:
                    6c:b2:4e:7e:dc:c1:b0:a7:70:46:6d:dd:f1:d6:1e:
                    33:50:66:00:6b:0e:72:7f:a4:a9:62:82:a1:a0:41:
                    66:82:a8:f4:31:34:44:8f:41:96:97:5f:34:f4:07:
                    3d:82:a9:3d:52:4f:67:13:b9:23:5d:c4:f7:ef:7a:
                    32:dd:1d:d2:43:51:ea:63:78:4f:f3:70:8b:94:4b:
                    a7:7a:de:ec:cf:84:a8:7d:76:d5:15:22:08:71:ca:
                    c8:fd:33:50:73:1b:47:93:5d:40:9c:0d:1f:c6:7a:
                    73:d8:4f:4c:b8:df:37:2f:ab:5b:f7:5e:0e:db:af:
                    07:b6:c4:b7:80:8c:3b:9b:1e:54:41:a5:ae:a0:ea:
                    75:b1:c2:8a:07:0c:ec:8d:a0:cb:a0:7e:54:14:cd:
                    2e:50:cb:8b:d4:6d:23:12:60:71:45:d1:e6:19:7a:
                    4a:83:23:34:4d:13:b3:b1:cb:68:e3:09:e5:72:3d:
                    f8:eb:2e:54:8c:e4:18:4b:59:aa:f1:6f:76:0c:a5:
                    6e:98:41:17:23:42:b0:4d:d0:30:f9:27:19:14:09:
                    b9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A6:E0:E9:00:B8:5C:0E:20:EA:77:AE:B3:5E:5D:9D:20:77:59:B2
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VKbg6QC4XA4g6neus15dnSB3WbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:1d:32:aa:fc:ec:c5:f6:2a:74:b8:c6:85:db:8d:95:d7:39:
         b2:84:19:ef:27:93:f5:6e:a4:df:51:ff:c8:c2:76:60:a5:3d:
         45:52:54:20:ff:3b:b3:d6:41:7c:b7:f1:49:f4:a6:46:42:a7:
         75:8d:a8:bf:a5:5c:69:e3:6f:ed:40:95:83:8a:6d:4f:95:47:
         35:db:67:e9:53:e4:62:78:17:5c:6e:87:2b:15:32:95:8a:72:
         fa:04:43:21:5e:dc:68:48:c4:09:25:41:9a:5a:89:5e:47:91:
         b5:42:bc:e3:2d:13:55:1f:a6:1c:b0:a0:c4:51:09:43:0c:57:
         0a:0b:33:d5:f2:6e:ca:7d:ae:ca:90:2f:26:f4:59:df:45:87:
         0c:f5:2a:9f:11:ab:98:f7:42:fe:1a:b8:78:4f:b9:4b:1e:86:
         ff:88:e1:2c:25:ee:78:61:a3:6f:ee:21:e8:bc:6c:16:15:49:
         9a:09:37:69:e4:cd:07:d5:97:c7:74:3d:d1:22:be:91:83:e4:
         39:cd:11:03:5c:14:7b:ba:1c:b4:09:ed:79:a2:11:d0:41:db:
         db:19:00:37:a2:a2:19:83:cd:4e:c1:11:5c:3b:f6:ed:38:63:
         ff:8e:8f:3b:33:04:56:f5:0f:57:75:82:36:a3:46:de:bc:5d:
         0b:66:1d:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/a55D36VuxANP+awdqYCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTAyMTU1NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGE2ZTBlOTAwYjg1YzBlMjBlYTc3YWViMzVlNWQ5ZDIwNzc1OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGD2Z7gUMqVijQ2EF96jCQjA+A0d
oNjIm8/ZwBGWlRv79Fh888lja9CAJp9ssk5+3MGwp3BGbd3x1h4zUGYAaw5yf6Sp
YoKhoEFmgqj0MTREj0GWl1809Ac9gqk9Uk9nE7kjXcT373oy3R3SQ1HqY3hP83CL
lEunet7sz4SofXbVFSIIccrI/TNQcxtHk11AnA0fxnpz2E9MuN83L6tb914O268H
tsS3gIw7mx5UQaWuoOp1scKKBwzsjaDLoH5UFM0uUMuL1G0jEmBxRdHmGXpKgyM0
TROzscto4wnlcj346y5UjOQYS1mq8W92DKVumEEXI0KwTdAw+ScZFAm50QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFSm4OkAuFwOIOp3rrNeXZ0gd1myMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVktiZzZRQzRYQTRnNm5ldXMxNWRuU0IzV2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwwAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAWHTKq/OzF9ip0uMaF242V1zmyhBnvJ5P1bqTf
Uf/IwnZgpT1FUlQg/zuz1kF8t/FJ9KZGQqd1jai/pVxp42/tQJWDim1PlUc122fp
U+RieBdcbocrFTKVinL6BEMhXtxoSMQJJUGaWoleR5G1QrzjLRNVH6YcsKDEUQlD
DFcKCzPV8m7Kfa7KkC8m9FnfRYcM9SqfEauY90L+Grh4T7lLHob/iOEsJe54YaNv
7iHovGwWFUmaCTdp5M0H1ZfHdD3RIr6Rg+Q5zREDXBR7uhy0Ce15ohHQQdvbGQA3
oqIZg81OwRFcO/btOGP/jo87MwRW9Q9XdYI2o0bevF0LZh3T
-----END CERTIFICATE-----