This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/cLgTfW58gyD8I8FOWQPZDbMdcp0.roa
File:                     cLgTfW58gyD8I8FOWQPZDbMdcp0.roa (raw, json)
Hash identifier:          yZdWhr7DnYKfLIDf5ZGbabs6FepIP4VpugPY/EmYKQg=
Subject key identifier:   70:B8:13:7D:6E:7C:83:20:FC:23:C1:4E:59:03:D9:0D:B3:1D:72:9D
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019BBD2B21D43447A52A4AACF6C7AB51A3E0
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/cLgTfW58gyD8I8FOWQPZDbMdcp0.roa
Signing time:             Wed 14 Jan 2026 15:41:19 +0000
ROA not before:           Wed 14 Jan 2026 15:41:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210773
IP address blocks:        2a14:67c3:880::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:bd:2b:21:d4:34:47:a5:2a:4a:ac:f6:c7:ab:51:a3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan 14 15:41:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70b8137d6e7c8320fc23c14e5903d90db31d729d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bf:6b:32:65:02:aa:b9:c1:08:9c:35:20:69:
                    e2:da:29:58:ad:83:d9:fd:96:49:ab:39:4d:15:04:
                    33:75:86:35:06:ed:c5:4c:ae:7c:a3:28:68:c0:23:
                    72:b4:d1:d7:19:11:87:7a:3c:9c:7d:34:15:e8:ea:
                    60:9d:26:12:50:a2:02:d3:2d:fe:78:f9:66:18:1d:
                    3e:2e:51:3f:1b:3d:b7:68:06:c0:be:6d:6f:42:b8:
                    96:6e:c8:67:32:fd:52:c1:6f:ee:af:b8:ab:5c:58:
                    bf:2b:33:7c:ce:6f:5e:50:e8:3f:73:fa:cf:5c:d0:
                    60:3e:d7:71:c1:46:f4:23:57:26:65:e2:dc:05:39:
                    fc:27:e4:b8:82:dd:20:f1:c3:dc:5a:29:fc:c4:7b:
                    49:db:44:cb:28:3c:21:b7:8a:a2:67:11:0f:25:b0:
                    7b:8e:dc:f5:39:81:9a:fb:b3:0d:9c:4a:bc:25:bf:
                    6e:26:89:c2:5f:51:0a:16:21:bf:7a:a2:ad:00:08:
                    e6:8d:c4:dd:fa:98:57:df:16:31:c9:34:fd:e9:2a:
                    b6:3c:5f:b9:f8:a7:73:dc:53:45:c5:cd:d6:7a:99:
                    95:6c:3e:3e:0d:11:f2:dc:39:2b:d2:b9:69:f2:c0:
                    a1:b0:10:24:0c:df:b9:f8:3b:ed:12:ea:0b:8e:e7:
                    c8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B8:13:7D:6E:7C:83:20:FC:23:C1:4E:59:03:D9:0D:B3:1D:72:9D
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/cLgTfW58gyD8I8FOWQPZDbMdcp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:880::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:88:0f:98:02:e5:cc:0e:63:91:78:c0:06:05:83:67:4c:c4:
         c0:13:df:43:9e:f9:fc:a1:54:44:4c:54:da:79:19:39:ad:4e:
         36:73:dc:38:c7:9e:88:f1:a5:70:da:1d:20:e8:14:7a:86:a6:
         b9:ef:ea:24:7b:ad:d8:63:ed:49:a8:eb:09:0d:82:c3:cc:82:
         af:0b:96:2b:5e:c6:ed:78:ae:85:02:dd:3b:3e:d9:5c:33:9e:
         e3:40:2d:98:b5:21:db:24:fa:fc:20:a1:e5:82:62:49:2a:8c:
         f8:ec:54:87:c2:27:3e:bd:ee:a6:7c:32:84:63:ab:67:d9:28:
         70:82:34:81:68:87:3e:7e:44:bf:fc:de:f7:66:4a:59:33:fc:
         32:ae:a6:01:8d:bb:a2:d1:6a:5b:40:6e:79:90:76:c8:96:fd:
         db:34:53:5f:12:15:f9:c0:74:47:38:b2:60:28:ea:09:70:cb:
         05:63:48:53:ea:6b:f4:03:71:b5:7d:f8:d5:c3:d5:b2:23:79:
         9b:7f:63:14:1a:f6:e3:c1:1a:73:87:43:8a:ea:e3:70:c5:af:
         0d:81:7b:94:bd:bc:ac:dc:a0:34:44:44:13:4e:2c:15:97:49:
         36:35:ae:b5:8c:36:e0:f7:e9:29:89:83:12:53:00:45:cc:6b:
         0f:05:bf:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZu9KyHUNEelKkqs9serUaPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTE0MTU0MTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI4MTM3ZDZlN2M4MzIwZmMyM2MxNGU1OTAzZDkwZGIzMWQ3MjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt79rMmUCqrnBCJw1IGni2ilYrYPZ
/ZZJqzlNFQQzdYY1Bu3FTK58oyhowCNytNHXGRGHejycfTQV6OpgnSYSUKIC0y3+
ePlmGB0+LlE/Gz23aAbAvm1vQriWbshnMv1SwW/ur7irXFi/KzN8zm9eUOg/c/rP
XNBgPtdxwUb0I1cmZeLcBTn8J+S4gt0g8cPcWin8xHtJ20TLKDwht4qiZxEPJbB7
jtz1OYGa+7MNnEq8Jb9uJonCX1EKFiG/eqKtAAjmjcTd+phX3xYxyTT96Sq2PF+5
+Kdz3FNFxc3WepmVbD4+DRHy3Dkr0rlp8sChsBAkDN+5+DvtEuoLjufIeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHC4E31ufIMg/CPBTlkD2Q2zHXKdMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvY0xnVGZXNThneUQ4SThGT1dRUFpEYk1kY3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwwiA
MA0GCSqGSIb3DQEBCwUAA4IBAQB6iA+YAuXMDmOReMAGBYNnTMTAE99Dnvn8oVRE
TFTaeRk5rU42c9w4x56I8aVw2h0g6BR6hqa57+oke63YY+1JqOsJDYLDzIKvC5Yr
XsbteK6FAt07PtlcM57jQC2YtSHbJPr8IKHlgmJJKoz47FSHwic+ve6mfDKEY6tn
2ShwgjSBaIc+fkS//N73ZkpZM/wyrqYBjbui0WpbQG55kHbIlv3bNFNfEhX5wHRH
OLJgKOoJcMsFY0hT6mv0A3G1ffjVw9WyI3mbf2MUGvbjwRpzh0OK6uNwxa8NgXuU
vbys3KA0REQTTiwVl0k2Na61jDbg9+kpiYMSUwBFzGsPBb80
-----END CERTIFICATE-----