This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ffYTR5bghRnUWrOSF1jJ2ejKpLc.roa
File:                     ffYTR5bghRnUWrOSF1jJ2ejKpLc.roa (raw, json)
Hash identifier:          989tcFh5ZwASq39FgsZatEy5XhF8hI3GzLIIeLngSpo=
Subject key identifier:   7D:F6:13:47:96:E0:85:19:D4:5A:B3:92:17:58:C9:D9:E8:CA:A4:B7
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019AC0DF603E8DEB7C8607A26153B5BCCAEE
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ffYTR5bghRnUWrOSF1jJ2ejKpLc.roa
Signing time:             Wed 26 Nov 2025 15:54:15 +0000
ROA not before:           Wed 26 Nov 2025 15:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204535
IP address blocks:        2a14:67c2:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c0:df:60:3e:8d:eb:7c:86:07:a2:61:53:b5:bc:ca:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Nov 26 15:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7df6134796e08519d45ab3921758c9d9e8caa4b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:57:b3:ff:bb:82:21:ae:69:11:2f:61:61:30:
                    e1:74:e7:8c:71:dd:36:c1:de:e3:a0:d6:1a:a9:df:
                    38:7e:5f:41:23:7b:97:89:9d:75:4a:34:a4:bd:3e:
                    d2:91:2e:4a:f0:01:4b:cc:20:a7:47:d7:be:95:5e:
                    0e:d1:2c:6c:b2:a5:13:97:93:59:ee:73:dc:3b:11:
                    9a:e1:ea:0c:1f:16:bd:ee:a3:b1:37:c1:5c:02:c0:
                    29:0b:b0:92:9d:96:03:b4:51:74:b0:10:d9:9e:33:
                    f5:e6:9a:8f:28:1f:cb:08:91:5b:da:fc:7d:9b:c7:
                    78:0b:21:d8:8f:dc:69:e6:b6:d7:09:ec:ef:37:6f:
                    f5:b5:28:e3:14:7c:f9:0d:9b:bf:f9:fe:a9:96:a8:
                    a1:89:5f:92:56:de:6c:1f:5d:f6:0a:5d:a9:41:c5:
                    ec:3c:98:1c:66:3f:92:a8:01:10:3c:dc:8c:b3:25:
                    be:56:9d:84:74:8c:e2:0c:d6:60:ae:45:f7:5e:69:
                    bf:13:c1:a3:f1:12:51:31:89:dc:9c:d2:0d:39:f7:
                    77:ad:8c:59:70:e2:ed:1a:8d:ca:6c:af:98:b7:7d:
                    35:f4:4d:f1:fb:b6:b2:27:a1:05:8a:f1:da:a0:9e:
                    ba:af:41:04:2e:18:1c:17:cd:fe:9f:aa:4a:70:96:
                    7f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F6:13:47:96:E0:85:19:D4:5A:B3:92:17:58:C9:D9:E8:CA:A4:B7
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ffYTR5bghRnUWrOSF1jJ2ejKpLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         0f:9d:c0:2d:ec:33:ee:6c:92:b8:7c:03:d1:f3:44:8e:f8:68:
         c5:22:da:57:d6:69:18:5a:67:01:28:3c:8a:aa:1a:e6:a1:e7:
         70:6b:4a:77:b2:32:dd:bb:ca:5b:43:6b:8d:13:37:a7:5b:b2:
         be:9b:7d:16:3f:9a:96:fb:7a:27:bb:6e:77:19:28:29:c8:9c:
         7a:0e:fa:df:9f:ce:e9:6a:9e:a1:6d:02:c6:f3:50:04:35:11:
         7b:03:29:cd:d0:71:4d:af:60:a7:4e:ff:53:a7:3d:85:60:1a:
         9a:88:4f:ff:e6:e1:33:11:81:c6:b5:c2:df:0d:b1:96:77:91:
         70:75:38:b1:05:2e:78:dd:be:6e:11:b6:db:4c:eb:92:1a:57:
         49:c8:f4:10:19:21:20:b4:54:ba:16:3d:de:c8:03:21:80:3f:
         4c:eb:07:ad:7c:bb:1b:31:90:c5:65:16:6a:8c:21:ff:62:d1:
         ba:83:63:83:e4:dc:a8:07:e0:d0:20:e8:73:10:f4:31:5f:7e:
         47:a8:bd:81:30:29:e2:5a:18:e8:08:28:71:c4:32:75:c1:d4:
         cd:57:53:c8:51:f0:a4:63:d9:7d:43:f2:3d:62:5c:c0:0c:3b:
         3e:5f:a0:b8:5a:5a:eb:aa:35:b0:2e:46:12:5a:a2:f3:01:7a:
         02:94:d0:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZrA32A+jet8hgeiYVO1vMruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMTI2MTU1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGY2MTM0Nzk2ZTA4NTE5ZDQ1YWIzOTIxNzU4YzlkOWU4Y2FhNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVez/7uCIa5pES9hYTDhdOeMcd02
wd7joNYaqd84fl9BI3uXiZ11SjSkvT7SkS5K8AFLzCCnR9e+lV4O0SxssqUTl5NZ
7nPcOxGa4eoMHxa97qOxN8FcAsApC7CSnZYDtFF0sBDZnjP15pqPKB/LCJFb2vx9
m8d4CyHYj9xp5rbXCezvN2/1tSjjFHz5DZu/+f6plqihiV+SVt5sH132Cl2pQcXs
PJgcZj+SqAEQPNyMsyW+Vp2EdIziDNZgrkX3Xmm/E8Gj8RJRMYncnNINOfd3rYxZ
cOLtGo3KbK+Yt3019E3x+7ayJ6EFivHaoJ66r0EELhgcF83+n6pKcJZ/2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH32E0eW4IUZ1FqzkhdYydnoyqS3MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvZmZZVFI1YmdoUm5VV3JPU0YxakoyZWpLcExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwgIw
DQYJKoZIhvcNAQELBQADggEBAA+dwC3sM+5skrh8A9HzRI74aMUi2lfWaRhaZwEo
PIqqGuah53BrSneyMt27yltDa40TN6dbsr6bfRY/mpb7eie7bncZKCnInHoO+t+f
zulqnqFtAsbzUAQ1EXsDKc3QcU2vYKdO/1OnPYVgGpqIT//m4TMRgca1wt8NsZZ3
kXB1OLEFLnjdvm4RtttM65IaV0nI9BAZISC0VLoWPd7IAyGAP0zrB618uxsxkMVl
FmqMIf9i0bqDY4Pk3KgH4NAg6HMQ9DFffkeovYEwKeJaGOgIKHHEMnXB1M1XU8hR
8KRj2X1D8j1iXMAMOz5foLhaWuuqNbAuRhJaovMBegKU0EA=
-----END CERTIFICATE-----