This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/gJtANYusQO8NMqzy-iyHa4KjaCI.roa
File:                     gJtANYusQO8NMqzy-iyHa4KjaCI.roa (raw, json)
Hash identifier:          gFQQr7en/15ldgmaR7ILMj6reu2HCMGG+/gAkeqsOKs=
Subject key identifier:   80:9B:40:35:8B:AC:40:EF:0D:32:AC:F2:FA:2C:87:6B:82:A3:68:22
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B7B359074FB710887B309647ABE7B2163
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/gJtANYusQO8NMqzy-iyHa4KjaCI.roa
Signing time:             Thu 01 Jan 2026 20:17:46 +0000
ROA not before:           Thu 01 Jan 2026 20:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214111
IP address blocks:        2a14:67c1:a170::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:90:74:fb:71:08:87:b3:09:64:7a:be:7b:21:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  1 20:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=809b40358bac40ef0d32acf2fa2c876b82a36822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e7:6c:53:8a:89:9f:4f:ea:99:41:6d:ad:5f:
                    7e:46:a3:ef:35:a9:79:cf:e5:e8:8f:19:43:56:ff:
                    bb:3f:10:d5:80:c8:0b:8a:c5:38:c5:db:c1:b7:e4:
                    53:75:61:72:a4:8e:c8:f7:33:c3:ed:8a:63:7c:62:
                    8a:b7:cf:04:d6:3e:fd:7c:a1:b1:f7:95:c9:af:f3:
                    55:6d:e7:27:53:e5:2c:fb:9e:b2:66:b4:a5:a4:71:
                    73:77:07:9c:82:53:46:d6:61:08:c8:ee:62:bf:d7:
                    bf:2c:17:79:dd:7a:eb:f1:ef:c0:86:c7:32:c0:37:
                    96:59:b3:aa:88:87:f5:2c:77:b6:39:5a:99:85:4a:
                    7e:f3:e8:9c:25:0d:54:06:b7:9a:61:8e:7b:64:e6:
                    db:01:e6:74:68:f8:8d:ba:91:70:ed:50:12:38:86:
                    e2:49:ba:8b:38:50:2d:fa:4c:7c:1f:9b:e1:87:a3:
                    60:04:3e:4e:b7:02:d5:ea:e0:ae:fc:d2:74:3d:7b:
                    1c:7f:ff:1f:06:2b:8e:0b:99:34:1f:fa:22:d1:04:
                    66:08:da:b0:cf:fb:b6:69:f0:5e:22:75:3f:74:a7:
                    e5:5c:19:de:e7:d5:0f:03:6d:eb:29:ce:29:76:b5:
                    15:3a:83:1e:80:2a:ca:a9:29:b7:72:bc:5e:7d:d4:
                    98:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9B:40:35:8B:AC:40:EF:0D:32:AC:F2:FA:2C:87:6B:82:A3:68:22
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/gJtANYusQO8NMqzy-iyHa4KjaCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a170::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:df:25:1a:2c:be:e9:be:cb:3d:5d:26:b3:69:e2:23:9d:bf:
         ba:fd:1e:f0:da:da:76:5e:9b:8a:40:74:77:c2:24:19:c6:14:
         8f:ca:d4:5c:ad:38:94:3e:d4:5f:21:fb:f0:ef:47:96:fc:6a:
         67:5a:b0:b3:fd:52:7e:88:5a:39:71:fe:12:55:58:4b:d5:9f:
         61:4a:1e:a5:bd:2a:2a:6d:58:67:b2:95:52:73:56:81:98:7f:
         05:5f:33:35:dd:15:5c:6d:3a:66:69:f5:fe:a2:71:59:09:a5:
         70:fa:4f:96:eb:d5:4e:2a:71:ed:d7:c7:61:54:23:4a:0d:47:
         bf:d8:bf:46:99:d8:61:50:32:5a:55:87:74:19:3b:d3:4a:53:
         a4:da:95:b2:b1:a9:db:33:3a:8a:50:9f:b0:cc:2f:33:e5:f9:
         3f:ca:bc:a6:9b:15:61:e5:c4:8d:4b:bb:ec:ac:d9:71:5a:85:
         66:d3:e2:c2:50:4e:15:dc:18:f6:fe:f8:81:dd:4c:2a:32:36:
         28:5b:29:0c:47:96:9a:d1:95:24:4a:dd:fb:f1:cd:56:4e:aa:
         be:69:b0:12:e4:ef:a1:97:2c:9f:fb:99:25:9e:29:1c:49:97:
         1e:0b:c3:bf:75:be:e3:32:4a:f7:95:3d:eb:81:48:12:e4:74:
         c5:30:13:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NZB0+3EIh7MJZHq+eyFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTAxMjAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDliNDAzNThiYWM0MGVmMGQzMmFjZjJmYTJjODc2YjgyYTM2ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAredsU4qJn0/qmUFtrV9+RqPvNal5
z+XojxlDVv+7PxDVgMgLisU4xdvBt+RTdWFypI7I9zPD7YpjfGKKt88E1j79fKGx
95XJr/NVbecnU+Us+56yZrSlpHFzdwecglNG1mEIyO5iv9e/LBd53Xrr8e/Ahscy
wDeWWbOqiIf1LHe2OVqZhUp+8+icJQ1UBreaYY57ZObbAeZ0aPiNupFw7VASOIbi
SbqLOFAt+kx8H5vhh6NgBD5OtwLV6uCu/NJ0PXscf/8fBiuOC5k0H/oi0QRmCNqw
z/u2afBeInU/dKflXBne59UPA23rKc4pdrUVOoMegCrKqSm3crxefdSYhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFICbQDWLrEDvDTKs8vosh2uCo2giMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvZ0p0QU5ZdXNRTzhOTXF6eS1peUhhNEtqYUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwaFw
MA0GCSqGSIb3DQEBCwUAA4IBAQBe3yUaLL7pvss9XSazaeIjnb+6/R7w2tp2XpuK
QHR3wiQZxhSPytRcrTiUPtRfIfvw70eW/GpnWrCz/VJ+iFo5cf4SVVhL1Z9hSh6l
vSoqbVhnspVSc1aBmH8FXzM13RVcbTpmafX+onFZCaVw+k+W69VOKnHt18dhVCNK
DUe/2L9GmdhhUDJaVYd0GTvTSlOk2pWysanbMzqKUJ+wzC8z5fk/yrymmxVh5cSN
S7vsrNlxWoVm0+LCUE4V3Bj2/viB3UwqMjYoWykMR5aa0ZUkSt378c1WTqq+abAS
5O+hlyyf+5klnikcSZceC8O/db7jMkr3lT3rgUgS5HTFMBMd
-----END CERTIFICATE-----