This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hgx33y-xqGqm8i0mT9WqKlInO6g.roa
File:                     hgx33y-xqGqm8i0mT9WqKlInO6g.roa (raw, json)
Hash identifier:          0cZEamA+0/Tkm10xxCoZSaCjxG0y0nEu1bOs762v/Ek=
Subject key identifier:   86:0C:77:DF:2F:B1:A8:6A:A6:F2:2D:26:4F:D5:AA:2A:52:27:3B:A8
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019B7B35948B4E6168CE8CB3F0180448B92C
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hgx33y-xqGqm8i0mT9WqKlInO6g.roa
Signing time:             Thu 01 Jan 2026 20:17:47 +0000
ROA not before:           Thu 01 Jan 2026 20:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214963
IP address blocks:        2a14:67c1:700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:94:8b:4e:61:68:ce:8c:b3:f0:18:04:48:b9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  1 20:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=860c77df2fb1a86aa6f22d264fd5aa2a52273ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6f:79:0e:bd:31:bb:a6:cc:d1:0e:42:0a:97:
                    d5:f7:0c:f6:53:76:d7:a5:8b:36:ac:6c:4e:4c:1d:
                    51:ea:bd:d6:6a:e4:70:14:69:00:78:28:fc:cf:a8:
                    66:7b:1b:36:c2:b2:02:fd:92:6a:d7:94:65:c1:48:
                    e8:b5:9a:92:71:47:2c:f4:24:cd:84:a9:41:4a:3b:
                    63:25:7d:7b:86:81:3d:49:1b:ce:13:de:43:d8:ff:
                    82:f2:06:ce:e8:9b:c4:63:6b:0f:e5:6d:77:54:bf:
                    4a:5d:ad:8a:1e:48:43:72:e8:b3:a9:97:82:df:bd:
                    90:d4:f4:0e:07:96:f3:4e:09:c5:58:5d:fd:9a:a2:
                    5f:f0:9d:45:3a:2c:ba:75:c5:fc:97:ec:7b:33:92:
                    5c:a5:5b:2d:73:eb:a6:52:b3:43:f0:85:71:02:59:
                    4d:82:8e:e2:2b:a8:c7:f9:10:ca:5a:9c:30:bc:e0:
                    4f:ea:dd:ad:c5:e7:ea:be:12:e2:0e:93:aa:14:0b:
                    62:9a:cc:35:0b:fa:4a:ab:55:6b:29:d1:06:7b:17:
                    bf:80:9d:9e:b3:c6:ce:29:64:cd:e8:9d:14:f8:1f:
                    c7:60:25:6b:e7:05:8e:44:31:1f:f6:55:91:ba:e7:
                    99:5a:f6:49:c0:1e:31:16:a7:e0:b3:90:04:17:17:
                    41:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:0C:77:DF:2F:B1:A8:6A:A6:F2:2D:26:4F:D5:AA:2A:52:27:3B:A8
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hgx33y-xqGqm8i0mT9WqKlInO6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:96:50:35:22:ab:d7:1e:aa:46:b9:84:f5:06:7b:45:78:6d:
         66:e5:1c:cb:89:c0:1c:65:76:ae:06:5d:6e:03:54:f2:03:ef:
         2a:b3:1d:8d:b9:f1:28:c7:7f:6f:89:eb:b5:cd:16:1c:8f:9d:
         5f:01:65:d6:ce:d4:29:9f:9d:cb:3b:88:d1:f2:64:56:6d:4d:
         7b:7a:78:ff:d2:aa:2e:c6:d7:61:0b:37:28:d9:b8:79:04:af:
         81:0d:ba:51:44:38:44:e6:e7:f9:4a:68:a7:52:da:2a:81:14:
         35:3d:7a:45:e6:08:71:46:13:67:03:53:6a:5e:7f:b5:9a:4e:
         00:0c:a4:f6:05:90:22:3c:6b:ab:b0:d7:b8:3f:24:39:44:42:
         b1:d8:2d:f3:4a:54:56:4f:cf:7c:2a:56:e8:80:2a:ba:4e:2a:
         b6:ca:5e:88:d9:ee:5c:ea:b7:80:41:44:b8:09:26:36:7f:2f:
         9a:b7:fc:92:76:2c:c0:19:cf:a7:60:18:d0:b8:38:54:4c:39:
         5e:8c:e7:29:0f:ed:4a:f1:38:e6:b9:1d:46:e5:fc:65:d9:91:
         ca:4f:0a:e8:c8:49:6a:dc:11:ab:4c:67:d3:fc:24:6f:2c:d8:
         4e:a0:24:44:bc:76:d5:b7:19:3b:4a:9e:d9:76:c6:3f:d4:89:
         00:84:b1:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7NZSLTmFozoyz8BgESLksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTAxMjAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjBjNzdkZjJmYjFhODZhYTZmMjJkMjY0ZmQ1YWEyYTUyMjczYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum95Dr0xu6bM0Q5CCpfV9wz2U3bX
pYs2rGxOTB1R6r3WauRwFGkAeCj8z6hmexs2wrIC/ZJq15RlwUjotZqScUcs9CTN
hKlBSjtjJX17hoE9SRvOE95D2P+C8gbO6JvEY2sP5W13VL9KXa2KHkhDcuizqZeC
372Q1PQOB5bzTgnFWF39mqJf8J1FOiy6dcX8l+x7M5JcpVstc+umUrND8IVxAllN
go7iK6jH+RDKWpwwvOBP6t2txefqvhLiDpOqFAtimsw1C/pKq1VrKdEGexe/gJ2e
s8bOKWTN6J0U+B/HYCVr5wWORDEf9lWRuueZWvZJwB4xFqfgs5AEFxdBXQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIYMd98vsahqpvItJk/VqipSJzuoMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaGd4MzN5LXhxR3FtOGkwbVQ5V3FLbEluTzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwQcw
DQYJKoZIhvcNAQELBQADggEBAGyWUDUiq9ceqka5hPUGe0V4bWblHMuJwBxldq4G
XW4DVPID7yqzHY258SjHf2+J67XNFhyPnV8BZdbO1Cmfncs7iNHyZFZtTXt6eP/S
qi7G12ELNyjZuHkEr4ENulFEOETm5/lKaKdS2iqBFDU9ekXmCHFGE2cDU2pef7Wa
TgAMpPYFkCI8a6uw17g/JDlEQrHYLfNKVFZPz3wqVuiAKrpOKrbKXojZ7lzqt4BB
RLgJJjZ/L5q3/JJ2LMAZz6dgGNC4OFRMOV6M5ykP7UrxOOa5HUbl/GXZkcpPCujI
SWrcEatMZ9P8JG8s2E6gJES8dtW3GTtKntl2xj/UiQCEsaE=
-----END CERTIFICATE-----