This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/skeAadI4AP4ZvpAKWtTlCV07X48.roa
File:                     skeAadI4AP4ZvpAKWtTlCV07X48.roa (raw, json)
Hash identifier:          teA/npSH8zrPPm6lOFHsXXFeJadHqVvDUxx+vJRFlGk=
Subject key identifier:   B2:47:80:69:D2:38:00:FE:19:BE:90:0A:5A:D4:E5:09:5D:3B:5F:8F
Certificate issuer:       /CN=aa85c67f22309e0d84c30b542529725328605151
Certificate serial:       019B7BA380CBC134B82043DF80EE788DF575
Authority key identifier: AA:85:C6:7F:22:30:9E:0D:84:C3:0B:54:25:29:72:53:28:60:51:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoXGfyIwng2EwwtUJSlyUyhgUVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/skeAadI4AP4ZvpAKWtTlCV07X48.roa
Signing time:             Thu 01 Jan 2026 22:17:51 +0000
ROA not before:           Thu 01 Jan 2026 22:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204882
IP address blocks:        2001:678:a68::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/qoXGfyIwng2EwwtUJSlyUyhgUVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/qoXGfyIwng2EwwtUJSlyUyhgUVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qoXGfyIwng2EwwtUJSlyUyhgUVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:80:cb:c1:34:b8:20:43:df:80:ee:78:8d:f5:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa85c67f22309e0d84c30b542529725328605151
        Validity
            Not Before: Jan  1 22:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2478069d23800fe19be900a5ad4e5095d3b5f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a0:ec:95:70:cf:6e:b0:3e:66:62:06:72:99:
                    12:3a:0f:36:4b:26:d7:a0:62:6c:a2:50:27:c1:39:
                    0f:5f:1e:15:0d:89:08:b5:18:7c:95:9d:23:16:29:
                    95:79:fd:b3:c3:d2:24:da:c5:17:00:6d:67:69:b7:
                    da:f0:d7:c0:3a:0d:71:e1:fb:55:c7:cb:41:2c:77:
                    11:00:6c:b9:ec:a2:53:92:11:23:6a:25:3c:e8:6b:
                    88:06:d8:e8:26:fc:d0:90:a5:19:43:7f:12:d9:39:
                    21:ef:3e:80:1b:12:7c:bf:8c:34:34:02:ac:76:84:
                    c7:3a:61:61:87:0b:83:fe:3a:62:2e:75:01:eb:a3:
                    1c:35:88:97:96:c0:eb:ba:f7:5c:4a:ef:ff:6e:ab:
                    21:25:d1:58:13:05:48:6e:b0:9a:be:57:bd:01:e3:
                    c4:a3:9d:70:04:11:59:99:48:13:f8:9e:c2:e2:c1:
                    85:d5:0e:5d:7b:20:7e:ce:be:89:c0:75:97:a8:c2:
                    57:51:b3:55:dd:e1:ef:1d:f3:41:4b:19:b7:aa:55:
                    aa:c4:08:05:b8:bc:56:b9:56:f4:8e:99:e6:70:de:
                    bf:61:d3:23:fb:bd:d3:31:9e:22:99:94:d2:2e:24:
                    91:2e:49:18:a8:64:a8:0d:6a:97:ef:04:bf:a9:c5:
                    20:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:47:80:69:D2:38:00:FE:19:BE:90:0A:5A:D4:E5:09:5D:3B:5F:8F
            X509v3 Authority Key Identifier:
                keyid:AA:85:C6:7F:22:30:9E:0D:84:C3:0B:54:25:29:72:53:28:60:51:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoXGfyIwng2EwwtUJSlyUyhgUVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/skeAadI4AP4ZvpAKWtTlCV07X48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e79202-acab-4b1a-992b-2a2ed45e2712/1/qoXGfyIwng2EwwtUJSlyUyhgUVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a68::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:20:d1:21:ab:ca:67:ed:fb:d0:aa:68:fe:b1:64:cf:52:47:
         aa:43:21:32:4d:f5:53:29:f0:36:7d:d7:a5:e6:e6:c9:cc:37:
         d9:a6:6b:8f:c8:d1:f5:80:c0:3f:e7:3b:38:ac:ad:bb:d3:7a:
         fd:54:6c:7d:8b:9f:b3:32:f5:cf:4c:f9:51:c0:28:88:e5:f7:
         02:86:a3:6e:ca:1f:2d:17:d2:65:0a:52:e0:e2:e2:81:c7:d9:
         72:c7:0d:e5:57:00:92:cf:5b:0a:89:27:74:4b:46:b8:e4:b5:
         be:a0:82:e7:70:26:7b:c4:4e:81:40:09:50:0e:21:d7:eb:e1:
         05:c1:56:76:59:b9:54:6b:15:21:d2:bc:b4:38:ee:c2:f8:b7:
         07:6f:0e:3c:3e:27:20:0f:80:8c:de:b4:fe:8d:73:8d:74:f8:
         88:87:6f:bc:7e:33:1b:16:b6:a3:b0:a1:57:71:61:48:62:ae:
         6f:a3:d2:0e:44:83:e9:4b:0b:71:1d:75:c9:5d:fe:8d:4f:20:
         10:83:18:44:ed:a5:a9:95:f9:ef:0a:54:d5:f9:d1:fe:64:d0:
         a8:00:15:17:6b:6e:88:2c:4a:b2:70:dd:d8:a1:98:bf:1e:5e:
         ff:eb:26:15:c5:22:af:24:6b:ca:5b:5a:15:99:01:b7:01:6b:
         62:6b:e0:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7o4DLwTS4IEPfgO54jfV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODVjNjdmMjIzMDllMGQ4NGMzMGI1NDI1Mjk3MjUzMjg2
MDUxNTEwHhcNMjYwMTAxMjIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjQ3ODA2OWQyMzgwMGZlMTliZTkwMGE1YWQ0ZTUwOTVkM2I1ZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKDslXDPbrA+ZmIGcpkSOg82SybX
oGJsolAnwTkPXx4VDYkItRh8lZ0jFimVef2zw9Ik2sUXAG1nabfa8NfAOg1x4ftV
x8tBLHcRAGy57KJTkhEjaiU86GuIBtjoJvzQkKUZQ38S2Tkh7z6AGxJ8v4w0NAKs
doTHOmFhhwuD/jpiLnUB66McNYiXlsDruvdcSu//bqshJdFYEwVIbrCavle9AePE
o51wBBFZmUgT+J7C4sGF1Q5deyB+zr6JwHWXqMJXUbNV3eHvHfNBSxm3qlWqxAgF
uLxWuVb0jpnmcN6/YdMj+73TMZ4imZTSLiSRLkkYqGSoDWqX7wS/qcUgkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLJHgGnSOAD+Gb6QClrU5QldO1+PMB8GA1UdIwQY
MBaAFKqFxn8iMJ4NhMMLVCUpclMoYFFRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9YR2Z5SXduZzJFd3d0VUpTbHlVeWhnVVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lNzkyMDItYWNhYi00YjFhLTk5MmIt
MmEyZWQ0NWUyNzEyLzEvc2tlQWFkSTRBUDRadnBBS1d0VGxDVjA3WDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9lNzkyMDItYWNhYi00YjFhLTk5MmItMmEyZWQ0NWUyNzEy
LzEvcW9YR2Z5SXduZzJFd3d0VUpTbHlVeWhnVVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeApo
MA0GCSqGSIb3DQEBCwUAA4IBAQB1INEhq8pn7fvQqmj+sWTPUkeqQyEyTfVTKfA2
fdel5ubJzDfZpmuPyNH1gMA/5zs4rK2703r9VGx9i5+zMvXPTPlRwCiI5fcChqNu
yh8tF9JlClLg4uKBx9lyxw3lVwCSz1sKiSd0S0a45LW+oILncCZ7xE6BQAlQDiHX
6+EFwVZ2WblUaxUh0ry0OO7C+LcHbw48PicgD4CM3rT+jXONdPiIh2+8fjMbFraj
sKFXcWFIYq5vo9IORIPpSwtxHXXJXf6NTyAQgxhE7aWplfnvClTV+dH+ZNCoABUX
a26ILEqycN3YoZi/Hl7/6yYVxSKvJGvKW1oVmQG3AWtia+BP
-----END CERTIFICATE-----