This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/V4zAIgAoy_1XQ7dP32lAlqC0nxM.roa
File:                     V4zAIgAoy_1XQ7dP32lAlqC0nxM.roa (raw, json)
Hash identifier:          o+vrELIZ0yNZvQJf/bVnVUZJH4II7t1VE+Z62K1MGg8=
Subject key identifier:   57:8C:C0:22:00:28:CB:FD:57:43:B7:4F:DF:69:40:96:A0:B4:9F:13
Certificate issuer:       /CN=6ec24e2ac9cd53399651590cf391ad6bbf1b3e26
Certificate serial:       019B7F15DF0E30733FBE527792FD4D29EA02
Authority key identifier: 6E:C2:4E:2A:C9:CD:53:39:96:51:59:0C:F3:91:AD:6B:BF:1B:3E:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/V4zAIgAoy_1XQ7dP32lAlqC0nxM.roa
Signing time:             Fri 02 Jan 2026 14:21:38 +0000
ROA not before:           Fri 02 Jan 2026 14:21:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216441
IP address blocks:        2001:67c:98::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:df:0e:30:73:3f:be:52:77:92:fd:4d:29:ea:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ec24e2ac9cd53399651590cf391ad6bbf1b3e26
        Validity
            Not Before: Jan  2 14:21:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=578cc0220028cbfd5743b74fdf694096a0b49f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:fc:77:69:38:c5:c4:2e:c5:76:27:af:a8:
                    8f:d3:e9:b1:bb:15:20:7f:7e:1f:c8:e8:2d:f4:60:
                    ac:41:33:f9:3e:6a:5d:7b:80:f2:f3:7e:79:cb:03:
                    8a:2d:a9:34:1f:e9:d8:58:05:83:08:e4:90:83:2b:
                    a5:a8:1b:d3:3a:17:12:bc:6c:14:75:e9:4e:f6:a5:
                    0a:fb:3b:49:b5:8d:7a:dc:c5:fc:45:bd:d2:16:dd:
                    3a:b8:79:f1:8b:ac:bb:88:57:24:d3:9a:cf:2f:6d:
                    5c:87:0f:93:f9:79:be:bb:b9:0f:43:c5:8c:77:de:
                    e5:88:c3:42:ca:81:92:de:9f:fe:24:13:1c:9c:5a:
                    67:85:6b:ac:46:8f:ed:40:72:8d:ff:c1:35:92:28:
                    16:88:fb:7e:0b:83:ca:ee:6a:11:95:95:b4:db:16:
                    88:4a:1c:ce:82:2c:74:0d:6d:45:e0:44:ac:fa:26:
                    16:5f:0d:3e:e8:8d:f1:ef:ec:69:19:9a:ad:26:18:
                    fe:bc:56:77:b8:18:35:60:fa:be:1e:cc:07:d6:c0:
                    69:b2:94:98:66:79:53:25:8a:fd:4d:7c:ff:5a:26:
                    8d:ad:3d:e1:44:be:a9:fb:6d:08:bd:a4:e0:af:be:
                    57:fa:27:49:b8:fd:b2:96:36:32:d9:43:f9:c4:48:
                    d8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8C:C0:22:00:28:CB:FD:57:43:B7:4F:DF:69:40:96:A0:B4:9F:13
            X509v3 Authority Key Identifier:
                keyid:6E:C2:4E:2A:C9:CD:53:39:96:51:59:0C:F3:91:AD:6B:BF:1B:3E:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bsJOKsnNUzmWUVkM85Gta78bPiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/V4zAIgAoy_1XQ7dP32lAlqC0nxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c1f962-88d6-4642-a2d3-7a7473c545b1/1/bsJOKsnNUzmWUVkM85Gta78bPiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:98::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:a3:e2:79:fe:f3:81:eb:4f:39:15:5a:ff:eb:fc:df:ea:0a:
         a4:27:22:70:91:8c:25:d6:80:69:5a:82:c9:ed:94:f6:0c:a7:
         2d:9b:6b:dd:e6:23:d3:30:88:1c:07:86:8f:91:71:b5:5f:80:
         44:1b:bc:29:4a:af:dc:b9:ec:0d:e7:63:bf:c8:1b:48:ac:ba:
         b6:47:80:dd:fa:c7:fe:24:c6:cf:02:23:da:41:7b:17:b9:64:
         b2:d8:b7:10:98:f5:17:c4:6c:91:13:29:a5:0d:85:10:70:1a:
         d5:cf:2e:c9:ec:07:19:74:c7:9a:51:e9:1b:5d:97:f2:2f:51:
         ad:2e:80:9a:d8:77:7a:9e:ed:82:af:2c:58:37:54:ba:48:56:
         e5:c5:ba:b2:09:06:95:ae:08:c8:99:bc:6f:d3:1b:fe:f4:bc:
         45:e3:fd:07:3a:1b:f2:a2:31:f9:02:a2:ef:96:ea:9d:af:33:
         44:01:55:33:bb:13:9c:78:5b:bc:e4:b3:9c:de:44:6a:54:0d:
         05:ad:d5:9e:2f:89:07:e8:9e:77:32:18:ba:47:d1:1d:d6:f7:
         54:fe:07:69:5d:7b:35:69:0b:b0:4d:c6:6e:cf:5a:a3:6c:a1:
         48:58:51:64:33:35:45:ba:d6:ac:86:25:b8:1a:c2:ca:ed:11:
         86:5e:60:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/Fd8OMHM/vlJ3kv1NKeoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYzI0ZTJhYzljZDUzMzk5NjUxNTkwY2YzOTFhZDZiYmYx
YjNlMjYwHhcNMjYwMTAyMTQyMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzhjYzAyMjAwMjhjYmZkNTc0M2I3NGZkZjY5NDA5NmEwYjQ5ZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph38d2k4xcQuxXYnr6iP0+mxuxUg
f34fyOgt9GCsQTP5Pmpde4Dy8355ywOKLak0H+nYWAWDCOSQgyulqBvTOhcSvGwU
delO9qUK+ztJtY163MX8Rb3SFt06uHnxi6y7iFck05rPL21chw+T+Xm+u7kPQ8WM
d97liMNCyoGS3p/+JBMcnFpnhWusRo/tQHKN/8E1kigWiPt+C4PK7moRlZW02xaI
ShzOgix0DW1F4ESs+iYWXw0+6I3x7+xpGZqtJhj+vFZ3uBg1YPq+HswH1sBpspSY
ZnlTJYr9TXz/WiaNrT3hRL6p+20IvaTgr75X+idJuP2yljYy2UP5xEjYJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFeMwCIAKMv9V0O3T99pQJagtJ8TMB8GA1UdIwQY
MBaAFG7CTirJzVM5llFZDPORrWu/Gz4mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnNKT0tzbk5Vem1XVVZrTTg1R3RhNzhiUGlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jMWY5NjItODhkNi00NjQyLWEyZDMt
N2E3NDczYzU0NWIxLzEvVjR6QUlnQW95XzFYUTdkUDMybEFscUMwbnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jMWY5NjItODhkNi00NjQyLWEyZDMtN2E3NDczYzU0NWIx
LzEvYnNKT0tzbk5Vem1XVVZrTTg1R3RhNzhiUGlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfACY
MA0GCSqGSIb3DQEBCwUAA4IBAQAdo+J5/vOB6085FVr/6/zf6gqkJyJwkYwl1oBp
WoLJ7ZT2DKctm2vd5iPTMIgcB4aPkXG1X4BEG7wpSq/cuewN52O/yBtIrLq2R4Dd
+sf+JMbPAiPaQXsXuWSy2LcQmPUXxGyREymlDYUQcBrVzy7J7AcZdMeaUekbXZfy
L1GtLoCa2Hd6nu2CryxYN1S6SFblxbqyCQaVrgjImbxv0xv+9LxF4/0HOhvyojH5
AqLvluqdrzNEAVUzuxOceFu85LOc3kRqVA0FrdWeL4kH6J53Mhi6R9Ed1vdU/gdp
XXs1aQuwTcZuz1qjbKFIWFFkMzVFutashiW4GsLK7RGGXmDJ
-----END CERTIFICATE-----