This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/13qi8AI2-EVNpOSQSS-2sC_j3KU.roa
File:                     13qi8AI2-EVNpOSQSS-2sC_j3KU.roa (raw, json)
Hash identifier:          Ao/N1CH5IyqTs+C/2xXMQjWZkUvQDWoCz0AZMzqUUQQ=
Subject key identifier:   D7:7A:A2:F0:02:36:F8:45:4D:A4:E4:90:49:2F:B6:B0:2F:E3:DC:A5
Certificate issuer:       /CN=d301991fc343f358c0f2eebae55cf2da34521c7a
Certificate serial:       019B7C12D88CA14C79832D20D2D713F9A6D5
Authority key identifier: D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/13qi8AI2-EVNpOSQSS-2sC_j3KU.roa
Signing time:             Fri 02 Jan 2026 00:19:28 +0000
ROA not before:           Fri 02 Jan 2026 00:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211005
IP address blocks:        2001:678:fe0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:d8:8c:a1:4c:79:83:2d:20:d2:d7:13:f9:a6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d301991fc343f358c0f2eebae55cf2da34521c7a
        Validity
            Not Before: Jan  2 00:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d77aa2f00236f8454da4e490492fb6b02fe3dca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:df:13:78:8a:a0:76:52:ae:a3:e5:2b:2d:75:
                    2c:30:f7:ab:71:b3:06:f3:11:b8:4e:e0:39:c3:02:
                    09:dd:68:e4:f2:14:ea:32:db:26:68:b3:47:6f:3e:
                    4c:63:d7:a6:5b:07:b0:bc:97:ea:63:fc:c9:fc:0a:
                    2a:78:bc:bf:ab:43:a7:31:85:28:55:92:eb:c5:b3:
                    16:86:c6:e0:f0:65:72:ed:64:06:ba:32:59:c8:15:
                    20:1c:50:c3:92:a4:12:26:59:d5:82:c3:37:ee:48:
                    a6:e1:53:dd:55:d7:a4:eb:96:1e:5d:37:ed:a4:82:
                    c0:db:99:c9:f2:ec:9c:dc:74:13:09:3a:34:6f:bc:
                    7b:58:e4:87:72:2b:aa:d8:06:c5:7c:62:20:5b:db:
                    b5:c9:c2:bf:19:ef:7c:e6:90:e3:ba:ee:cf:8a:b3:
                    90:04:4a:1f:ef:c6:5d:a7:fe:10:0f:dc:ca:00:3e:
                    ec:28:e7:31:8e:d9:43:91:01:06:74:49:4a:26:8f:
                    d2:3f:5f:c9:cf:ad:2a:a1:0a:3a:87:92:1e:e8:84:
                    ae:35:5b:f2:22:68:07:d4:e4:0e:6e:42:2e:91:b5:
                    5f:b1:88:32:c9:d8:d2:1c:e8:7b:63:b1:b5:0a:b0:
                    d6:73:c5:cf:bb:72:05:94:b6:a2:ac:af:a0:a2:7f:
                    d1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7A:A2:F0:02:36:F8:45:4D:A4:E4:90:49:2F:B6:B0:2F:E3:DC:A5
            X509v3 Authority Key Identifier:
                keyid:D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/13qi8AI2-EVNpOSQSS-2sC_j3KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:29:9a:a7:53:82:7a:2a:a5:79:e2:3c:b1:83:c1:67:0d:ec:
         c3:a9:fe:9b:1c:9f:19:3b:af:ac:ee:91:1f:d2:38:c2:87:26:
         02:c1:56:80:2c:86:61:5a:25:52:f6:dd:7e:22:0f:01:a2:98:
         7d:48:3b:13:dc:6f:40:b5:71:c3:18:69:88:36:96:33:1d:50:
         ee:13:22:ba:7c:7b:73:15:a3:0a:be:90:0c:4a:42:3b:36:23:
         62:35:f8:cd:b5:d6:65:10:a7:e6:aa:12:db:be:1e:df:0c:8e:
         22:fe:0f:a6:5b:2f:ac:08:e0:a3:79:df:a2:a9:5d:34:ec:75:
         f5:a6:aa:c4:c2:3a:23:38:de:dc:d5:94:a8:ba:ec:5e:b1:eb:
         f3:99:ea:d5:49:3a:88:25:23:30:ce:7b:00:3b:f6:b6:53:80:
         35:b1:2f:30:ce:7c:95:fc:ea:6d:cc:e2:3c:14:6f:2c:54:89:
         4a:b9:d0:8e:9d:fc:22:fc:8b:69:00:34:db:d6:a7:67:e4:b4:
         0b:90:23:70:5c:94:9b:ac:e1:63:87:fe:4b:f8:19:8d:fd:1d:
         38:e8:ca:4b:9a:be:05:a1:40:5b:9d:f9:0c:07:d8:b7:25:91:
         57:a4:bd:66:93:06:f1:06:b2:55:7b:4b:b1:4f:25:ba:5e:56:
         e5:d7:eb:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EtiMoUx5gy0g0tcT+abVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMDE5OTFmYzM0M2YzNThjMGYyZWViYWU1NWNmMmRhMzQ1
MjFjN2EwHhcNMjYwMTAyMDAxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdhYTJmMDAyMzZmODQ1NGRhNGU0OTA0OTJmYjZiMDJmZTNkY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt8TeIqgdlKuo+UrLXUsMPercbMG
8xG4TuA5wwIJ3Wjk8hTqMtsmaLNHbz5MY9emWwewvJfqY/zJ/AoqeLy/q0OnMYUo
VZLrxbMWhsbg8GVy7WQGujJZyBUgHFDDkqQSJlnVgsM37kim4VPdVdek65YeXTft
pILA25nJ8uyc3HQTCTo0b7x7WOSHciuq2AbFfGIgW9u1ycK/Ge985pDjuu7PirOQ
BEof78Zdp/4QD9zKAD7sKOcxjtlDkQEGdElKJo/SP1/Jz60qoQo6h5Ie6ISuNVvy
ImgH1OQObkIukbVfsYgyydjSHOh7Y7G1CrDWc8XPu3IFlLairK+gon/RWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNd6ovACNvhFTaTkkEkvtrAv49ylMB8GA1UdIwQY
MBaAFNMBmR/DQ/NYwPLuuuVc8to0Uhx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQt
Zjk4YzQ4MzAxNWQ3LzEvMTNxaThBSTItRVZOcE9TUVNTLTJzQ19qM0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQtZjk4YzQ4MzAxNWQ3
LzEvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA/g
MA0GCSqGSIb3DQEBCwUAA4IBAQAoKZqnU4J6KqV54jyxg8FnDezDqf6bHJ8ZO6+s
7pEf0jjChyYCwVaALIZhWiVS9t1+Ig8Boph9SDsT3G9AtXHDGGmINpYzHVDuEyK6
fHtzFaMKvpAMSkI7NiNiNfjNtdZlEKfmqhLbvh7fDI4i/g+mWy+sCOCjed+iqV00
7HX1pqrEwjojON7c1ZSouuxesevzmerVSTqIJSMwznsAO/a2U4A1sS8wznyV/Opt
zOI8FG8sVIlKudCOnfwi/ItpADTb1qdn5LQLkCNwXJSbrOFjh/5L+BmN/R046MpL
mr4FoUBbnfkMB9i3JZFXpL1mkwbxBrJVe0uxTyW6Xlbl1+vh
-----END CERTIFICATE-----