This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5ziyZMsm-eF8rQKEiPIRLUjKrJc.roa
File:                     5ziyZMsm-eF8rQKEiPIRLUjKrJc.roa (raw, json)
Hash identifier:          ST0tOCj/lVMKy70YCsjUG8APQaOubaCeSEbJbdk4mkA=
Subject key identifier:   E7:38:B2:64:CB:26:F9:E1:7C:AD:02:84:88:F2:11:2D:48:CA:AC:97
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       019B7AC950E17634E9E61B5D859832198F7A
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5ziyZMsm-eF8rQKEiPIRLUjKrJc.roa
Signing time:             Thu 01 Jan 2026 18:19:32 +0000
ROA not before:           Thu 01 Jan 2026 18:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38191
IP address blocks:        2a01:3e0:d01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:50:e1:76:34:e9:e6:1b:5d:85:98:32:19:8f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  1 18:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e738b264cb26f9e17cad028488f2112d48caac97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:eb:52:fd:d2:89:c3:d8:c0:21:45:61:e2:48:
                    07:40:cf:dc:cf:de:50:90:9d:89:2d:b6:c9:0e:d9:
                    79:9b:10:83:f6:de:83:de:9e:75:9f:21:5c:37:a1:
                    a1:b9:f8:5b:a0:9e:e7:36:32:a6:25:f9:5e:ab:e1:
                    a1:f5:af:08:6b:1b:a7:81:44:59:39:fb:1f:c0:fc:
                    00:69:ed:b7:59:10:7d:0b:aa:93:bf:8b:fd:82:78:
                    fe:a3:0f:cc:52:f1:2f:c8:ac:e7:89:45:42:db:dc:
                    4f:32:82:f2:02:44:a7:90:8a:ac:6b:5b:1d:f3:c0:
                    ee:6d:11:2b:30:62:24:14:b0:3c:6e:ef:41:61:52:
                    dd:a3:da:67:e2:2f:ec:b5:b9:29:7f:15:e4:bf:b2:
                    ec:8e:de:c7:4d:33:6d:c8:60:b3:cf:45:c2:98:bc:
                    18:9c:c1:42:ba:eb:74:85:8b:70:70:83:89:eb:b5:
                    e0:eb:e0:e4:1c:bd:4f:5f:c8:2e:84:0c:3a:b4:0a:
                    30:32:4d:f2:04:be:ac:ee:48:fa:cf:b7:c6:4a:d5:
                    24:72:2c:92:e2:f5:44:4a:c3:e2:0d:2e:20:b2:3d:
                    d7:65:0b:ae:8d:1a:e3:1b:98:86:08:18:7e:67:87:
                    c3:25:7c:60:68:3e:1a:94:aa:34:6c:f7:0d:92:5b:
                    52:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:38:B2:64:CB:26:F9:E1:7C:AD:02:84:88:F2:11:2D:48:CA:AC:97
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5ziyZMsm-eF8rQKEiPIRLUjKrJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e0:d01::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:45:2f:95:36:30:ce:92:55:6a:ae:83:75:6c:6c:ab:6c:33:
         5e:1c:bf:2f:70:ad:85:8b:ec:e5:ca:c6:60:e7:84:df:12:08:
         f5:2a:f2:ca:80:f1:3b:3d:0a:66:65:9e:0d:10:cb:51:fb:06:
         bb:6d:3e:32:51:75:9f:46:15:af:67:70:32:65:6d:f0:21:90:
         68:10:bc:6f:9e:8b:c2:2f:32:02:68:93:41:85:ab:cc:c9:84:
         4f:3e:47:6e:4e:a8:15:65:dd:bd:23:f2:05:01:93:d0:b6:fc:
         28:ef:b0:05:c0:91:5e:47:b2:05:a5:7f:6f:77:a1:80:76:37:
         38:01:d6:27:d0:e5:27:68:ac:f9:8f:2b:ef:35:95:f4:ec:e7:
         5d:37:7a:d4:c1:59:f6:a5:41:5d:3d:ae:60:58:1e:97:29:3e:
         94:4f:18:c1:10:70:33:47:e6:cb:96:61:7a:19:bc:21:99:27:
         bc:03:df:5b:3a:90:5e:88:20:b2:0a:06:dc:2c:f3:11:62:84:
         78:96:9f:71:c1:28:cf:93:a9:77:6b:f9:40:77:d0:48:a4:38:
         23:7e:39:8c:dd:ce:48:99:d4:fc:c2:67:62:98:2c:1f:17:7e:
         90:b6:09:4b:e9:ba:b8:64:15:bd:f0:f3:cf:8d:e6:74:eb:07:
         4d:1e:fa:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6yVDhdjTp5htdhZgyGY96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjYwMTAxMTgxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM4YjI2NGNiMjZmOWUxN2NhZDAyODQ4OGYyMTEyZDQ4Y2FhYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyutS/dKJw9jAIUVh4kgHQM/cz95Q
kJ2JLbbJDtl5mxCD9t6D3p51nyFcN6GhufhboJ7nNjKmJfleq+Gh9a8IaxungURZ
OfsfwPwAae23WRB9C6qTv4v9gnj+ow/MUvEvyKzniUVC29xPMoLyAkSnkIqsa1sd
88DubRErMGIkFLA8bu9BYVLdo9pn4i/stbkpfxXkv7Lsjt7HTTNtyGCzz0XCmLwY
nMFCuut0hYtwcIOJ67Xg6+DkHL1PX8guhAw6tAowMk3yBL6s7kj6z7fGStUkciyS
4vVESsPiDS4gsj3XZQuujRrjG5iGCBh+Z4fDJXxgaD4alKo0bPcNkltSKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOc4smTLJvnhfK0ChIjyES1IyqyXMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvNXppeVpNc20tZUY4clFLRWlQSVJMVWpLckpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgED4A0B
MA0GCSqGSIb3DQEBCwUAA4IBAQCSRS+VNjDOklVqroN1bGyrbDNeHL8vcK2Fi+zl
ysZg54TfEgj1KvLKgPE7PQpmZZ4NEMtR+wa7bT4yUXWfRhWvZ3AyZW3wIZBoELxv
novCLzICaJNBhavMyYRPPkduTqgVZd29I/IFAZPQtvwo77AFwJFeR7IFpX9vd6GA
djc4AdYn0OUnaKz5jyvvNZX07OddN3rUwVn2pUFdPa5gWB6XKT6UTxjBEHAzR+bL
lmF6GbwhmSe8A99bOpBeiCCyCgbcLPMRYoR4lp9xwSjPk6l3a/lAd9BIpDgjfjmM
3c5ImdT8wmdimCwfF36QtglL6bq4ZBW98PPPjeZ06wdNHvr1
-----END CERTIFICATE-----