This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/ZIy83scPRt16H-jBNWuSeXwWJvM.roa
File:                     ZIy83scPRt16H-jBNWuSeXwWJvM.roa (raw, json)
Hash identifier:          0BNufUNGwM8pxLnHngYQDTG7LK9cbACS4eSu797tG84=
Subject key identifier:   64:8C:BC:DE:C7:0F:46:DD:7A:1F:E8:C1:35:6B:92:79:7C:16:26:F3
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       019B7B36CB1A15A5EF12FA882BABCDC94FC9
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/ZIy83scPRt16H-jBNWuSeXwWJvM.roa
Signing time:             Thu 01 Jan 2026 20:19:07 +0000
ROA not before:           Thu 01 Jan 2026 20:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212514
IP address blocks:        2a01:ffc0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:cb:1a:15:a5:ef:12:fa:88:2b:ab:cd:c9:4f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan  1 20:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=648cbcdec70f46dd7a1fe8c1356b92797c1626f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d6:20:26:88:3d:fa:fd:fe:b0:e2:1a:49:b8:
                    af:13:87:8d:7f:f0:7c:62:c4:e6:ee:35:67:7d:8f:
                    1b:3d:2c:49:b3:e2:32:03:69:8c:ab:04:b9:5f:d9:
                    fd:8f:ec:81:3b:ab:ad:6f:ee:bf:41:77:2e:59:f9:
                    72:05:bb:2b:94:2a:55:bc:7f:05:65:14:53:bb:e0:
                    84:bb:f9:aa:22:73:e0:c2:c4:a6:22:9d:35:ec:11:
                    48:b9:0d:44:f2:31:02:9e:9d:8a:6f:59:36:2e:87:
                    7f:c1:fc:46:f0:36:07:a7:24:eb:ab:60:02:91:8d:
                    ac:29:e7:a9:ed:9c:6c:f8:ab:e3:d2:d7:be:5c:e5:
                    49:ad:8c:9b:46:03:6b:cc:bf:1a:d3:f1:71:dd:57:
                    a9:5f:d5:3c:c0:f2:ed:f3:71:36:3d:93:9e:dc:eb:
                    84:b8:f3:ab:40:9d:21:d2:04:d2:d1:a3:19:41:8f:
                    45:33:a5:9c:75:99:7e:99:8a:06:46:32:5a:2a:85:
                    68:83:cc:b5:71:12:36:06:f9:1d:7d:a9:94:81:6d:
                    35:2d:84:e7:a3:eb:d8:83:5e:2e:dd:74:2f:21:3d:
                    d6:9e:cf:4b:0c:b5:9a:62:53:c4:9c:1e:f1:b6:c3:
                    63:41:8b:70:c9:24:de:0c:c0:6d:42:23:0f:a9:b6:
                    ae:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8C:BC:DE:C7:0F:46:DD:7A:1F:E8:C1:35:6B:92:79:7C:16:26:F3
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/ZIy83scPRt16H-jBNWuSeXwWJvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:77:ee:a5:d2:d9:48:60:52:bb:2d:d7:6a:b8:0f:9f:d4:da:
         f2:ce:5f:0a:c9:4b:4a:26:eb:80:31:b2:9b:4e:fe:56:97:dc:
         74:b7:f9:12:cd:1e:f9:bc:9e:43:2e:dc:af:ac:d2:9b:30:42:
         f4:75:66:50:50:8c:a9:5b:f4:5f:22:40:cf:ff:7e:ec:c3:cc:
         a1:00:5b:0d:18:e6:eb:a0:3e:20:ae:3b:13:a2:c7:78:50:8c:
         d9:cc:22:d2:95:d0:15:5f:62:5f:4a:05:6c:f7:56:8f:3f:c5:
         0a:b6:50:8e:0d:0d:6f:a8:af:d1:03:db:91:c0:aa:5e:4c:2d:
         36:3a:0f:07:0c:e6:64:d6:1c:ba:7b:ec:42:3c:c2:f1:87:7c:
         6b:a8:3a:b1:0c:1c:44:19:7b:94:38:b6:94:c5:0f:7a:5b:e2:
         6e:9b:65:52:0f:03:98:a0:1a:24:e6:83:bd:6f:60:d2:d0:6e:
         ee:b1:be:91:0f:51:47:8d:e4:2b:7e:be:1f:c4:5d:02:d5:37:
         91:20:37:78:73:ed:5b:d5:05:1a:29:69:23:04:01:3e:72:22:
         a4:1c:f8:fc:bc:33:b5:cc:01:e4:d2:f8:a0:08:7c:07:9f:77:
         36:24:b0:aa:7f:aa:c7:3e:5b:45:d5:25:b8:09:38:42:22:91:
         65:2e:6c:55
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7NssaFaXvEvqIK6vNyU/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjYwMTAxMjAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhjYmNkZWM3MGY0NmRkN2ExZmU4YzEzNTZiOTI3OTdjMTYyNmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNYgJog9+v3+sOIaSbivE4eNf/B8
YsTm7jVnfY8bPSxJs+IyA2mMqwS5X9n9j+yBO6utb+6/QXcuWflyBbsrlCpVvH8F
ZRRTu+CEu/mqInPgwsSmIp017BFIuQ1E8jECnp2Kb1k2Lod/wfxG8DYHpyTrq2AC
kY2sKeep7Zxs+Kvj0te+XOVJrYybRgNrzL8a0/Fx3VepX9U8wPLt83E2PZOe3OuE
uPOrQJ0h0gTS0aMZQY9FM6WcdZl+mYoGRjJaKoVog8y1cRI2BvkdfamUgW01LYTn
o+vYg14u3XQvIT3Wns9LDLWaYlPEnB7xtsNjQYtwySTeDMBtQiMPqbauZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGSMvN7HD0bdeh/owTVrknl8FibzMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvWkl5ODNzY1BSdDE2SC1qQk5XdVNlWHdXSnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH/wDAN
BgkqhkiG9w0BAQsFAAOCAQEAOnfupdLZSGBSuy3XargPn9Ta8s5fCslLSibrgDGy
m07+VpfcdLf5Es0e+byeQy7cr6zSmzBC9HVmUFCMqVv0XyJAz/9+7MPMoQBbDRjm
66A+IK47E6LHeFCM2cwi0pXQFV9iX0oFbPdWjz/FCrZQjg0Nb6iv0QPbkcCqXkwt
NjoPBwzmZNYcunvsQjzC8Yd8a6g6sQwcRBl7lDi2lMUPelvibptlUg8DmKAaJOaD
vW9g0tBu7rG+kQ9RR43kK36+H8RdAtU3kSA3eHPtW9UFGilpIwQBPnIipBz4/Lwz
tcwB5NL4oAh8B593NiSwqn+qxz5bRdUluAk4QiKRZS5sVQ==
-----END CERTIFICATE-----