This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/YH3qouyi9uf0Sjp7erwfbtdqIMY.roa
File:                     YH3qouyi9uf0Sjp7erwfbtdqIMY.roa (raw, json)
Hash identifier:          XATxeFAkfU3QrOitUmq9zj3TBTO+Je2+3q8oJUZcsYU=
Subject key identifier:   60:7D:EA:A2:EC:A2:F6:E7:F4:4A:3A:7B:7A:BC:1F:6E:D7:6A:20:C6
Certificate issuer:       /CN=23f1e09f0e6ed891ad17d6ce4a3c7328d759b4c8
Certificate serial:       019B7A5AFCE67629B2B7E42359E6900ED359
Authority key identifier: 23:F1:E0:9F:0E:6E:D8:91:AD:17:D6:CE:4A:3C:73:28:D7:59:B4:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/YH3qouyi9uf0Sjp7erwfbtdqIMY.roa
Signing time:             Thu 01 Jan 2026 16:19:01 +0000
ROA not before:           Thu 01 Jan 2026 16:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8995
IP address blocks:        2001:678:394::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:fc:e6:76:29:b2:b7:e4:23:59:e6:90:0e:d3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23f1e09f0e6ed891ad17d6ce4a3c7328d759b4c8
        Validity
            Not Before: Jan  1 16:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=607deaa2eca2f6e7f44a3a7b7abc1f6ed76a20c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ce:86:94:75:6f:d2:b3:16:1c:c1:b8:81:89:
                    fd:cd:80:40:77:68:7b:dc:ff:74:6d:ff:86:d7:d9:
                    60:65:fe:21:dc:c9:26:50:6f:e5:75:71:f8:cb:7a:
                    96:0a:fb:58:3c:e6:2b:d8:29:fa:e8:9f:fa:e6:28:
                    95:32:32:49:95:a3:d8:53:10:fd:00:0f:05:6d:3a:
                    10:07:ab:c3:e7:36:65:87:54:51:a7:0b:6f:77:99:
                    3e:49:0b:3c:85:b3:76:7d:c5:d3:d2:42:14:b9:34:
                    d2:4e:3a:f8:3d:ad:43:cd:2f:a9:fc:6c:a8:d5:3c:
                    fe:9e:b2:c8:4a:60:eb:ed:44:e6:2b:ee:c2:10:0f:
                    c5:cc:a0:bf:cc:02:c1:53:59:c0:13:da:e4:3e:ba:
                    87:b0:f4:c5:07:d0:cd:87:9e:c4:8a:7e:22:8e:96:
                    f6:56:33:df:9a:aa:d7:7b:66:9a:07:7b:26:71:09:
                    22:ad:5c:86:2b:f4:73:f9:f5:21:fc:76:65:7b:0b:
                    17:d0:d8:5b:00:da:bf:a9:04:72:de:19:42:b4:da:
                    93:d5:e0:59:ea:74:d3:64:80:bc:1c:73:5f:f4:a7:
                    c7:45:01:3e:66:02:cb:25:7b:1e:55:e3:ff:5e:e3:
                    1b:ec:51:6d:45:ce:31:b7:18:e2:ff:22:c5:6f:fb:
                    34:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7D:EA:A2:EC:A2:F6:E7:F4:4A:3A:7B:7A:BC:1F:6E:D7:6A:20:C6
            X509v3 Authority Key Identifier:
                keyid:23:F1:E0:9F:0E:6E:D8:91:AD:17:D6:CE:4A:3C:73:28:D7:59:B4:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/YH3qouyi9uf0Sjp7erwfbtdqIMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/955ed1-8b40-4185-84a9-2ddcf56a763e/1/I_Hgnw5u2JGtF9bOSjxzKNdZtMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:394::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:4f:58:2f:87:27:93:fe:dd:8a:4d:36:bd:5b:0a:72:ce:a6:
         e7:25:a4:78:69:0c:ea:6d:56:13:90:54:4a:6b:71:b9:29:15:
         ae:40:22:2f:77:10:e7:f6:b9:62:cf:f0:70:49:d4:a5:2e:aa:
         ab:58:a6:f3:43:b4:00:a9:e5:8d:b2:18:2f:94:9c:3a:6c:8a:
         d6:da:5d:3e:3e:12:1d:b9:50:45:0e:13:01:a0:fa:99:0a:bf:
         16:df:f3:94:6c:f9:e9:8b:a5:d4:33:7a:4a:cb:74:de:e6:c7:
         bb:90:c4:81:06:29:40:7e:4b:ca:33:fd:ba:f9:1b:85:70:62:
         a1:8d:5c:fa:b5:bc:32:60:6c:f2:43:1d:96:74:ba:c5:15:6d:
         88:df:d3:c9:80:1d:9c:6e:da:a7:bb:37:8d:ea:cc:98:c1:ff:
         b6:c8:f2:4f:6a:dd:d9:7e:d0:c1:2e:f0:9a:ec:25:f1:72:07:
         16:19:64:99:8b:51:dd:00:96:1c:e8:de:24:de:82:a1:af:3f:
         d8:b3:bc:3a:5a:a3:86:21:81:fd:64:17:b4:f0:c4:e1:54:f7:
         5e:84:ec:2d:f3:09:4f:eb:2b:99:d1:63:f0:cd:bd:7d:21:ab:
         d6:54:8c:ee:1a:06:f7:9f:10:47:b1:56:9e:fc:fd:e5:ea:4a:
         bc:15:26:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6Wvzmdimyt+QjWeaQDtNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjFlMDlmMGU2ZWQ4OTFhZDE3ZDZjZTRhM2M3MzI4ZDc1
OWI0YzgwHhcNMjYwMTAxMTYxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdkZWFhMmVjYTJmNmU3ZjQ0YTNhN2I3YWJjMWY2ZWQ3NmEyMGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c6GlHVv0rMWHMG4gYn9zYBAd2h7
3P90bf+G19lgZf4h3MkmUG/ldXH4y3qWCvtYPOYr2Cn66J/65iiVMjJJlaPYUxD9
AA8FbToQB6vD5zZlh1RRpwtvd5k+SQs8hbN2fcXT0kIUuTTSTjr4Pa1DzS+p/Gyo
1Tz+nrLISmDr7UTmK+7CEA/FzKC/zALBU1nAE9rkPrqHsPTFB9DNh57Ein4ijpb2
VjPfmqrXe2aaB3smcQkirVyGK/Rz+fUh/HZlewsX0NhbANq/qQRy3hlCtNqT1eBZ
6nTTZIC8HHNf9KfHRQE+ZgLLJXseVeP/XuMb7FFtRc4xtxji/yLFb/s0SQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGB96qLsovbn9Eo6e3q8H27XaiDGMB8GA1UdIwQY
MBaAFCPx4J8ObtiRrRfWzko8cyjXWbTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9IZ253NXUySkd0RjliT1NqeHpLTmRadE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC85NTVlZDEtOGI0MC00MTg1LTg0YTkt
MmRkY2Y1NmE3NjNlLzEvWUgzcW91eWk5dWYwU2pwN2Vyd2ZidGRxSU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC85NTVlZDEtOGI0MC00MTg1LTg0YTktMmRkY2Y1NmE3NjNl
LzEvSV9IZ253NXUySkd0RjliT1NqeHpLTmRadE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAOU
MA0GCSqGSIb3DQEBCwUAA4IBAQBzT1gvhyeT/t2KTTa9WwpyzqbnJaR4aQzqbVYT
kFRKa3G5KRWuQCIvdxDn9rliz/BwSdSlLqqrWKbzQ7QAqeWNshgvlJw6bIrW2l0+
PhIduVBFDhMBoPqZCr8W3/OUbPnpi6XUM3pKy3Te5se7kMSBBilAfkvKM/26+RuF
cGKhjVz6tbwyYGzyQx2WdLrFFW2I39PJgB2cbtqnuzeN6syYwf+2yPJPat3ZftDB
LvCa7CXxcgcWGWSZi1HdAJYc6N4k3oKhrz/Ys7w6WqOGIYH9ZBe08MThVPdehOwt
8wlP6yuZ0WPwzb19IavWVIzuGgb3nxBHsVae/P3l6kq8FSY4
-----END CERTIFICATE-----