This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nHCCIM1lnMUsqI9EaxM12QN4_ZU.roa
File:                     nHCCIM1lnMUsqI9EaxM12QN4_ZU.roa (raw, json)
Hash identifier:          7075MTfo1xhXqe6pYfNcsqC15CzbS5XN5y1ylFiJvC0=
Subject key identifier:   9C:70:82:20:CD:65:9C:C5:2C:A8:8F:44:6B:13:35:D9:03:78:FD:95
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14B7B92F9875EC4FB8C96ED6671D79
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nHCCIM1lnMUsqI9EaxM12QN4_ZU.roa
Signing time:             Fri 02 Jan 2026 14:20:22 +0000
ROA not before:           Fri 02 Jan 2026 14:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59524
IP address blocks:        2001:680:4008::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:b7:b9:2f:98:75:ec:4f:b8:c9:6e:d6:67:1d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c708220cd659cc52ca88f446b1335d90378fd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:68:0c:4e:89:6f:79:44:98:d0:ff:74:62:e7:
                    cc:28:34:be:96:8a:d8:0f:1e:3b:4e:5b:40:eb:92:
                    e4:8b:e6:7b:fa:03:2a:6f:0c:19:a2:7e:07:50:51:
                    f9:9c:43:98:69:b2:56:87:30:80:52:60:56:b6:ac:
                    94:66:63:6a:6c:7f:27:46:c1:78:ab:63:69:ff:d1:
                    16:eb:b5:84:e5:78:21:5e:f2:bc:fd:e8:5e:fc:ed:
                    58:e9:99:ca:f4:af:bb:08:22:7d:61:97:b2:3d:76:
                    e4:01:30:4e:8e:6a:4c:62:47:f0:45:f1:7a:7b:d1:
                    fa:2f:cd:36:b8:26:f5:48:04:17:cb:c0:5e:57:a2:
                    4a:d8:aa:49:db:8e:fa:d6:aa:07:55:81:f3:d0:fa:
                    b9:11:3d:64:b8:b7:a5:79:06:36:43:26:8e:ee:44:
                    8d:14:77:55:63:69:d6:13:7a:c9:aa:e8:4d:5d:d2:
                    fc:e6:28:1d:1b:f5:38:e8:48:b2:98:c7:cf:3c:7a:
                    ca:b1:97:cc:95:08:13:59:48:b7:d3:2e:38:bc:bd:
                    e5:ff:99:1e:74:fa:3d:0f:22:69:a2:8b:04:d7:30:
                    a1:5c:6a:62:ad:f2:7d:01:3e:50:d0:06:40:22:e5:
                    ee:7d:e5:f0:ef:3a:2e:f1:0c:bd:86:80:8c:6a:9c:
                    ab:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:70:82:20:CD:65:9C:C5:2C:A8:8F:44:6B:13:35:D9:03:78:FD:95
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nHCCIM1lnMUsqI9EaxM12QN4_ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:680:4008::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:00:42:9e:51:5e:62:81:59:db:4f:4c:cb:65:4d:70:35:5d:
         3c:41:9b:b4:f8:b5:32:02:33:4d:29:e2:c1:60:24:79:e0:32:
         61:1a:fa:c1:81:02:86:40:76:91:71:87:b6:12:b6:62:55:1b:
         c1:ec:ac:21:bb:bd:ea:07:7c:a3:c8:f2:3b:1e:2b:74:9c:1f:
         c0:b9:9d:c9:1f:72:59:77:7a:f7:79:f9:01:bb:63:be:43:7c:
         c6:45:e6:2a:03:31:09:71:eb:a5:8f:b4:dd:54:9e:82:9c:c9:
         26:ef:19:e1:5e:cc:46:d4:80:03:d9:c0:d1:8f:be:4e:3f:59:
         72:aa:c9:57:3f:e9:18:4f:6c:24:90:a2:52:1d:24:f5:1f:4c:
         48:04:ff:af:77:6a:57:99:d0:9c:63:15:f0:5f:75:76:41:7c:
         9e:bc:3f:56:8c:52:91:52:70:14:e0:04:3c:3b:99:01:ab:6d:
         e4:38:cb:fa:80:37:0f:c0:ac:65:10:81:5e:8c:b2:96:d6:09:
         ce:37:72:d2:51:31:c3:d6:57:ba:70:b9:7f:d1:e2:a4:24:93:
         6a:e9:f2:60:f3:b0:81:be:48:95:b2:4a:0a:8f:bf:cf:92:d6:
         c5:f6:e2:a6:5d:22:b4:49:bc:60:2a:ab:ee:91:28:cc:29:40:
         3d:24:10:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FLe5L5h17E+4yW7WZx15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzcwODIyMGNkNjU5Y2M1MmNhODhmNDQ2YjEzMzVkOTAzNzhmZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WgMTolveUSY0P90YufMKDS+lorY
Dx47TltA65Lki+Z7+gMqbwwZon4HUFH5nEOYabJWhzCAUmBWtqyUZmNqbH8nRsF4
q2Np/9EW67WE5XghXvK8/ehe/O1Y6ZnK9K+7CCJ9YZeyPXbkATBOjmpMYkfwRfF6
e9H6L802uCb1SAQXy8BeV6JK2KpJ24761qoHVYHz0Pq5ET1kuLeleQY2QyaO7kSN
FHdVY2nWE3rJquhNXdL85igdG/U46EiymMfPPHrKsZfMlQgTWUi30y44vL3l/5ke
dPo9DyJpoosE1zChXGpirfJ9AT5Q0AZAIuXufeXw7zou8Qy9hoCMapyrrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJxwgiDNZZzFLKiPRGsTNdkDeP2VMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvbkhDQ0lNMWxuTVVzcUk5RWF4TTEyUU40X1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGgEAI
MA0GCSqGSIb3DQEBCwUAA4IBAQC5AEKeUV5igVnbT0zLZU1wNV08QZu0+LUyAjNN
KeLBYCR54DJhGvrBgQKGQHaRcYe2ErZiVRvB7Kwhu73qB3yjyPI7Hit0nB/AuZ3J
H3JZd3r3efkBu2O+Q3zGReYqAzEJceulj7TdVJ6CnMkm7xnhXsxG1IAD2cDRj75O
P1lyqslXP+kYT2wkkKJSHST1H0xIBP+vd2pXmdCcYxXwX3V2QXyevD9WjFKRUnAU
4AQ8O5kBq23kOMv6gDcPwKxlEIFejLKW1gnON3LSUTHD1le6cLl/0eKkJJNq6fJg
87CBvkiVskoKj7/PktbF9uKmXSK0SbxgKqvukSjMKUA9JBDt
-----END CERTIFICATE-----