This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/zsYC7eTs7CKxZQzMiKBYtW02NU4.roa
File:                     zsYC7eTs7CKxZQzMiKBYtW02NU4.roa (raw, json)
Hash identifier:          zfsiqu/7VESSfUyUGFpkJ4f5HeLFmZSKqmckIw2soSM=
Subject key identifier:   CE:C6:02:ED:E4:EC:EC:22:B1:65:0C:CC:88:A0:58:B5:6D:36:35:4E
Certificate issuer:       /CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
Certificate serial:       019B77587765F99C281161665063EC2753B1
Authority key identifier: 74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/zsYC7eTs7CKxZQzMiKBYtW02NU4.roa
Signing time:             Thu 01 Jan 2026 02:17:25 +0000
ROA not before:           Thu 01 Jan 2026 02:17:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50399
IP address blocks:        2a10:dac0:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:77:65:f9:9c:28:11:61:66:50:63:ec:27:53:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
        Validity
            Not Before: Jan  1 02:17:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cec602ede4ecec22b1650ccc88a058b56d36354e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:48:b4:7b:f8:8b:9d:3c:2a:c2:10:a5:7b:bd:
                    eb:af:45:fe:14:bc:d9:01:92:f1:6c:d4:3a:d6:e5:
                    a2:3d:a8:a9:29:2d:40:f8:5d:d7:d7:c1:e2:e6:4e:
                    f1:21:0f:29:52:73:ab:0d:7d:3b:6a:f1:22:10:06:
                    f5:7e:7b:4a:69:8c:a3:d7:f2:88:b3:38:17:5e:f0:
                    dd:89:9b:7d:22:32:20:3d:8e:ff:b0:eb:8a:14:a1:
                    8e:63:b5:5b:74:7e:d4:c7:c4:8b:42:87:28:42:4d:
                    8f:87:cb:5b:4a:79:62:c8:50:a3:8f:20:af:f3:64:
                    46:a2:ee:85:0b:32:cc:f1:f7:12:19:b0:0a:da:94:
                    4e:4a:3b:30:e6:39:f4:d5:58:58:c1:4c:71:17:f5:
                    f6:c0:02:29:6f:fc:c3:f5:97:0c:c6:24:5f:0a:85:
                    4b:55:bb:87:6e:bb:86:c9:6f:43:88:b4:86:25:e8:
                    54:3b:e1:38:ec:51:70:70:52:18:a0:5c:3b:d3:e4:
                    51:a2:63:55:a1:aa:b8:ed:d0:2d:ae:e6:29:d1:82:
                    88:37:6c:1d:78:fa:56:dd:9f:39:e3:39:7d:b9:c4:
                    0a:9d:05:43:2a:c6:0d:1a:6b:98:5e:52:f7:69:cb:
                    0d:2a:c4:25:2b:a3:42:f9:d6:40:68:d8:6d:a0:4a:
                    3e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C6:02:ED:E4:EC:EC:22:B1:65:0C:CC:88:A0:58:B5:6D:36:35:4E
            X509v3 Authority Key Identifier:
                keyid:74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/zsYC7eTs7CKxZQzMiKBYtW02NU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:dac0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:7c:9b:9b:c7:ab:6e:1f:ca:35:89:d6:79:c4:79:db:82:45:
         d8:e7:15:5f:b4:d4:80:64:19:77:44:1c:ba:99:45:c8:a6:d9:
         77:3d:5e:6c:59:8b:7b:fc:23:cb:f8:ed:93:c9:61:09:ef:60:
         12:49:1d:7b:5f:53:7c:4e:4d:aa:e1:51:61:9b:40:9d:a8:66:
         4c:ac:38:83:6e:f6:be:2e:3e:4a:6d:53:1a:d7:09:b4:02:54:
         07:62:31:77:fe:c4:80:a9:f1:fe:57:70:b7:48:b8:c4:c9:62:
         96:4f:f0:41:0b:08:f0:58:57:e7:e5:c5:8a:43:9e:02:cf:ed:
         a2:d4:98:e8:db:1c:ac:a5:49:e6:3a:49:46:7f:67:84:df:51:
         d7:44:b0:d6:8a:d8:9b:a8:f2:df:76:43:b9:34:ee:bd:82:e3:
         4d:ff:74:ea:2b:cd:ac:cf:05:b8:06:b4:f8:82:b6:c3:80:cf:
         a0:e9:ba:1b:04:f0:86:c0:cf:b5:e2:da:0b:bd:ca:18:58:67:
         96:3c:31:9d:91:20:3e:81:ff:de:bd:31:98:18:83:3f:0e:88:
         12:d3:ff:17:59:89:86:88:2c:f2:d7:4c:e9:42:be:60:f3:cc:
         cd:d5:4e:ee:49:63:4b:2b:f8:a5:cc:2c:d7:ea:43:3a:a3:7c:
         e3:cc:a0:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WHdl+ZwoEWFmUGPsJ1OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjQyYTZkZTRlMDFmYzMxMjUwZDFiYmUzMjIyODEwNDZl
ZTYxYWEwHhcNMjYwMTAxMDIxNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWM2MDJlZGU0ZWNlYzIyYjE2NTBjY2M4OGEwNThiNTZkMzYzNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0i0e/iLnTwqwhCle73rr0X+FLzZ
AZLxbNQ61uWiPaipKS1A+F3X18Hi5k7xIQ8pUnOrDX07avEiEAb1fntKaYyj1/KI
szgXXvDdiZt9IjIgPY7/sOuKFKGOY7VbdH7Ux8SLQocoQk2Ph8tbSnliyFCjjyCv
82RGou6FCzLM8fcSGbAK2pROSjsw5jn01VhYwUxxF/X2wAIpb/zD9ZcMxiRfCoVL
VbuHbruGyW9DiLSGJehUO+E47FFwcFIYoFw70+RRomNVoaq47dAtruYp0YKIN2wd
ePpW3Z854zl9ucQKnQVDKsYNGmuYXlL3acsNKsQlK6NC+dZAaNhtoEo+twIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM7GAu3k7OwisWUMzIigWLVtNjVOMB8GA1UdIwQY
MBaAFHS0Km3k4B/DElDRu+MiKBBG7mGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgt
MTdhMWRjZGNjNmUwLzEvenNZQzdlVHM3Q0t4WlF6TWlLQll0VzAyTlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgtMTdhMWRjZGNjNmUw
LzEvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDawAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQC1fJubx6tuH8o1idZ5xHnbgkXY5xVftNSAZBl3
RBy6mUXIptl3PV5sWYt7/CPL+O2TyWEJ72ASSR17X1N8Tk2q4VFhm0CdqGZMrDiD
bva+Lj5KbVMa1wm0AlQHYjF3/sSAqfH+V3C3SLjEyWKWT/BBCwjwWFfn5cWKQ54C
z+2i1Jjo2xyspUnmOklGf2eE31HXRLDWitibqPLfdkO5NO69guNN/3TqK82szwW4
BrT4grbDgM+g6bobBPCGwM+14toLvcoYWGeWPDGdkSA+gf/evTGYGIM/DogS0/8X
WYmGiCzy10zpQr5g88zN1U7uSWNLK/ilzCzX6kM6o3zjzKBl
-----END CERTIFICATE-----