This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/_a7gNZLlQxgHn1SWkyljxM4Vp8E.roa
File:                     _a7gNZLlQxgHn1SWkyljxM4Vp8E.roa (raw, json)
Hash identifier:          riqb9ZgtO6K145lOcaQYpYRovN3sqPG5Tn86hViYkIc=
Subject key identifier:   FD:AE:E0:35:92:E5:43:18:07:9F:54:96:93:29:63:C4:CE:15:A7:C1
Certificate issuer:       /CN=5d8f40b1248de3da5f5d6097f81068293c4beef7
Certificate serial:       019B77C700373A04F858A0CB211B6C8C5868
Authority key identifier: 5D:8F:40:B1:24:8D:E3:DA:5F:5D:60:97:F8:10:68:29:3C:4B:EE:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/_a7gNZLlQxgHn1SWkyljxM4Vp8E.roa
Signing time:             Thu 01 Jan 2026 04:18:09 +0000
ROA not before:           Thu 01 Jan 2026 04:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204074
IP address blocks:        2001:67c:1b2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:00:37:3a:04:f8:58:a0:cb:21:1b:6c:8c:58:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8f40b1248de3da5f5d6097f81068293c4beef7
        Validity
            Not Before: Jan  1 04:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fdaee03592e54318079f5496932963c4ce15a7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:35:1a:4f:56:c6:eb:b1:7a:1c:9e:8c:79:f0:
                    76:92:c3:d6:4d:4f:0b:7d:3a:55:dc:27:f2:1d:99:
                    11:09:22:f5:1a:a8:31:ed:31:38:7f:e7:28:82:7e:
                    30:94:e7:36:4b:06:c4:69:ba:73:47:78:41:c0:2a:
                    2a:c8:18:41:f8:94:a9:28:a5:c9:74:96:72:d6:7b:
                    19:29:5c:e9:73:37:1d:d9:e1:9b:dd:6a:51:09:a1:
                    c2:87:b8:09:d2:27:95:50:e3:b0:93:ee:8a:bf:82:
                    e9:3b:d0:ff:af:96:fb:54:91:89:10:85:0c:62:f3:
                    21:9e:1f:81:bd:b4:97:5f:13:70:8b:42:6f:08:95:
                    95:c0:b6:3e:6d:13:07:88:99:52:e3:f9:64:4c:98:
                    67:21:40:5f:20:89:2c:72:b0:82:25:dd:ff:68:de:
                    a4:5e:42:a0:a5:aa:d8:60:6c:77:db:fb:fa:f1:82:
                    9a:24:62:ed:20:25:85:3e:fe:bc:86:f5:dd:94:2d:
                    8d:59:9c:0d:e1:b2:59:98:a6:f8:cf:4d:90:8a:55:
                    da:2a:bd:e0:c2:b5:ee:96:ad:41:78:53:c6:77:25:
                    42:8e:8d:36:bf:eb:b1:d0:c2:69:25:0c:5a:23:05:
                    63:e9:3f:2e:43:c5:59:ea:82:3e:f0:17:b3:b1:06:
                    ce:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AE:E0:35:92:E5:43:18:07:9F:54:96:93:29:63:C4:CE:15:A7:C1
            X509v3 Authority Key Identifier:
                keyid:5D:8F:40:B1:24:8D:E3:DA:5F:5D:60:97:F8:10:68:29:3C:4B:EE:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/_a7gNZLlQxgHn1SWkyljxM4Vp8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:77:bb:8b:b8:a5:e3:e4:1e:ac:39:78:e2:0b:c4:96:cc:54:
         bf:85:2b:fe:36:c0:a0:25:5a:67:d8:06:15:d9:5c:8c:3e:e7:
         75:c7:ac:9d:b9:b6:bf:0d:f0:3a:2e:26:0e:c6:14:01:f0:4e:
         cf:81:3e:12:ce:15:92:5f:29:2a:ac:cd:83:28:27:4c:c6:1c:
         af:1f:db:d9:c7:ac:27:8e:d7:7b:82:33:6f:65:87:e1:7f:70:
         05:fd:70:80:ff:45:0e:8d:d5:52:b2:ea:35:17:41:e5:43:7c:
         c3:03:49:46:92:92:70:6a:ad:e3:ed:2b:ad:96:f8:13:4b:03:
         b3:a7:15:74:6f:8c:0b:91:e3:42:53:f0:fd:2f:4b:c1:58:eb:
         71:33:9b:a7:c7:87:81:cb:ec:8c:ef:1b:50:fa:e4:bc:7f:c2:
         ba:14:c9:d3:6a:cc:60:d0:bd:45:38:55:14:18:fb:86:44:d5:
         bf:5c:fb:98:9e:be:db:a0:d6:3d:55:2a:9b:66:df:4b:c2:94:
         fd:c5:94:da:50:6e:92:44:03:16:01:ab:80:23:8c:4a:0d:eb:
         25:ef:c1:b1:68:cc:06:61:40:b4:0c:13:10:85:a0:42:52:36:
         83:62:60:f1:dc:e9:0a:6c:8e:eb:42:e4:8e:82:b7:0c:3c:8c:
         9a:02:28:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xwA3OgT4WKDLIRtsjFhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGY0MGIxMjQ4ZGUzZGE1ZjVkNjA5N2Y4MTA2ODI5M2M0
YmVlZjcwHhcNMjYwMTAxMDQxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGFlZTAzNTkyZTU0MzE4MDc5ZjU0OTY5MzI5NjNjNGNlMTVhN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjUaT1bG67F6HJ6MefB2ksPWTU8L
fTpV3CfyHZkRCSL1Gqgx7TE4f+cogn4wlOc2SwbEabpzR3hBwCoqyBhB+JSpKKXJ
dJZy1nsZKVzpczcd2eGb3WpRCaHCh7gJ0ieVUOOwk+6Kv4LpO9D/r5b7VJGJEIUM
YvMhnh+BvbSXXxNwi0JvCJWVwLY+bRMHiJlS4/lkTJhnIUBfIIkscrCCJd3/aN6k
XkKgparYYGx32/v68YKaJGLtICWFPv68hvXdlC2NWZwN4bJZmKb4z02QilXaKr3g
wrXulq1BeFPGdyVCjo02v+ux0MJpJQxaIwVj6T8uQ8VZ6oI+8BezsQbOEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP2u4DWS5UMYB59UlpMpY8TOFafBMB8GA1UdIwQY
MBaAFF2PQLEkjePaX11gl/gQaCk8S+73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFk5QXNTU040OXBmWFdDWC1CQm9LVHhMN3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8xMGZlYTgtNGY5Yy00MmUyLWIwNDEt
YmQ2NWZlZDY3ZGM2LzEvX2E3Z05aTGxReGdIbjFTV2t5bGp4TTRWcDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8xMGZlYTgtNGY5Yy00MmUyLWIwNDEtYmQ2NWZlZDY3ZGM2
LzEvWFk5QXNTU040OXBmWFdDWC1CQm9LVHhMN3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBss
MA0GCSqGSIb3DQEBCwUAA4IBAQCvd7uLuKXj5B6sOXjiC8SWzFS/hSv+NsCgJVpn
2AYV2VyMPud1x6yduba/DfA6LiYOxhQB8E7PgT4SzhWSXykqrM2DKCdMxhyvH9vZ
x6wnjtd7gjNvZYfhf3AF/XCA/0UOjdVSsuo1F0HlQ3zDA0lGkpJwaq3j7SutlvgT
SwOzpxV0b4wLkeNCU/D9L0vBWOtxM5unx4eBy+yM7xtQ+uS8f8K6FMnTasxg0L1F
OFUUGPuGRNW/XPuYnr7boNY9VSqbZt9LwpT9xZTaUG6SRAMWAauAI4xKDesl78Gx
aMwGYUC0DBMQhaBCUjaDYmDx3OkKbI7rQuSOgrcMPIyaAiiO
-----END CERTIFICATE-----