This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/zvHw3KmhzvEgU4W6InBqUBX0yjg.roa
File:                     zvHw3KmhzvEgU4W6InBqUBX0yjg.roa (raw, json)
Hash identifier:          CGIpxT3J1vn2/tgM/8XQPPrlvlWSOI9UHhs/JfCuu68=
Subject key identifier:   CE:F1:F0:DC:A9:A1:CE:F1:20:53:85:BA:22:70:6A:50:15:F4:CA:38
Certificate issuer:       /CN=45b5004ec3cf5c1a755185d6f40683c646cc94ec
Certificate serial:       019B7AC81AAD683EA7518712AA9FF8BC151D
Authority key identifier: 45:B5:00:4E:C3:CF:5C:1A:75:51:85:D6:F4:06:83:C6:46:CC:94:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/zvHw3KmhzvEgU4W6InBqUBX0yjg.roa
Signing time:             Thu 01 Jan 2026 18:18:12 +0000
ROA not before:           Thu 01 Jan 2026 18:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200494
IP address blocks:        2a13:5dc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:1a:ad:68:3e:a7:51:87:12:aa:9f:f8:bc:15:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45b5004ec3cf5c1a755185d6f40683c646cc94ec
        Validity
            Not Before: Jan  1 18:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cef1f0dca9a1cef1205385ba22706a5015f4ca38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b2:7a:d2:34:94:d1:2d:77:cd:8a:c3:ea:01:
                    c1:c2:42:38:01:8e:03:7f:c2:d1:e6:6d:99:42:5b:
                    83:54:bc:7b:14:b8:b3:a6:b2:ff:d3:98:b5:b0:f4:
                    b5:79:59:7a:59:77:0e:6f:45:9d:9a:a2:32:80:0b:
                    f6:03:66:4a:bb:7f:f8:6e:20:9f:bd:6b:2f:63:c9:
                    3e:cc:c7:9d:d0:a9:7e:f1:d3:eb:18:8e:e7:52:f7:
                    6e:d3:12:87:62:2f:ba:73:55:5c:e9:83:00:41:98:
                    51:02:d8:8e:99:ed:00:09:23:68:ac:4b:e8:a5:1a:
                    3a:18:40:fa:b3:25:d3:cf:fd:fd:96:8b:2d:af:2f:
                    4a:4c:33:f8:ee:5b:4d:de:d8:72:36:22:18:55:d7:
                    1d:6f:01:60:bd:1d:7d:01:cf:0f:1b:79:46:f0:41:
                    a2:2b:c0:d2:93:56:0a:a4:5c:8e:ce:32:3e:b7:79:
                    a7:6d:0c:bc:18:9e:83:10:2a:79:e2:c0:da:ce:eb:
                    f2:40:78:9a:e2:08:01:2b:68:06:43:b9:c2:f1:8d:
                    fe:b4:cd:61:6b:8b:7f:d6:64:38:af:9e:03:89:56:
                    4f:86:0f:38:46:0e:ec:9d:ff:f3:1c:4d:f6:d3:8a:
                    c1:ac:c8:bc:a2:9b:d1:23:23:e0:9a:43:a6:57:3d:
                    d1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F1:F0:DC:A9:A1:CE:F1:20:53:85:BA:22:70:6A:50:15:F4:CA:38
            X509v3 Authority Key Identifier:
                keyid:45:B5:00:4E:C3:CF:5C:1A:75:51:85:D6:F4:06:83:C6:46:CC:94:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/zvHw3KmhzvEgU4W6InBqUBX0yjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:05:64:7a:03:d3:41:f4:1e:81:b3:b6:cc:f2:10:a7:2c:ef:
         cb:42:9d:58:f0:ef:78:98:08:df:64:72:cd:12:5b:46:f7:b5:
         6b:34:6b:e2:d4:8a:9e:d9:79:3b:19:e9:75:90:c6:b4:79:6f:
         aa:1e:86:62:ce:57:34:9b:95:35:4d:74:a8:2a:fb:6a:80:2c:
         57:10:a4:6f:eb:d9:32:5e:74:cd:4d:5d:9f:35:c2:41:e2:69:
         5f:bb:22:8f:5d:7c:b9:d6:71:0d:00:31:d5:65:34:e6:5a:73:
         e4:55:7a:34:02:3b:e8:ae:da:b0:b8:69:14:41:c6:2d:03:f6:
         20:9c:8d:b6:8f:7b:12:79:ca:30:5b:d4:b5:a0:fa:31:52:4b:
         92:ff:14:ab:86:f9:c8:80:a1:4c:ab:58:34:47:40:64:43:ac:
         8d:fc:ce:63:01:ce:5e:b4:e2:c9:9c:2f:67:da:cb:85:2c:e5:
         5b:78:c9:e7:49:49:75:60:e6:6a:38:2c:44:85:0a:1a:d9:24:
         98:3f:dc:75:db:24:db:0b:f7:05:43:92:1c:a3:84:7f:a0:a2:
         79:bb:c5:22:49:95:c0:25:d4:7d:73:fc:2e:97:4a:04:c6:95:
         d1:71:a1:7e:a8:14:45:86:7a:9c:1b:d4:e8:f1:3f:aa:83:bc:
         08:6b:10:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6yBqtaD6nUYcSqp/4vBUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YjUwMDRlYzNjZjVjMWE3NTUxODVkNmY0MDY4M2M2NDZj
Yzk0ZWMwHhcNMjYwMTAxMTgxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYxZjBkY2E5YTFjZWYxMjA1Mzg1YmEyMjcwNmE1MDE1ZjRjYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbJ60jSU0S13zYrD6gHBwkI4AY4D
f8LR5m2ZQluDVLx7FLizprL/05i1sPS1eVl6WXcOb0WdmqIygAv2A2ZKu3/4biCf
vWsvY8k+zMed0Kl+8dPrGI7nUvdu0xKHYi+6c1Vc6YMAQZhRAtiOme0ACSNorEvo
pRo6GED6syXTz/39lostry9KTDP47ltN3thyNiIYVdcdbwFgvR19Ac8PG3lG8EGi
K8DSk1YKpFyOzjI+t3mnbQy8GJ6DECp54sDazuvyQHia4ggBK2gGQ7nC8Y3+tM1h
a4t/1mQ4r54DiVZPhg84Rg7snf/zHE3204rBrMi8opvRIyPgmkOmVz3RewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM7x8Nypoc7xIFOFuiJwalAV9Mo4MB8GA1UdIwQY
MBaAFEW1AE7Dz1wadVGF1vQGg8ZGzJTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJVQVRzUFBYQnAxVVlYVzlBYUR4a2JNbE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jNWU1MmEtODAyMy00N2FjLWIyN2Et
NGFlYmVmYWM0OWIxLzEvenZIdzNLbWh6dkVnVTRXNkluQnFVQlgweWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jNWU1MmEtODAyMy00N2FjLWIyN2EtNGFlYmVmYWM0OWIx
LzEvUmJVQVRzUFBYQnAxVVlYVzlBYUR4a2JNbE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNdwDAN
BgkqhkiG9w0BAQsFAAOCAQEAiAVkegPTQfQegbO2zPIQpyzvy0KdWPDveJgI32Ry
zRJbRve1azRr4tSKntl5OxnpdZDGtHlvqh6GYs5XNJuVNU10qCr7aoAsVxCkb+vZ
Ml50zU1dnzXCQeJpX7sij118udZxDQAx1WU05lpz5FV6NAI76K7asLhpFEHGLQP2
IJyNto97EnnKMFvUtaD6MVJLkv8Uq4b5yIChTKtYNEdAZEOsjfzOYwHOXrTiyZwv
Z9rLhSzlW3jJ50lJdWDmajgsRIUKGtkkmD/cddsk2wv3BUOSHKOEf6CiebvFIkmV
wCXUfXP8LpdKBMaV0XGhfqgURYZ6nBvU6PE/qoO8CGsQyw==
-----END CERTIFICATE-----