This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/_wLbQqpNFVUZXfwkKPHS2EvNsME.roa
File:                     _wLbQqpNFVUZXfwkKPHS2EvNsME.roa (raw, json)
Hash identifier:          b13XNsSSVdJxlN2jmJcwJ/ExmpGXyR6dAM9BzylibwA=
Subject key identifier:   FF:02:DB:42:AA:4D:15:55:19:5D:FC:24:28:F1:D2:D8:4B:CD:B0:C1
Certificate issuer:       /CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
Certificate serial:       019B7FF2B4828C848A4B5A5E7D6562C8AF85
Authority key identifier: 77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/_wLbQqpNFVUZXfwkKPHS2EvNsME.roa
Signing time:             Fri 02 Jan 2026 18:22:50 +0000
ROA not before:           Fri 02 Jan 2026 18:22:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212018
IP address blocks:        2001:67c:74c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:b4:82:8c:84:8a:4b:5a:5e:7d:65:62:c8:af:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
        Validity
            Not Before: Jan  2 18:22:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff02db42aa4d1555195dfc2428f1d2d84bcdb0c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ed:f6:b6:4b:cd:2d:ae:ed:bc:bb:8e:13:c7:
                    25:6f:32:b8:01:a5:f3:f3:4d:62:f4:95:c3:07:96:
                    32:b0:4e:f3:33:e6:d3:35:e7:65:92:31:f0:c6:41:
                    e4:60:5a:a1:02:85:49:c4:a8:47:19:14:9f:71:5b:
                    12:36:a2:ba:69:ac:fe:9d:33:a7:34:84:65:46:4f:
                    f9:20:0a:89:61:32:ac:5f:d0:4c:a9:70:78:80:95:
                    c4:9c:86:ad:cf:6e:8e:cf:67:e2:e0:e7:0f:ec:4c:
                    24:c1:e8:01:d8:f3:3d:33:e7:36:88:93:21:5a:a7:
                    be:52:2a:64:13:5e:32:e7:60:6e:c6:be:1d:1c:10:
                    29:e4:7d:19:93:b7:17:9c:24:37:b4:e4:11:a9:95:
                    da:55:8e:ad:e2:69:d0:85:9b:22:07:3c:63:cb:a5:
                    ff:c1:c8:e9:39:eb:c8:06:6d:66:9b:6b:a3:79:cb:
                    41:e5:ed:50:5b:e2:6d:df:4f:93:80:da:4f:fa:89:
                    55:b4:10:04:e8:da:2f:69:e4:52:7e:d4:25:11:71:
                    3d:db:f1:f5:1a:99:0b:1c:59:87:47:8b:fe:df:16:
                    5c:a5:da:62:04:d2:1c:a9:24:ad:e4:86:c0:0b:e3:
                    50:7a:bf:8c:f7:bf:1f:b4:1d:f8:9b:57:cb:0c:0a:
                    09:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:02:DB:42:AA:4D:15:55:19:5D:FC:24:28:F1:D2:D8:4B:CD:B0:C1
            X509v3 Authority Key Identifier:
                keyid:77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/_wLbQqpNFVUZXfwkKPHS2EvNsME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:10:bb:15:39:4e:f6:cd:8b:31:77:bc:3f:63:71:f3:57:29:
         9d:8e:c5:55:cf:f9:91:71:7b:88:ae:a0:15:5a:7a:70:b1:a9:
         0f:26:d1:70:bc:5d:6e:7a:64:bf:0c:e6:08:5b:fa:8e:99:d4:
         ce:aa:e3:64:b8:b3:31:fa:cd:42:ce:e8:72:10:45:f7:3d:55:
         71:0f:2d:9c:99:52:19:54:fa:69:48:cf:cd:f8:09:fe:c4:89:
         51:f3:e9:96:38:1b:23:42:ac:0a:f5:6e:16:22:b7:f9:1e:cf:
         dc:ac:93:aa:76:ec:8c:27:be:96:e7:ce:16:28:d8:12:1b:8f:
         7c:8a:5a:95:ee:ae:c8:86:3f:20:fa:db:3f:23:7c:d4:ed:dd:
         73:9b:20:06:24:1d:20:86:3f:32:84:75:7a:32:2e:51:96:7a:
         0c:80:c6:41:4e:43:6c:a5:43:19:ee:22:a5:97:22:92:3a:83:
         a1:f5:7a:a1:76:45:0b:98:5d:4b:9a:dd:ea:bb:16:23:1e:f8:
         aa:1c:f1:22:0c:9e:c8:60:81:98:28:67:80:91:f0:00:d2:65:
         73:a6:98:e7:fe:ec:20:37:a5:71:60:97:51:97:ad:28:94:9a:
         63:fb:1e:0a:5e:c0:49:ed:39:49:1f:38:ee:ea:22:c3:86:90:
         1f:b6:85:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8rSCjISKS1pefWViyK+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZThiYmY4NjQzYWJkNjJmZjNmNDJiZWM0YzBiMmRiOTc3
NTk2ZDcwHhcNMjYwMTAyMTgyMjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjAyZGI0MmFhNGQxNTU1MTk1ZGZjMjQyOGYxZDJkODRiY2RiMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAru32tkvNLa7tvLuOE8clbzK4AaXz
801i9JXDB5YysE7zM+bTNedlkjHwxkHkYFqhAoVJxKhHGRSfcVsSNqK6aaz+nTOn
NIRlRk/5IAqJYTKsX9BMqXB4gJXEnIatz26Oz2fi4OcP7EwkwegB2PM9M+c2iJMh
Wqe+UipkE14y52Buxr4dHBAp5H0Zk7cXnCQ3tOQRqZXaVY6t4mnQhZsiBzxjy6X/
wcjpOevIBm1mm2ujectB5e1QW+Jt30+TgNpP+olVtBAE6NovaeRSftQlEXE92/H1
GpkLHFmHR4v+3xZcpdpiBNIcqSSt5IbAC+NQer+M978ftB34m1fLDAoJDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP8C20KqTRVVGV38JCjx0thLzbDBMB8GA1UdIwQY
MBaAFHfou/hkOr1i/z9CvsTAstuXdZbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjkt
NDRjY2QxYjUxZjEwLzEvX3dMYlFxcE5GVlVaWGZ3a0tQSFMyRXZOc01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjktNDRjY2QxYjUxZjEw
LzEvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQCxELsVOU72zYsxd7w/Y3HzVymdjsVVz/mRcXuI
rqAVWnpwsakPJtFwvF1uemS/DOYIW/qOmdTOquNkuLMx+s1CzuhyEEX3PVVxDy2c
mVIZVPppSM/N+An+xIlR8+mWOBsjQqwK9W4WIrf5Hs/crJOqduyMJ76W584WKNgS
G498ilqV7q7Ihj8g+ts/I3zU7d1zmyAGJB0ghj8yhHV6Mi5RlnoMgMZBTkNspUMZ
7iKllyKSOoOh9XqhdkULmF1Lmt3quxYjHviqHPEiDJ7IYIGYKGeAkfAA0mVzppjn
/uwgN6VxYJdRl60olJpj+x4KXsBJ7TlJHzju6iLDhpAftoWF
-----END CERTIFICATE-----