This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/I4kWLJQcJIN4yvOhIUBxDHfcBXY.roa
File:                     I4kWLJQcJIN4yvOhIUBxDHfcBXY.roa (raw, json)
Hash identifier:          FOUTe4+/Wcl97bGV2vBsOsKmLc6qFDjUlYthAxSgRb4=
Subject key identifier:   23:89:16:2C:94:1C:24:83:78:CA:F3:A1:21:40:71:0C:77:DC:05:76
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       019B7EA661854734EBC1288300A2503CA33D
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/I4kWLJQcJIN4yvOhIUBxDHfcBXY.roa
Signing time:             Fri 02 Jan 2026 12:19:51 +0000
ROA not before:           Fri 02 Jan 2026 12:19:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215059
IP address blocks:        2a06:da80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:61:85:47:34:eb:c1:28:83:00:a2:50:3c:a3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Jan  2 12:19:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2389162c941c248378caf3a12140710c77dc0576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:8a:b3:f5:ab:75:a5:da:3a:ce:09:b4:c0:
                    79:9e:ba:cc:9f:e9:0d:cc:2e:4c:fa:cb:51:52:9b:
                    01:99:a3:cd:0f:b6:a2:9b:e3:d1:87:04:29:45:b5:
                    5f:44:38:25:39:f6:d6:a2:d8:d3:c0:85:a7:4e:a0:
                    fb:93:d0:ea:88:27:1e:9d:b0:36:ef:c8:0b:b7:25:
                    8a:46:2c:f0:35:b2:51:5d:5e:70:c7:fe:04:ff:cf:
                    a3:78:eb:6b:d0:c3:90:8f:de:f4:35:7a:36:5a:49:
                    10:98:53:e1:de:0d:29:97:34:33:68:58:9e:fb:65:
                    8b:1d:3c:a3:6f:d4:8e:ce:8a:2e:e7:cd:f2:20:9c:
                    2f:41:69:b4:e9:13:8b:2f:a9:2c:b3:d5:b9:74:2a:
                    5b:d4:76:6f:93:ad:5c:71:b7:fd:fe:f3:76:8c:2f:
                    fa:1b:b1:b2:88:f1:8f:db:04:19:d6:f9:23:cb:de:
                    2f:fa:ca:40:ad:9c:36:d8:7e:9d:d2:33:cb:98:d0:
                    e7:76:f9:fd:fe:b5:06:98:f8:fe:d6:67:94:3f:fa:
                    41:ed:45:dd:3c:ca:b1:5d:6f:60:b1:a6:7b:6c:3b:
                    de:34:c6:3c:8f:38:87:28:09:33:a4:cf:8f:48:f8:
                    9b:a5:07:35:14:3d:ae:b4:2e:c1:76:03:b1:63:e1:
                    dd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:89:16:2C:94:1C:24:83:78:CA:F3:A1:21:40:71:0C:77:DC:05:76
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/I4kWLJQcJIN4yvOhIUBxDHfcBXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:44:28:39:3e:50:71:83:c7:de:08:bd:1d:e9:1e:dc:fe:b3:
         31:98:ce:d5:b2:be:c1:9a:23:7f:df:e4:17:ca:d4:7b:97:09:
         4d:1f:7c:6a:4b:3f:ec:86:4e:0d:0a:55:b5:ae:43:85:ba:98:
         34:05:c9:47:f6:ee:02:2f:75:2f:39:f6:93:ab:f9:12:33:cf:
         09:00:f9:89:7f:3b:11:85:80:7a:1f:dc:d5:ef:0f:b7:74:b5:
         e4:af:d6:4a:34:c3:37:09:a7:6c:9a:4d:9d:1f:f3:67:82:ed:
         31:7b:f0:cc:d8:7a:fb:b2:98:53:1a:b0:32:f0:ef:e1:31:ac:
         5d:c4:91:95:c8:21:44:7c:83:09:fd:c6:65:34:9d:4b:e7:98:
         f6:84:26:2c:79:c0:f0:fe:95:b2:76:c4:50:39:47:c6:b2:3b:
         7c:99:ea:30:64:7d:34:57:7e:0c:5f:87:1a:87:05:48:8e:c9:
         ea:93:84:99:08:94:03:bb:cd:57:5e:e4:04:9a:75:6f:e2:5a:
         58:d4:8b:16:e0:54:53:4c:4a:d6:c2:ca:77:5c:ad:5c:bc:d9:
         af:2b:a5:24:f6:fa:b9:fa:6f:ad:ea:ff:cf:4d:cf:7f:07:0e:
         4a:4f:fa:0f:d1:5e:5a:b8:27:82:e4:97:2c:36:56:cd:a4:6c:
         3b:6f:74:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pmGFRzTrwSiDAKJQPKM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjYwMTAyMTIxOTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzg5MTYyYzk0MWMyNDgzNzhjYWYzYTEyMTQwNzEwYzc3ZGMwNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu92Ks/WrdaXaOs4JtMB5nrrMn+kN
zC5M+stRUpsBmaPND7aim+PRhwQpRbVfRDglOfbWotjTwIWnTqD7k9DqiCcenbA2
78gLtyWKRizwNbJRXV5wx/4E/8+jeOtr0MOQj970NXo2WkkQmFPh3g0plzQzaFie
+2WLHTyjb9SOzoou583yIJwvQWm06ROLL6kss9W5dCpb1HZvk61ccbf9/vN2jC/6
G7GyiPGP2wQZ1vkjy94v+spArZw22H6d0jPLmNDndvn9/rUGmPj+1meUP/pB7UXd
PMqxXW9gsaZ7bDveNMY8jziHKAkzpM+PSPibpQc1FD2utC7BdgOxY+HdbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCOJFiyUHCSDeMrzoSFAcQx33AV2MB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvSTRrV0xKUWNKSU40eXZPaElVQnhESGZjQlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgbagDAN
BgkqhkiG9w0BAQsFAAOCAQEADEQoOT5QcYPH3gi9Heke3P6zMZjO1bK+wZojf9/k
F8rUe5cJTR98aks/7IZODQpVta5DhbqYNAXJR/buAi91Lzn2k6v5EjPPCQD5iX87
EYWAeh/c1e8Pt3S15K/WSjTDNwmnbJpNnR/zZ4LtMXvwzNh6+7KYUxqwMvDv4TGs
XcSRlcghRHyDCf3GZTSdS+eY9oQmLHnA8P6VsnbEUDlHxrI7fJnqMGR9NFd+DF+H
GocFSI7J6pOEmQiUA7vNV17kBJp1b+JaWNSLFuBUU0xK1sLKd1ytXLzZryulJPb6
ufpvrer/z03PfwcOSk/6D9FeWrgnguSXLDZWzaRsO290Vw==
-----END CERTIFICATE-----