This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/wzhvVBisYwpfDxdiNkmYJjywz5I.roa
File:                     wzhvVBisYwpfDxdiNkmYJjywz5I.roa (raw, json)
Hash identifier:          vkonNhWWhUvXolDJXrRgZMBJWgHtThs0/Uh8jZJo5Qg=
Subject key identifier:   C3:38:6F:54:18:AC:63:0A:5F:0F:17:62:36:49:98:26:3C:B0:CF:92
Certificate issuer:       /CN=993e814676f32f264771c7ad767a4df87d3c63e2
Certificate serial:       019B7A5AD3A7BDE25CFD0AEDE582007549B8
Authority key identifier: 99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/wzhvVBisYwpfDxdiNkmYJjywz5I.roa
Signing time:             Thu 01 Jan 2026 16:18:51 +0000
ROA not before:           Thu 01 Jan 2026 16:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206659
IP address blocks:        2a0d:b080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d3:a7:bd:e2:5c:fd:0a:ed:e5:82:00:75:49:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=993e814676f32f264771c7ad767a4df87d3c63e2
        Validity
            Not Before: Jan  1 16:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3386f5418ac630a5f0f1762364998263cb0cf92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:10:50:3e:5a:62:e1:1b:43:8c:99:a4:3f:35:
                    a0:40:72:36:6d:21:4a:9b:be:0e:f0:37:43:d1:ba:
                    bd:82:85:ef:61:e6:43:b7:d0:cc:f8:4c:ef:fb:7a:
                    58:b1:91:a7:c0:23:44:d2:60:38:ff:e4:83:4a:8c:
                    c2:5c:30:52:ee:fe:23:c0:08:f8:97:7f:87:5d:5f:
                    b5:75:12:8d:6d:0d:25:ab:a3:bc:bc:1d:83:7b:95:
                    97:b3:94:e3:ec:68:bd:2e:c9:01:be:d8:02:0e:77:
                    af:25:88:c9:79:bd:5a:37:1d:c1:5b:71:7d:ae:fa:
                    97:93:a9:24:42:cf:1a:36:09:bd:8d:95:15:71:69:
                    01:ed:4a:f6:dc:79:5f:80:98:03:ad:eb:04:8f:15:
                    da:e9:a1:c3:c6:cf:96:63:ec:55:d1:f0:b9:82:61:
                    14:30:bc:93:f6:b5:5d:a7:e2:90:5a:f2:07:a0:3c:
                    93:21:37:de:b4:29:d6:e9:2e:e5:4f:23:a4:b4:7a:
                    6f:60:0e:4f:80:8f:ea:25:ef:cb:4c:a7:75:64:6c:
                    be:03:99:60:6f:99:f7:c1:46:ba:6a:09:13:49:0b:
                    ac:56:8a:dc:ad:79:ad:86:a4:f3:ba:42:78:bc:8b:
                    f1:54:ad:e5:dc:eb:0e:d8:99:e7:49:98:30:19:5b:
                    86:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:38:6F:54:18:AC:63:0A:5F:0F:17:62:36:49:98:26:3C:B0:CF:92
            X509v3 Authority Key Identifier:
                keyid:99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/wzhvVBisYwpfDxdiNkmYJjywz5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:89:17:52:fc:79:82:dc:48:36:1e:94:7d:cc:98:ec:0a:af:
         5b:0a:c4:f1:75:9d:2e:57:ae:b1:03:6c:67:2d:f9:d9:f4:18:
         2d:cb:c4:38:87:11:5a:f8:9a:ee:8d:54:4d:07:3e:b8:e6:e1:
         84:d7:f2:79:66:06:44:8a:05:a4:8b:ca:98:7d:da:79:20:c2:
         e5:73:ca:b0:0c:93:a6:4f:a9:8d:76:d5:2b:3d:62:59:a1:c0:
         96:80:7a:27:ef:44:97:14:84:2b:d3:35:27:12:1c:2c:5f:2d:
         5a:03:43:cb:69:5e:ce:7f:f2:dd:6d:51:f0:e1:22:91:42:9f:
         39:40:58:a0:b9:de:59:58:14:f7:9e:b1:57:95:32:a9:ca:62:
         89:0c:b9:c1:8f:d3:ce:b2:ea:b1:22:d4:11:b9:5d:c5:35:6f:
         84:8d:9a:63:22:91:03:1c:35:32:85:83:cd:a4:a7:10:84:cd:
         b9:a5:f3:3a:83:9c:e2:61:fd:3c:79:26:aa:6c:cd:1a:c9:86:
         ce:cc:6a:8c:3f:50:a1:87:af:aa:b8:a3:0f:fa:29:ea:90:98:
         13:c3:07:e2:e7:b5:b8:c0:f2:16:cd:73:ba:01:e9:94:b7:ba:
         df:65:36:5b:98:59:ed:55:11:f0:de:6e:f1:43:d5:2a:a8:b2:
         7d:51:a3:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6WtOnveJc/Qrt5YIAdUm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5M2U4MTQ2NzZmMzJmMjY0NzcxYzdhZDc2N2E0ZGY4N2Qz
YzYzZTIwHhcNMjYwMTAxMTYxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzM4NmY1NDE4YWM2MzBhNWYwZjE3NjIzNjQ5OTgyNjNjYjBjZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRBQPlpi4RtDjJmkPzWgQHI2bSFK
m74O8DdD0bq9goXvYeZDt9DM+Ezv+3pYsZGnwCNE0mA4/+SDSozCXDBS7v4jwAj4
l3+HXV+1dRKNbQ0lq6O8vB2De5WXs5Tj7Gi9LskBvtgCDnevJYjJeb1aNx3BW3F9
rvqXk6kkQs8aNgm9jZUVcWkB7Ur23HlfgJgDresEjxXa6aHDxs+WY+xV0fC5gmEU
MLyT9rVdp+KQWvIHoDyTITfetCnW6S7lTyOktHpvYA5PgI/qJe/LTKd1ZGy+A5lg
b5n3wUa6agkTSQusVorcrXmthqTzukJ4vIvxVK3l3OsO2JnnSZgwGVuGhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMM4b1QYrGMKXw8XYjZJmCY8sM+SMB8GA1UdIwQY
MBaAFJk+gUZ28y8mR3HHrXZ6Tfh9PGPiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYt
NDhjYjBmY2I5MGMzLzEvd3podlZCaXNZd3BmRHhkaU5rbVlKanl3ejVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYtNDhjYjBmY2I5MGMz
LzEvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2wgDAN
BgkqhkiG9w0BAQsFAAOCAQEAZIkXUvx5gtxINh6UfcyY7AqvWwrE8XWdLleusQNs
Zy352fQYLcvEOIcRWvia7o1UTQc+uObhhNfyeWYGRIoFpIvKmH3aeSDC5XPKsAyT
pk+pjXbVKz1iWaHAloB6J+9ElxSEK9M1JxIcLF8tWgNDy2lezn/y3W1R8OEikUKf
OUBYoLneWVgU956xV5UyqcpiiQy5wY/TzrLqsSLUEbldxTVvhI2aYyKRAxw1MoWD
zaSnEITNuaXzOoOc4mH9PHkmqmzNGsmGzsxqjD9QoYevqrijD/op6pCYE8MH4ue1
uMDyFs1zugHplLe632U2W5hZ7VUR8N5u8UPVKqiyfVGjKA==
-----END CERTIFICATE-----