This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/aOh1-99JcOZxqAcykG11EP2F9_g.roa
File:                     aOh1-99JcOZxqAcykG11EP2F9_g.roa (raw, json)
Hash identifier:          5HlRoHZPsDB8WS/Sga5nh3qNHpa39AaXfQFzVc0mT+4=
Subject key identifier:   68:E8:75:FB:DF:49:70:E6:71:A8:07:32:90:6D:75:10:FD:85:F7:F8
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       019B797EA964CE5570D49175E11C6BDA3E5E
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/aOh1-99JcOZxqAcykG11EP2F9_g.roa
Signing time:             Thu 01 Jan 2026 12:18:22 +0000
ROA not before:           Thu 01 Jan 2026 12:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199418
IP address blocks:        2a13:1c47:ffa0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a9:64:ce:55:70:d4:91:75:e1:1c:6b:da:3e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 12:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68e875fbdf4970e671a80732906d7510fd85f7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:83:5c:44:8e:ec:b6:0c:a7:09:4c:11:8b:a0:
                    e8:73:10:93:f2:c5:c9:ee:4c:64:27:0f:80:5c:8b:
                    b0:63:08:2e:e2:22:2a:d7:7a:ae:43:a2:93:f5:29:
                    6b:04:8f:c7:a1:de:f6:0e:01:47:7e:38:8a:c3:b7:
                    a2:e2:1c:4d:70:94:ca:1e:c5:15:69:0c:96:e6:08:
                    da:f9:48:1d:a0:d4:15:a6:c8:27:10:a2:eb:e3:be:
                    c8:84:24:56:1d:cf:6e:1b:5b:83:40:ca:96:83:47:
                    82:ba:52:9e:9d:11:10:fe:10:dc:87:56:dc:1c:fb:
                    c2:e8:97:4f:dd:7f:ec:d6:5c:51:7c:5f:b9:ff:94:
                    ee:6e:39:03:ac:46:b1:d7:cc:73:32:90:1c:f6:51:
                    f5:6f:d0:9f:61:18:bc:a6:d6:59:f0:75:3c:2a:26:
                    cc:5d:1c:c7:b5:16:fc:b0:9f:7f:7c:04:9a:2e:83:
                    38:aa:02:e7:fa:aa:f1:d3:3b:81:3f:f8:86:26:c2:
                    e3:c0:81:76:e6:38:d7:2e:de:0f:5d:d5:98:3e:54:
                    3f:56:b7:43:90:f7:44:8a:06:76:1c:58:de:11:c9:
                    45:4a:f7:e8:96:59:07:4a:85:7f:38:23:26:50:63:
                    ab:7c:39:0b:4b:e8:a6:05:8e:0e:65:ea:1c:2b:f0:
                    9c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E8:75:FB:DF:49:70:E6:71:A8:07:32:90:6D:75:10:FD:85:F7:F8
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/aOh1-99JcOZxqAcykG11EP2F9_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c47:ffa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:18:49:cc:d2:62:50:84:55:62:8c:61:0c:2a:cb:27:59:63:
         31:17:8d:ba:8b:2d:ed:d1:b4:df:46:16:6a:fd:ae:ec:78:78:
         db:1c:6f:c9:fe:bd:5b:14:a4:3b:4d:15:ec:42:db:c7:68:0d:
         82:39:75:fc:03:9f:ce:d5:ca:1f:14:54:f2:09:ce:8b:0a:78:
         eb:52:df:a9:45:0f:c0:d5:19:11:2d:a3:71:10:53:ec:d7:88:
         64:d1:4c:64:1c:0e:cf:a3:13:88:a1:fa:92:16:95:20:d9:f4:
         80:7b:5b:9a:0e:ec:f7:ca:6c:d3:ee:ef:f6:7a:39:d8:99:d0:
         8c:f5:c0:2d:02:41:2c:7d:1f:71:16:d1:00:61:16:bd:d6:37:
         63:77:cf:52:ca:6a:76:1f:5b:fb:d4:d4:33:f7:8f:b4:2e:c4:
         59:fd:ed:e2:bc:7f:df:60:f9:5e:a2:0c:9b:55:bb:f7:d6:a9:
         55:a5:17:f5:bc:e6:4c:00:1d:27:43:a9:cf:d0:26:83:19:82:
         b9:b4:92:88:fb:f4:d1:2c:1c:0b:aa:97:b9:21:da:de:1e:61:
         7c:be:bf:21:2a:05:ef:2d:91:88:1a:7c:29:10:92:20:11:84:
         ea:c7:09:9b:5b:30:b7:84:a6:2f:5d:d9:41:31:49:bc:ba:c2:
         c6:f5:57:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5fqlkzlVw1JF14Rxr2j5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjYwMTAxMTIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU4NzVmYmRmNDk3MGU2NzFhODA3MzI5MDZkNzUxMGZkODVmN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oNcRI7stgynCUwRi6DocxCT8sXJ
7kxkJw+AXIuwYwgu4iIq13quQ6KT9SlrBI/Hod72DgFHfjiKw7ei4hxNcJTKHsUV
aQyW5gja+UgdoNQVpsgnEKLr477IhCRWHc9uG1uDQMqWg0eCulKenREQ/hDch1bc
HPvC6JdP3X/s1lxRfF+5/5TubjkDrEax18xzMpAc9lH1b9CfYRi8ptZZ8HU8KibM
XRzHtRb8sJ9/fASaLoM4qgLn+qrx0zuBP/iGJsLjwIF25jjXLt4PXdWYPlQ/VrdD
kPdEigZ2HFjeEclFSvfollkHSoV/OCMmUGOrfDkLS+imBY4OZeocK/CctQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGjodfvfSXDmcagHMpBtdRD9hff4MB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvYU9oMS05OUpjT1p4cUFjeWtHMTFFUDJGOV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMcR/+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBsGEnM0mJQhFVijGEMKssnWWMxF426iy3t0bTf
RhZq/a7seHjbHG/J/r1bFKQ7TRXsQtvHaA2COXX8A5/O1cofFFTyCc6LCnjrUt+p
RQ/A1RkRLaNxEFPs14hk0UxkHA7PoxOIofqSFpUg2fSAe1uaDuz3ymzT7u/2ejnY
mdCM9cAtAkEsfR9xFtEAYRa91jdjd89Symp2H1v71NQz94+0LsRZ/e3ivH/fYPle
ogybVbv31qlVpRf1vOZMAB0nQ6nP0CaDGYK5tJKI+/TRLBwLqpe5IdreHmF8vr8h
KgXvLZGIGnwpEJIgEYTqxwmbWzC3hKYvXdlBMUm8usLG9Vdt
-----END CERTIFICATE-----