This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/mP8zF_bJOTWvXPulXS_oUR4vAd8.roa
File:                     mP8zF_bJOTWvXPulXS_oUR4vAd8.roa (raw, json)
Hash identifier:          4byK92brafemOMsopEaLGHGlykZBiRbGdrhWO9EemSI=
Subject key identifier:   98:FF:33:17:F6:C9:39:35:AF:5C:FB:A5:5D:2F:E8:51:1E:2F:01:DF
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       019B797EA9F73DDF4E18F7C1799FEF683854
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/mP8zF_bJOTWvXPulXS_oUR4vAd8.roa
Signing time:             Thu 01 Jan 2026 12:18:22 +0000
ROA not before:           Thu 01 Jan 2026 12:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212832
IP address blocks:        2a13:1c46::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a9:f7:3d:df:4e:18:f7:c1:79:9f:ef:68:38:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 12:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98ff3317f6c93935af5cfba55d2fe8511e2f01df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:47:4a:53:e4:d3:b2:c2:59:8a:80:e4:c2:ef:
                    36:81:0a:2a:c1:4b:bd:c9:a9:77:27:3c:e6:11:4b:
                    c7:05:ab:50:83:47:ad:94:21:e4:06:ae:f8:aa:9f:
                    3d:48:4e:4c:6d:73:4f:ec:f6:30:e8:dd:25:81:2f:
                    5f:32:cb:c4:ba:dd:17:c9:ca:d2:75:57:72:96:00:
                    4c:9f:ed:14:79:02:dd:90:a4:cc:ed:18:18:ea:24:
                    c9:ab:ce:32:06:25:f7:09:5a:69:a9:4b:0f:b4:ef:
                    cd:a8:6a:9e:f3:10:87:4e:b3:eb:16:33:87:2f:b6:
                    13:31:de:40:f1:76:4e:78:9d:a5:36:9d:99:c1:20:
                    43:93:9f:9e:54:d7:1d:e5:b7:0e:32:36:d7:22:88:
                    f0:27:90:73:c8:a5:95:6f:7d:d7:2b:89:81:5d:b2:
                    08:c1:26:17:3c:4d:f0:c0:ba:68:f5:7b:da:a9:19:
                    c4:48:28:fd:99:16:23:a2:bb:99:ec:7a:3c:20:92:
                    6d:a4:71:7b:1b:13:1c:9c:e4:cd:76:fd:48:5d:3d:
                    13:c7:8e:f0:c5:19:70:80:2e:aa:f8:09:2c:e4:b6:
                    7e:95:87:a0:8d:63:be:15:86:75:68:4a:cd:cb:62:
                    cc:b8:a6:0c:c0:6a:e8:07:14:4d:2a:70:b6:68:5d:
                    c1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FF:33:17:F6:C9:39:35:AF:5C:FB:A5:5D:2F:E8:51:1E:2F:01:DF
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/mP8zF_bJOTWvXPulXS_oUR4vAd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c46::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:5b:31:d6:7f:41:e6:74:c1:b7:35:f5:d5:ef:46:09:91:59:
         9a:95:78:ef:c1:b2:c8:44:db:9b:7c:e7:ab:cc:c3:06:8e:95:
         0b:30:7d:c9:fe:6b:56:0c:b6:fa:01:7f:1d:f6:48:62:5d:64:
         5b:e1:6e:c1:50:da:01:5f:d3:e3:96:37:c3:d5:37:c4:58:39:
         22:59:99:59:38:5a:46:d0:94:75:e6:bc:1e:36:75:f9:f6:82:
         32:24:bb:7e:fb:8b:6f:e7:f4:5b:ec:ed:72:27:b2:8c:b4:49:
         c5:dd:cd:5a:44:29:01:08:ff:f2:7f:6f:0b:16:f2:cc:01:c5:
         fe:8d:50:09:07:6d:c8:8d:96:d9:83:00:48:ab:0e:c0:5a:24:
         57:b6:13:3a:ab:ae:de:3f:92:a0:87:98:f3:47:03:01:99:1a:
         34:1c:7e:20:27:f6:ae:ed:86:34:82:be:d8:ac:66:31:70:3e:
         0a:da:21:70:80:b4:51:71:a7:ab:7d:a8:f3:f0:fd:20:09:c4:
         fb:c0:3a:74:3e:2a:fd:74:5e:33:f0:d3:82:55:e1:c0:2e:8d:
         5b:bd:91:08:91:de:2e:a1:64:7a:21:5f:aa:b6:de:60:b4:76:
         ba:6e:1e:89:0b:dc:a4:1f:a5:6e:fe:10:d0:d8:99:9a:a6:7f:
         81:e4:08:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5fqn3Pd9OGPfBeZ/vaDhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjYwMTAxMTIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZmMzMxN2Y2YzkzOTM1YWY1Y2ZiYTU1ZDJmZTg1MTFlMmYwMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0dKU+TTssJZioDkwu82gQoqwUu9
yal3JzzmEUvHBatQg0etlCHkBq74qp89SE5MbXNP7PYw6N0lgS9fMsvEut0XycrS
dVdylgBMn+0UeQLdkKTM7RgY6iTJq84yBiX3CVppqUsPtO/NqGqe8xCHTrPrFjOH
L7YTMd5A8XZOeJ2lNp2ZwSBDk5+eVNcd5bcOMjbXIojwJ5BzyKWVb33XK4mBXbII
wSYXPE3wwLpo9XvaqRnESCj9mRYjoruZ7Ho8IJJtpHF7GxMcnOTNdv1IXT0Tx47w
xRlwgC6q+Aks5LZ+lYegjWO+FYZ1aErNy2LMuKYMwGroBxRNKnC2aF3BYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJj/Mxf2yTk1r1z7pV0v6FEeLwHfMB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvbVA4ekZfYkpPVFd2WFB1bFhTX29VUjR2QWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMcRjAN
BgkqhkiG9w0BAQsFAAOCAQEAYVsx1n9B5nTBtzX11e9GCZFZmpV478GyyETbm3zn
q8zDBo6VCzB9yf5rVgy2+gF/HfZIYl1kW+FuwVDaAV/T45Y3w9U3xFg5IlmZWTha
RtCUdea8HjZ1+faCMiS7fvuLb+f0W+ztcieyjLRJxd3NWkQpAQj/8n9vCxbyzAHF
/o1QCQdtyI2W2YMASKsOwFokV7YTOquu3j+SoIeY80cDAZkaNBx+ICf2ru2GNIK+
2KxmMXA+CtohcIC0UXGnq32o8/D9IAnE+8A6dD4q/XReM/DTglXhwC6NW72RCJHe
LqFkeiFfqrbeYLR2um4eiQvcpB+lbv4Q0NiZmqZ/geQIIg==
-----END CERTIFICATE-----