This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/IGvyNAGkUwt5swY3ZPAsKMi4Y9A.roa
File:                     IGvyNAGkUwt5swY3ZPAsKMi4Y9A.roa (raw, json)
Hash identifier:          9R/m5HiUPddcgvtc69T2bzqCBkVGTvcPZN9UWeURM0E=
Subject key identifier:   20:6B:F2:34:01:A4:53:0B:79:B3:06:37:64:F0:2C:28:C8:B8:63:D0
Certificate issuer:       /CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
Certificate serial:       019B7C12D826EE64BA1C0844662B0B9D2545
Authority key identifier: 5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/IGvyNAGkUwt5swY3ZPAsKMi4Y9A.roa
Signing time:             Fri 02 Jan 2026 00:19:28 +0000
ROA not before:           Fri 02 Jan 2026 00:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58057
IP address blocks:        2001:67c:bd4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:d8:26:ee:64:ba:1c:08:44:66:2b:0b:9d:25:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
        Validity
            Not Before: Jan  2 00:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=206bf23401a4530b79b3063764f02c28c8b863d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:af:c5:20:17:c3:c8:b6:4e:62:cf:38:9b:b7:
                    ba:10:7c:3f:cf:b4:04:bf:ac:b0:f8:af:4c:91:cf:
                    13:9e:03:e8:56:53:81:7f:eb:ea:60:eb:bb:4f:2c:
                    c5:97:26:cd:71:a6:74:dc:c7:82:3c:5e:de:da:a8:
                    b4:cb:b7:18:c0:4c:51:5b:1a:92:24:7c:33:04:d5:
                    df:cd:3c:59:94:13:6f:98:d7:a6:00:7e:c9:50:6c:
                    df:42:b9:57:f6:9f:b4:03:a8:f6:f6:e9:33:cb:53:
                    62:49:7d:72:7c:7b:4a:57:92:e9:50:45:5b:27:89:
                    6e:bd:b0:34:85:1c:48:c4:92:69:6e:b4:da:6e:3e:
                    28:cc:41:40:ee:46:59:20:de:d3:93:13:b1:d2:20:
                    75:b3:da:10:dc:b9:5d:ee:f6:9d:50:2d:7b:9f:3c:
                    5a:4a:4b:04:14:c2:8a:18:15:96:40:ea:3a:71:f5:
                    9b:38:0a:20:2a:a4:80:b4:60:91:e6:32:04:8f:72:
                    87:7c:37:52:46:32:e9:e5:8a:ea:ec:b0:b0:26:8a:
                    24:25:2e:5d:38:0a:ff:31:ec:a8:3f:2b:1e:2c:ba:
                    de:55:86:6f:94:63:5d:d0:6a:72:ed:b0:05:ed:ec:
                    c3:c2:ef:33:4d:3f:2c:a0:54:a4:80:95:7c:71:b4:
                    f3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6B:F2:34:01:A4:53:0B:79:B3:06:37:64:F0:2C:28:C8:B8:63:D0
            X509v3 Authority Key Identifier:
                keyid:5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/IGvyNAGkUwt5swY3ZPAsKMi4Y9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bd4::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:d2:6a:0f:d7:af:df:d3:98:93:b9:67:41:ea:b7:9e:e3:ef:
         c4:35:72:c9:d6:f8:b0:d4:64:be:a4:11:22:e0:18:66:5b:5d:
         a1:1c:8b:92:3a:41:27:90:eb:73:cc:a6:e5:cf:52:ae:1a:db:
         d9:6c:ac:78:a5:f4:ec:78:7a:f2:f5:a8:49:fb:7a:71:cf:60:
         38:72:d9:47:72:d0:e4:c3:a8:e1:e6:ab:19:5c:72:0a:85:14:
         db:a2:3b:16:71:a0:90:21:03:f6:0b:df:41:bd:4c:ec:10:7b:
         5a:cc:6c:00:f6:fa:5a:f0:83:11:99:c3:56:ac:7a:7a:25:35:
         ed:37:a6:87:ae:ce:57:6c:f3:29:bf:cc:5b:d9:09:ec:7a:44:
         18:53:0d:fe:c6:e8:c7:e1:5f:15:71:cd:10:36:0d:b8:05:3e:
         94:d2:67:20:57:e8:84:77:d8:d6:d6:3b:8d:88:3f:57:51:49:
         fb:8b:93:d5:a7:c8:08:54:85:cd:f3:3b:9f:0a:33:45:dd:aa:
         c5:ec:73:e3:32:0a:80:1e:76:98:d8:8f:69:e1:56:f0:ba:72:
         02:ae:98:4e:1a:a9:3c:86:bd:4e:05:b9:f1:e8:fc:fd:e7:d5:
         30:b3:5c:fa:6a:31:11:35:cb:19:54:eb:25:78:70:12:dd:4f:
         0e:e7:1b:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8Etgm7mS6HAhEZisLnSVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGZkOTBkOTg3Mjk3Y2I1ZGQ0ZTA3YmU4NDBkMjgwZDFl
MmNjNGEwHhcNMjYwMTAyMDAxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDZiZjIzNDAxYTQ1MzBiNzliMzA2Mzc2NGYwMmMyOGM4Yjg2M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3q/FIBfDyLZOYs84m7e6EHw/z7QE
v6yw+K9Mkc8TngPoVlOBf+vqYOu7TyzFlybNcaZ03MeCPF7e2qi0y7cYwExRWxqS
JHwzBNXfzTxZlBNvmNemAH7JUGzfQrlX9p+0A6j29ukzy1NiSX1yfHtKV5LpUEVb
J4luvbA0hRxIxJJpbrTabj4ozEFA7kZZIN7TkxOx0iB1s9oQ3Lld7vadUC17nzxa
SksEFMKKGBWWQOo6cfWbOAogKqSAtGCR5jIEj3KHfDdSRjLp5Yrq7LCwJookJS5d
OAr/MeyoPyseLLreVYZvlGNd0Gpy7bAF7ezDwu8zTT8soFSkgJV8cbTzuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCBr8jQBpFMLebMGN2TwLCjIuGPQMB8GA1UdIwQY
MBaAFF8P2Q2YcpfLXdTge+hA0oDR4sxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjIt
N2JjZWZhOWY1OWU4LzEvSUd2eU5BR2tVd3Q1c3dZM1pQQXNLTWk0WTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjItN2JjZWZhOWY1OWU4
LzEvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvU
MA0GCSqGSIb3DQEBCwUAA4IBAQAx0moP16/f05iTuWdB6ree4+/ENXLJ1viw1GS+
pBEi4BhmW12hHIuSOkEnkOtzzKblz1KuGtvZbKx4pfTseHry9ahJ+3pxz2A4ctlH
ctDkw6jh5qsZXHIKhRTbojsWcaCQIQP2C99BvUzsEHtazGwA9vpa8IMRmcNWrHp6
JTXtN6aHrs5XbPMpv8xb2QnsekQYUw3+xujH4V8Vcc0QNg24BT6U0mcgV+iEd9jW
1juNiD9XUUn7i5PVp8gIVIXN8zufCjNF3arF7HPjMgqAHnaY2I9p4VbwunICrphO
Gqk8hr1OBbnx6Pz959Uws1z6ajERNcsZVOsleHAS3U8O5xvM
-----END CERTIFICATE-----