This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/bWmOOPKyQMv70URwqTZU8sllHjY.roa
File:                     bWmOOPKyQMv70URwqTZU8sllHjY.roa (raw, json)
Hash identifier:          yQ8N3UwrqjLlEaxQHxKpVivx2+Lei1qK8l2tgkVbZiM=
Subject key identifier:   6D:69:8E:38:F2:B2:40:CB:FB:D1:44:70:A9:36:54:F2:C9:65:1E:36
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       019B79ECB3AD72603BB4442207B626491717
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/bWmOOPKyQMv70URwqTZU8sllHjY.roa
Signing time:             Thu 01 Jan 2026 14:18:34 +0000
ROA not before:           Thu 01 Jan 2026 14:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12488
IP address blocks:        2001:678:2cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:b3:ad:72:60:3b:b4:44:22:07:b6:26:49:17:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  1 14:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d698e38f2b240cbfbd14470a93654f2c9651e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:55:3f:69:b4:7c:2f:92:7e:64:3c:b3:6e:1f:
                    b8:f3:14:21:24:51:0e:23:4b:d3:cf:8c:64:9c:33:
                    bd:54:d0:97:de:cb:68:9b:9c:d1:15:04:11:53:ba:
                    74:5b:6b:be:14:a5:56:c3:d8:f9:4c:d0:46:33:7e:
                    ae:3c:c4:35:0d:3d:76:4f:a3:05:15:62:b0:8c:90:
                    61:50:40:dc:f4:82:4e:32:20:5a:50:c7:7c:51:29:
                    77:90:7b:8f:93:cd:39:46:4d:6a:a1:e0:a9:74:6c:
                    d9:87:cf:78:85:36:66:2e:2f:37:1f:ae:07:ce:b7:
                    85:2d:63:44:b1:71:4d:4e:13:be:86:91:3b:14:1e:
                    d9:06:b2:1b:67:ba:e1:8b:a4:16:ed:25:bc:1c:00:
                    86:2b:02:14:70:0e:7e:9c:c8:a7:31:35:50:34:47:
                    40:ba:39:7e:cb:e8:1f:4e:fa:c6:7f:f7:f4:61:dd:
                    07:3d:a9:a0:d2:a5:6a:08:df:da:62:14:30:7f:6b:
                    1e:b7:13:d7:2d:e4:9b:dc:bb:fb:07:65:5c:9f:1c:
                    5f:f6:9d:3a:a6:b3:8e:0a:d8:a5:7e:83:a2:38:ac:
                    1d:02:ef:b5:b0:e8:bd:76:73:28:a7:23:8f:a8:59:
                    8a:27:5a:9d:91:90:f0:41:0a:e1:91:8f:70:b0:89:
                    9f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:69:8E:38:F2:B2:40:CB:FB:D1:44:70:A9:36:54:F2:C9:65:1E:36
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/bWmOOPKyQMv70URwqTZU8sllHjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:10:bd:17:08:fb:b3:4a:0d:0e:8a:dd:a9:4c:66:31:4e:0d:
         05:c4:6b:b9:73:7c:5f:59:1b:64:aa:95:c8:ed:ba:8e:85:fc:
         d8:00:40:a7:1b:47:c4:b5:82:ae:d8:f5:94:ef:e9:6d:17:3d:
         6c:af:50:21:02:b5:47:a6:b1:ac:04:f9:6a:a7:ce:dc:f5:10:
         06:12:fb:ba:33:4c:7e:3d:10:74:14:cf:99:e1:79:d4:be:86:
         66:33:82:61:a9:42:4e:ea:96:69:7d:d0:6a:f7:05:9b:f4:92:
         20:8a:7c:95:e6:66:35:f7:85:73:9f:de:23:fe:bf:92:59:b6:
         da:e3:85:47:f3:7e:90:36:82:81:c6:77:0c:a2:ba:89:f6:d0:
         e8:c2:50:66:af:d2:5a:5f:d6:b4:72:0f:86:9d:b5:48:5e:de:
         21:56:85:07:31:50:25:3d:52:a7:12:98:f6:ff:96:1d:88:cc:
         b7:51:48:50:5a:22:c7:4e:d1:f5:1c:2e:2b:98:1b:2f:ed:e4:
         4a:77:13:a7:36:50:cf:21:29:05:c0:d8:99:81:82:82:ec:0a:
         81:5a:b3:54:5b:05:ce:94:3a:13:fe:0f:82:a0:5c:15:90:98:
         bd:13:1f:ff:36:83:33:47:07:16:fc:f8:27:dd:50:e7:31:66:
         a7:12:b1:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57LOtcmA7tEQiB7YmSRcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjYwMTAxMTQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY5OGUzOGYyYjI0MGNiZmJkMTQ0NzBhOTM2NTRmMmM5NjUxZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VU/abR8L5J+ZDyzbh+48xQhJFEO
I0vTz4xknDO9VNCX3stom5zRFQQRU7p0W2u+FKVWw9j5TNBGM36uPMQ1DT12T6MF
FWKwjJBhUEDc9IJOMiBaUMd8USl3kHuPk805Rk1qoeCpdGzZh894hTZmLi83H64H
zreFLWNEsXFNThO+hpE7FB7ZBrIbZ7rhi6QW7SW8HACGKwIUcA5+nMinMTVQNEdA
ujl+y+gfTvrGf/f0Yd0HPamg0qVqCN/aYhQwf2setxPXLeSb3Lv7B2Vcnxxf9p06
prOOCtilfoOiOKwdAu+1sOi9dnMopyOPqFmKJ1qdkZDwQQrhkY9wsImfjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG1pjjjyskDL+9FEcKk2VPLJZR42MB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvYldtT09QS3lRTXY3MFVSd3FUWlU4c2xsSGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQAJEL0XCPuzSg0Oit2pTGYxTg0FxGu5c3xfWRtk
qpXI7bqOhfzYAECnG0fEtYKu2PWU7+ltFz1sr1AhArVHprGsBPlqp87c9RAGEvu6
M0x+PRB0FM+Z4XnUvoZmM4JhqUJO6pZpfdBq9wWb9JIginyV5mY194Vzn94j/r+S
Wbba44VH836QNoKBxncMorqJ9tDowlBmr9JaX9a0cg+GnbVIXt4hVoUHMVAlPVKn
Epj2/5YdiMy3UUhQWiLHTtH1HC4rmBsv7eRKdxOnNlDPISkFwNiZgYKC7AqBWrNU
WwXOlDoT/g+CoFwVkJi9Ex//NoMzRwcW/Pgn3VDnMWanErGb
-----END CERTIFICATE-----