This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/aHNCfZJ-9wQZxvNMw3DS1H21hCo.roa
File:                     aHNCfZJ-9wQZxvNMw3DS1H21hCo.roa (raw, json)
Hash identifier:          2DGefUYW6AHzEy+ZIacwyGwUVxEFyzaT1n0vrc2KxWs=
Subject key identifier:   68:73:42:7D:92:7E:F7:04:19:C6:F3:4C:C3:70:D2:D4:7D:B5:84:2A
Certificate issuer:       /CN=65415a1763fe005b0139b014c6e575d5f9b2a504
Certificate serial:       019B7D5B6A1E4A26CBD9D2BC94A527B2BA91
Authority key identifier: 65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/aHNCfZJ-9wQZxvNMw3DS1H21hCo.roa
Signing time:             Fri 02 Jan 2026 06:18:21 +0000
ROA not before:           Fri 02 Jan 2026 06:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24577
IP address blocks:        176.120.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:6a:1e:4a:26:cb:d9:d2:bc:94:a5:27:b2:ba:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65415a1763fe005b0139b014c6e575d5f9b2a504
        Validity
            Not Before: Jan  2 06:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6873427d927ef70419c6f34cc370d2d47db5842a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:92:d0:e8:7f:69:b8:06:77:0c:77:5d:c7:b7:
                    5f:e8:98:d2:13:ed:ec:0f:b3:d1:45:39:34:7f:24:
                    7d:d8:df:dc:13:81:c2:50:54:0b:9a:b4:b3:fc:44:
                    63:10:c3:ec:0b:cc:c0:f3:66:e2:1a:2b:1b:ed:00:
                    d2:03:dd:30:2d:84:4d:94:6b:09:f0:12:81:73:a3:
                    2d:7c:f2:ff:94:93:d4:11:a2:76:ce:0f:05:be:ca:
                    3c:13:59:13:98:b7:bc:b1:7e:fb:25:34:39:13:b5:
                    8f:fe:c8:26:2f:12:86:b7:03:1a:82:ed:03:12:40:
                    9c:12:84:ef:55:83:7d:70:58:31:14:4e:ef:77:f8:
                    49:33:3c:53:a2:0a:ed:4c:23:6a:c9:7e:ef:9d:08:
                    5b:ae:4a:a1:03:e2:89:86:35:14:43:43:76:00:c1:
                    cd:a7:4a:37:93:40:da:49:32:9f:2e:b9:8a:54:73:
                    05:3c:2d:f3:cf:99:21:f0:d8:7a:05:67:dd:60:17:
                    7e:04:24:10:1a:07:20:9f:39:24:17:e2:03:3f:f3:
                    c5:0f:d4:d3:54:b5:ce:b9:1d:71:b7:93:15:1e:4a:
                    7e:07:fa:2a:cc:0a:97:5a:68:47:ae:a9:d2:98:c5:
                    49:96:52:a5:07:6c:79:77:5a:a3:3c:30:44:55:fb:
                    0e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:73:42:7D:92:7E:F7:04:19:C6:F3:4C:C3:70:D2:D4:7D:B5:84:2A
            X509v3 Authority Key Identifier:
                keyid:65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/aHNCfZJ-9wQZxvNMw3DS1H21hCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:ab:47:6c:49:f4:6e:b3:f1:19:8d:fc:79:e8:64:4a:62:e3:
         77:42:69:e2:53:63:4f:43:47:17:d1:d2:b3:4e:fa:4d:fe:3d:
         28:81:d6:3d:03:15:f1:5e:22:55:c6:bb:d1:f1:87:82:77:07:
         46:52:99:10:5f:16:46:ef:32:ee:7d:0f:81:e6:b7:a8:ef:c3:
         1c:c9:9f:44:75:8d:8e:b3:43:f5:f5:93:44:1c:4d:e8:ca:79:
         bc:13:7c:ab:b5:e2:51:46:69:6a:4d:c4:48:7c:2d:2e:60:d6:
         fb:98:70:e6:a7:84:de:55:df:c9:39:9a:9a:df:b5:22:fc:bc:
         88:3b:40:6c:3e:d7:19:37:26:13:e1:ae:5c:2c:b7:da:33:01:
         63:29:b0:f5:26:5e:bf:1b:7b:59:e6:99:60:09:6c:34:bf:41:
         db:99:e7:80:74:29:3b:08:62:28:a6:ce:5a:74:8d:1c:4e:89:
         4f:27:da:77:68:c3:f8:2e:8f:d3:f1:c4:8b:c6:6f:cb:29:0c:
         56:3e:ab:8a:10:4c:d3:b1:d9:78:4d:ef:4a:02:94:4e:ef:ca:
         94:97:07:a9:9b:00:9b:5a:15:bf:72:68:7b:1e:b8:84:6b:41:
         55:34:8d:65:86:d3:84:ca:9a:70:c5:a7:26:50:d9:00:22:82:
         4a:73:2d:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W2oeSibL2dK8lKUnsrqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NDE1YTE3NjNmZTAwNWIwMTM5YjAxNGM2ZTU3NWQ1Zjli
MmE1MDQwHhcNMjYwMTAyMDYxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODczNDI3ZDkyN2VmNzA0MTljNmYzNGNjMzcwZDJkNDdkYjU4NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipLQ6H9puAZ3DHddx7df6JjSE+3s
D7PRRTk0fyR92N/cE4HCUFQLmrSz/ERjEMPsC8zA82biGisb7QDSA90wLYRNlGsJ
8BKBc6MtfPL/lJPUEaJ2zg8Fvso8E1kTmLe8sX77JTQ5E7WP/sgmLxKGtwMagu0D
EkCcEoTvVYN9cFgxFE7vd/hJMzxTogrtTCNqyX7vnQhbrkqhA+KJhjUUQ0N2AMHN
p0o3k0DaSTKfLrmKVHMFPC3zz5kh8Nh6BWfdYBd+BCQQGgcgnzkkF+IDP/PFD9TT
VLXOuR1xt5MVHkp+B/oqzAqXWmhHrqnSmMVJllKlB2x5d1qjPDBEVfsObwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhzQn2SfvcEGcbzTMNw0tR9tYQqMB8GA1UdIwQY
MBaAFGVBWhdj/gBbATmwFMblddX5sqUEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlVGYUYyUC1BRnNCT2JBVXh1VjExZm15cFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zYWVjNzEtY2ExNy00ZWM1LTg3YTct
ZWU3YTIwNTY5YjgzLzEvYUhOQ2ZaSi05d1FaeHZOTXczRFMxSDIxaENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zYWVjNzEtY2ExNy00ZWM1LTg3YTctZWU3YTIwNTY5Yjgz
LzEvWlVGYUYyUC1BRnNCT2JBVXh1VjExZm15cFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHh4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnq0dsSfRus/EZjfx56GRKYuN3QmniU2NPQ0cX0dKz
TvpN/j0ogdY9AxXxXiJVxrvR8YeCdwdGUpkQXxZG7zLufQ+B5reo78McyZ9EdY2O
s0P19ZNEHE3oynm8E3yrteJRRmlqTcRIfC0uYNb7mHDmp4TeVd/JOZqa37Ui/LyI
O0BsPtcZNyYT4a5cLLfaMwFjKbD1Jl6/G3tZ5plgCWw0v0HbmeeAdCk7CGIops5a
dI0cTolPJ9p3aMP4Lo/T8cSLxm/LKQxWPquKEEzTsdl4Te9KApRO78qUlwepmwCb
WhW/cmh7HriEa0FVNI1lhtOEyppwxacmUNkAIoJKcy0o
-----END CERTIFICATE-----