This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/699-AVQHq9A-mOz16n5eWo61zOY.roa
File:                     699-AVQHq9A-mOz16n5eWo61zOY.roa (raw, json)
Hash identifier:          qmU7lIRPt6s/fJ1Asi4/dDcElLOynVYiN3n5hO5Ttcc=
Subject key identifier:   EB:DF:7E:01:54:07:AB:D0:3E:98:EC:F5:EA:7E:5E:5A:8E:B5:CC:E6
Certificate issuer:       /CN=a3cf9b646516928b5d06c2a819eb2dbc0fe9920a
Certificate serial:       019B77C6F780A87E4EF6CF3ABCA9B2D523B2
Authority key identifier: A3:CF:9B:64:65:16:92:8B:5D:06:C2:A8:19:EB:2D:BC:0F:E9:92:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/699-AVQHq9A-mOz16n5eWo61zOY.roa
Signing time:             Thu 01 Jan 2026 04:18:06 +0000
ROA not before:           Thu 01 Jan 2026 04:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29518
IP address blocks:        2001:67c:21dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f7:80:a8:7e:4e:f6:cf:3a:bc:a9:b2:d5:23:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3cf9b646516928b5d06c2a819eb2dbc0fe9920a
        Validity
            Not Before: Jan  1 04:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebdf7e015407abd03e98ecf5ea7e5e5a8eb5cce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:04:7b:1f:f1:57:33:d9:50:24:16:52:92:de:
                    2c:01:d2:ca:65:f7:35:ce:9e:2c:29:39:bb:24:0e:
                    24:cb:f6:ea:85:af:0d:d5:40:54:0d:30:66:3e:a4:
                    03:d0:0c:b1:bd:9d:19:50:d0:d5:b3:b1:80:e0:f3:
                    5f:19:38:f9:73:63:63:c2:dc:87:00:ba:20:68:ee:
                    ef:a4:35:46:d0:5a:56:3f:b0:11:79:c6:f2:bd:db:
                    3c:67:4a:47:92:63:a4:13:6b:57:fc:ba:26:f3:1a:
                    66:7b:e5:9c:a5:c4:27:be:2d:53:c4:e8:50:2c:b7:
                    f2:ab:87:d1:44:75:c9:b0:7b:0a:4a:82:3f:a4:f1:
                    c5:d3:3e:92:b4:7f:68:98:bb:ab:f9:87:43:d3:ec:
                    c3:93:02:62:59:20:2f:98:06:49:df:6f:61:4d:6d:
                    94:64:61:09:43:81:52:e8:23:43:33:13:93:36:5c:
                    34:f8:d0:8d:f0:4a:33:5f:67:09:26:fb:09:ae:d1:
                    b6:46:33:86:eb:29:d8:e1:dc:36:cf:73:51:eb:f1:
                    00:ac:6a:85:6f:92:c7:ae:da:1f:1e:86:5e:7d:f3:
                    5a:5b:85:36:92:77:1a:35:04:27:cc:d2:00:60:3c:
                    99:c4:a5:b8:9a:e2:1b:f0:2b:d2:cb:06:bd:e4:56:
                    15:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:DF:7E:01:54:07:AB:D0:3E:98:EC:F5:EA:7E:5E:5A:8E:B5:CC:E6
            X509v3 Authority Key Identifier:
                keyid:A3:CF:9B:64:65:16:92:8B:5D:06:C2:A8:19:EB:2D:BC:0F:E9:92:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/699-AVQHq9A-mOz16n5eWo61zOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:8a:d6:ce:24:38:cb:b2:f9:d9:92:87:e3:ad:37:a3:b3:7f:
         5a:39:26:bd:05:51:fe:ae:57:fe:6a:92:19:da:bc:be:d1:f7:
         92:5a:d5:32:f1:4c:60:1a:c5:21:4e:68:d4:a6:74:10:c3:c3:
         66:dc:4d:7a:13:c1:c3:75:b0:1c:b0:26:1d:f8:9d:c6:86:da:
         43:88:a2:4d:f7:88:b0:b5:5d:4b:a2:71:64:0b:53:ca:46:54:
         41:fb:1d:03:12:b2:eb:ff:5f:06:92:19:67:1d:99:b4:a1:70:
         7c:8e:a6:c0:ca:e8:1a:dd:d9:af:1d:43:5f:ae:ca:73:47:1b:
         af:0f:4f:a3:0d:fd:ea:69:3e:6f:ba:87:ef:ae:44:b9:a5:51:
         4f:d1:17:eb:d9:aa:67:78:9d:ef:e5:5e:15:1e:11:ca:87:31:
         3a:f8:95:bb:50:42:f6:8e:0b:ea:79:ae:58:ac:ca:5c:5a:ba:
         4f:e6:e6:45:67:d8:11:0e:87:21:6f:98:a5:bc:05:54:ca:6b:
         c9:2f:19:0e:c5:63:b6:6a:5b:ef:4a:d5:21:3e:b1:2b:47:db:
         5d:b9:a2:f8:58:18:d9:f6:16:7b:2c:12:d4:62:20:b1:de:2f:
         c5:89:2d:98:02:62:29:07:cd:20:16:17:a6:32:86:58:42:01:
         c9:0c:54:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xveAqH5O9s86vKmy1SOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2Y5YjY0NjUxNjkyOGI1ZDA2YzJhODE5ZWIyZGJjMGZl
OTkyMGEwHhcNMjYwMTAxMDQxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmRmN2UwMTU0MDdhYmQwM2U5OGVjZjVlYTdlNWU1YThlYjVjY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQR7H/FXM9lQJBZSkt4sAdLKZfc1
zp4sKTm7JA4ky/bqha8N1UBUDTBmPqQD0AyxvZ0ZUNDVs7GA4PNfGTj5c2NjwtyH
ALogaO7vpDVG0FpWP7ARecbyvds8Z0pHkmOkE2tX/Lom8xpme+WcpcQnvi1TxOhQ
LLfyq4fRRHXJsHsKSoI/pPHF0z6StH9omLur+YdD0+zDkwJiWSAvmAZJ329hTW2U
ZGEJQ4FS6CNDMxOTNlw0+NCN8EozX2cJJvsJrtG2RjOG6ynY4dw2z3NR6/EArGqF
b5LHrtofHoZeffNaW4U2kncaNQQnzNIAYDyZxKW4muIb8CvSywa95FYVawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOvffgFUB6vQPpjs9ep+XlqOtczmMB8GA1UdIwQY
MBaAFKPPm2RlFpKLXQbCqBnrLbwP6ZIKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzgtYlpHVVdrb3RkQnNLb0dlc3R2QV9wa2dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zOTRkMDctMDVjYy00ZjcyLWJkNDYt
Mjg5Njk2Y2M5OWI5LzEvNjk5LUFWUUhxOUEtbU96MTZuNWVXbzYxek9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zOTRkMDctMDVjYy00ZjcyLWJkNDYtMjg5Njk2Y2M5OWI5
LzEvbzgtYlpHVVdrb3RkQnNLb0dlc3R2QV9wa2dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHc
MA0GCSqGSIb3DQEBCwUAA4IBAQBIitbOJDjLsvnZkofjrTejs39aOSa9BVH+rlf+
apIZ2ry+0feSWtUy8UxgGsUhTmjUpnQQw8Nm3E16E8HDdbAcsCYd+J3GhtpDiKJN
94iwtV1LonFkC1PKRlRB+x0DErLr/18GkhlnHZm0oXB8jqbAyuga3dmvHUNfrspz
RxuvD0+jDf3qaT5vuofvrkS5pVFP0Rfr2apneJ3v5V4VHhHKhzE6+JW7UEL2jgvq
ea5YrMpcWrpP5uZFZ9gRDochb5ilvAVUymvJLxkOxWO2alvvStUhPrErR9tduaL4
WBjZ9hZ7LBLUYiCx3i/FiS2YAmIpB80gFhemMoZYQgHJDFSr
-----END CERTIFICATE-----