This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/XFrg3fq27QCVqHQz_3WZ4-RTRVc.roa
File:                     XFrg3fq27QCVqHQz_3WZ4-RTRVc.roa (raw, json)
Hash identifier:          8n6vVNKWwTijSBhZMmEVHz4L7ynm8ZDo8eSSws5BDgg=
Subject key identifier:   5C:5A:E0:DD:FA:B6:ED:00:95:A8:74:33:FF:75:99:E3:E4:53:45:57
Certificate issuer:       /CN=ce9798a8da9999ddf53a3c8d38f36f17ecd45432
Certificate serial:       019B7F8509CE691F237107544A50CDA31A1C
Authority key identifier: CE:97:98:A8:DA:99:99:DD:F5:3A:3C:8D:38:F3:6F:17:EC:D4:54:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/XFrg3fq27QCVqHQz_3WZ4-RTRVc.roa
Signing time:             Fri 02 Jan 2026 16:23:03 +0000
ROA not before:           Fri 02 Jan 2026 16:23:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57483
IP address blocks:        2001:678:f5c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:09:ce:69:1f:23:71:07:54:4a:50:cd:a3:1a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce9798a8da9999ddf53a3c8d38f36f17ecd45432
        Validity
            Not Before: Jan  2 16:23:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c5ae0ddfab6ed0095a87433ff7599e3e4534557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:15:cc:d1:1b:c8:cc:10:52:06:ef:c2:90:ae:
                    29:e9:95:0f:5a:4f:8d:97:0d:2d:5f:ff:cc:5d:39:
                    b4:43:4b:c5:bd:dc:25:4f:fc:b8:df:99:a6:e0:d5:
                    d9:98:7f:01:80:00:7a:f9:c8:32:41:ef:29:56:d1:
                    f1:57:bd:67:6e:4c:ff:ab:ea:1e:df:59:a1:4d:6a:
                    09:0f:8d:0d:81:a3:3c:7c:8e:7c:31:dc:38:a2:da:
                    38:d6:71:b7:44:5c:96:f3:5b:2c:c8:0e:f5:43:4e:
                    5e:2f:84:c3:cc:5c:5c:dc:dd:68:40:6b:1b:e7:32:
                    37:5b:2a:12:fe:19:73:40:a8:1f:96:6d:fa:d4:0d:
                    24:3f:cf:cb:8b:e4:2d:da:7e:80:03:2f:72:f9:93:
                    ef:4f:c7:53:da:d5:aa:47:bc:7f:ca:e4:95:28:55:
                    e4:a5:4d:be:91:ce:44:00:53:83:bc:76:95:3e:25:
                    45:5d:fd:17:46:a9:e0:f0:bb:f9:a6:6c:d4:61:f2:
                    3d:bc:d4:0a:9e:3c:26:6e:fe:86:2c:2c:3f:d3:7b:
                    6e:a4:03:2f:a7:9a:5c:27:1d:15:8a:38:86:42:32:
                    60:f2:84:38:4d:02:18:22:26:1c:11:58:03:36:d9:
                    66:89:54:71:d7:5e:14:10:2d:13:80:97:ef:e5:ab:
                    bb:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5A:E0:DD:FA:B6:ED:00:95:A8:74:33:FF:75:99:E3:E4:53:45:57
            X509v3 Authority Key Identifier:
                keyid:CE:97:98:A8:DA:99:99:DD:F5:3A:3C:8D:38:F3:6F:17:EC:D4:54:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpeYqNqZmd31OjyNOPNvF-zUVDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/XFrg3fq27QCVqHQz_3WZ4-RTRVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc864-718c-4217-ab5f-98fcb3a8bc9e/1/zpeYqNqZmd31OjyNOPNvF-zUVDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:58:2a:9a:91:c6:37:cb:cd:79:f6:ce:56:50:58:29:9c:83:
         3c:7c:47:00:ec:39:df:ba:7c:1a:84:42:5a:0a:f6:b1:1e:97:
         d4:2c:f1:e2:30:db:06:bc:92:90:b1:6c:ed:84:d7:3a:e9:e0:
         31:9a:e6:13:db:b5:b8:c2:86:16:f6:ba:f5:27:82:81:31:f1:
         98:4b:2b:f6:c9:fe:1a:b1:b8:e5:c1:23:5b:fa:11:af:be:b3:
         5b:6f:0f:15:1d:e3:57:85:65:e5:81:24:9f:e6:f0:7c:f9:c6:
         88:d2:55:3a:d7:14:6e:d8:d8:37:f7:ba:70:b1:8f:63:4d:ba:
         b3:10:8a:99:bb:08:85:ad:64:cb:e0:ff:1a:4f:17:fa:be:af:
         60:40:2a:55:30:62:69:c3:70:a9:05:8b:de:4e:c5:fc:8b:2c:
         79:57:b1:13:a3:95:83:95:ad:df:b3:35:83:3c:b6:5a:06:28:
         5a:e8:75:28:b8:33:81:8e:63:89:9b:0c:38:60:1d:b8:b0:bb:
         96:9d:8f:58:7e:49:59:36:31:fe:74:31:6b:df:b1:79:e4:10:
         81:7d:31:38:94:95:c2:4d:e8:22:a4:b7:69:a3:85:e3:02:2a:
         fb:a8:c2:88:53:5f:a6:60:e8:63:e3:4e:73:fa:1a:6e:69:1a:
         5b:a8:4a:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hQnOaR8jcQdUSlDNoxocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTc5OGE4ZGE5OTk5ZGRmNTNhM2M4ZDM4ZjM2ZjE3ZWNk
NDU0MzIwHhcNMjYwMTAyMTYyMzAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVhZTBkZGZhYjZlZDAwOTVhODc0MzNmZjc1OTllM2U0NTM0NTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxXM0RvIzBBSBu/CkK4p6ZUPWk+N
lw0tX//MXTm0Q0vFvdwlT/y435mm4NXZmH8BgAB6+cgyQe8pVtHxV71nbkz/q+oe
31mhTWoJD40NgaM8fI58Mdw4oto41nG3RFyW81ssyA71Q05eL4TDzFxc3N1oQGsb
5zI3WyoS/hlzQKgflm361A0kP8/Li+Qt2n6AAy9y+ZPvT8dT2tWqR7x/yuSVKFXk
pU2+kc5EAFODvHaVPiVFXf0XRqng8Lv5pmzUYfI9vNQKnjwmbv6GLCw/03tupAMv
p5pcJx0VijiGQjJg8oQ4TQIYIiYcEVgDNtlmiVRx114UEC0TgJfv5au74QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFxa4N36tu0Alah0M/91mePkU0VXMB8GA1UdIwQY
MBaAFM6XmKjamZnd9To8jTjzbxfs1FQyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBlWXFOcVptZDMxT2p5Tk9QTnZGLXpVVkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YmM4NjQtNzE4Yy00MjE3LWFiNWYt
OThmY2IzYThiYzllLzEvWEZyZzNmcTI3UUNWcUhRel8zV1o0LVJUUlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80YmM4NjQtNzE4Yy00MjE3LWFiNWYtOThmY2IzYThiYzll
LzEvenBlWXFOcVptZDMxT2p5Tk9QTnZGLXpVVkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9c
MA0GCSqGSIb3DQEBCwUAA4IBAQB0WCqakcY3y8159s5WUFgpnIM8fEcA7Dnfunwa
hEJaCvaxHpfULPHiMNsGvJKQsWzthNc66eAxmuYT27W4woYW9rr1J4KBMfGYSyv2
yf4asbjlwSNb+hGvvrNbbw8VHeNXhWXlgSSf5vB8+caI0lU61xRu2Ng397pwsY9j
TbqzEIqZuwiFrWTL4P8aTxf6vq9gQCpVMGJpw3CpBYveTsX8iyx5V7ETo5WDla3f
szWDPLZaBiha6HUouDOBjmOJmww4YB24sLuWnY9YfklZNjH+dDFr37F55BCBfTE4
lJXCTegipLdpo4XjAir7qMKIU1+mYOhj405z+hpuaRpbqEoB
-----END CERTIFICATE-----