This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/LtF7nKZF5Eu_SugtCNfVkUGiFHM.roa
File:                     LtF7nKZF5Eu_SugtCNfVkUGiFHM.roa (raw, json)
Hash identifier:          DT5yTfPTZI2KTOuvzB4Bd0By5xLBRBjLmkPSrqIV9B8=
Subject key identifier:   2E:D1:7B:9C:A6:45:E4:4B:BF:4A:E8:2D:08:D7:D5:91:41:A2:14:73
Certificate issuer:       /CN=1d90344dcaffbd33e68d84895d87d8abf53c74a3
Certificate serial:       019B76EB049D4E78665FFA750840A5BE58B4
Authority key identifier: 1D:90:34:4D:CA:FF:BD:33:E6:8D:84:89:5D:87:D8:AB:F5:3C:74:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/LtF7nKZF5Eu_SugtCNfVkUGiFHM.roa
Signing time:             Thu 01 Jan 2026 00:17:52 +0000
ROA not before:           Thu 01 Jan 2026 00:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58299
IP address blocks:        2001:678:ca0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:04:9d:4e:78:66:5f:fa:75:08:40:a5:be:58:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d90344dcaffbd33e68d84895d87d8abf53c74a3
        Validity
            Not Before: Jan  1 00:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ed17b9ca645e44bbf4ae82d08d7d59141a21473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:90:99:e2:85:37:cd:86:40:d1:e2:de:c6:1c:
                    f5:64:ae:6e:e3:cb:5d:ff:20:13:53:1d:c9:b2:d8:
                    43:a9:63:05:65:1b:2e:6a:2a:26:44:24:3a:9f:d4:
                    28:da:cd:7c:04:ed:ba:38:50:03:93:92:14:4a:51:
                    d4:fc:dd:6d:6a:aa:67:4a:b9:b5:21:23:5b:a6:19:
                    71:ab:ad:c3:c9:82:d9:bb:ca:e2:1b:d2:b1:5f:37:
                    10:f2:b5:eb:b8:ec:08:dd:ae:8a:41:ad:27:da:93:
                    25:04:f0:c4:01:cb:18:21:99:50:c1:ba:33:29:d9:
                    d4:81:48:58:f0:02:65:57:bf:f6:b2:4d:98:55:33:
                    3e:3f:1c:e7:2a:79:ec:dd:36:45:f5:17:5c:df:40:
                    59:0f:c0:35:28:90:c4:be:8c:77:80:1b:43:54:36:
                    bb:1e:e7:2b:47:82:d5:87:30:ce:54:58:0b:3d:89:
                    8c:e1:88:21:d3:0b:8d:b1:55:33:03:9f:77:bc:66:
                    d0:f0:2b:dc:3c:38:69:6a:f4:d5:ac:2c:50:29:99:
                    1b:8c:89:c3:65:de:37:6d:7e:bb:4a:21:3a:96:80:
                    a8:7c:9b:24:d1:61:86:71:e3:7d:c1:d5:8e:11:82:
                    8e:fd:70:cc:60:41:10:f1:d0:10:bb:fc:92:bb:c4:
                    03:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D1:7B:9C:A6:45:E4:4B:BF:4A:E8:2D:08:D7:D5:91:41:A2:14:73
            X509v3 Authority Key Identifier:
                keyid:1D:90:34:4D:CA:FF:BD:33:E6:8D:84:89:5D:87:D8:AB:F5:3C:74:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/LtF7nKZF5Eu_SugtCNfVkUGiFHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9c3d28-05d6-47b0-91ef-e5064db21b20/1/HZA0Tcr_vTPmjYSJXYfYq_U8dKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ca0::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:ef:12:f3:99:0f:9a:a6:f2:59:5a:1b:33:52:3a:95:d9:6d:
         60:fb:4b:78:12:2d:c7:92:39:52:1d:9a:88:53:f3:ca:4f:8c:
         72:1f:f2:1e:cf:1f:0f:d9:a5:07:7f:cc:df:6b:dc:c0:8b:2d:
         2d:10:3f:5b:76:e3:4d:9b:36:26:f0:a9:d6:40:dd:67:a6:29:
         f7:b0:ef:72:3a:06:26:0e:8c:98:a6:a9:97:fe:d9:2d:20:8b:
         1f:b5:3c:b2:61:29:10:0b:0f:be:1c:1c:58:46:5d:f0:05:7f:
         07:40:b1:a6:f1:23:36:36:af:22:23:91:08:c8:37:84:72:bd:
         03:f1:8e:3f:74:19:46:c9:66:1f:21:4b:3c:51:80:6b:80:8b:
         4d:cc:0c:7d:bf:c4:98:80:b0:19:92:58:8c:54:67:61:30:d8:
         7e:2d:c2:90:e9:3d:61:29:71:3e:57:fe:e1:3f:6c:e0:9d:02:
         92:dd:09:10:40:50:bd:76:a6:7e:a2:99:12:be:63:a9:e8:3e:
         cb:71:bb:d5:c0:91:e4:e5:be:89:22:ed:ae:27:78:a1:4e:7f:
         79:a9:c5:42:33:62:c0:f5:3c:be:65:ab:a2:a9:30:76:57:be:
         e2:ff:eb:8a:07:0d:b2:ac:87:f1:e3:f6:25:97:7c:22:67:24:
         df:71:db:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt26wSdTnhmX/p1CEClvli0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkOTAzNDRkY2FmZmJkMzNlNjhkODQ4OTVkODdkOGFiZjUz
Yzc0YTMwHhcNMjYwMTAxMDAxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQxN2I5Y2E2NDVlNDRiYmY0YWU4MmQwOGQ3ZDU5MTQxYTIxNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJCZ4oU3zYZA0eLexhz1ZK5u48td
/yATUx3JsthDqWMFZRsuaiomRCQ6n9Qo2s18BO26OFADk5IUSlHU/N1taqpnSrm1
ISNbphlxq63DyYLZu8riG9KxXzcQ8rXruOwI3a6KQa0n2pMlBPDEAcsYIZlQwboz
KdnUgUhY8AJlV7/2sk2YVTM+PxznKnns3TZF9Rdc30BZD8A1KJDEvox3gBtDVDa7
HucrR4LVhzDOVFgLPYmM4Ygh0wuNsVUzA593vGbQ8CvcPDhpavTVrCxQKZkbjInD
Zd43bX67SiE6loCofJsk0WGGceN9wdWOEYKO/XDMYEEQ8dAQu/ySu8QD7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC7Re5ymReRLv0roLQjX1ZFBohRzMB8GA1UdIwQY
MBaAFB2QNE3K/70z5o2EiV2H2Kv1PHSjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFpBMFRjcl92VFBtallTSlhZZllxX1U4ZEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85YzNkMjgtMDVkNi00N2IwLTkxZWYt
ZTUwNjRkYjIxYjIwLzEvTHRGN25LWkY1RXVfU3VndENOZlZrVUdpRkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85YzNkMjgtMDVkNi00N2IwLTkxZWYtZTUwNjRkYjIxYjIw
LzEvSFpBMFRjcl92VFBtallTSlhZZllxX1U4ZEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyg
MA0GCSqGSIb3DQEBCwUAA4IBAQAy7xLzmQ+apvJZWhszUjqV2W1g+0t4Ei3HkjlS
HZqIU/PKT4xyH/Iezx8P2aUHf8zfa9zAiy0tED9bduNNmzYm8KnWQN1npin3sO9y
OgYmDoyYpqmX/tktIIsftTyyYSkQCw++HBxYRl3wBX8HQLGm8SM2Nq8iI5EIyDeE
cr0D8Y4/dBlGyWYfIUs8UYBrgItNzAx9v8SYgLAZkliMVGdhMNh+LcKQ6T1hKXE+
V/7hP2zgnQKS3QkQQFC9dqZ+opkSvmOp6D7LcbvVwJHk5b6JIu2uJ3ihTn95qcVC
M2LA9Ty+ZauiqTB2V77i/+uKBw2yrIfx4/Yll3wiZyTfcdsi
-----END CERTIFICATE-----