This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/zBkkSJX_2Njc_SNmOPAvtm3tNcU.roa
File:                     zBkkSJX_2Njc_SNmOPAvtm3tNcU.roa (raw, json)
Hash identifier:          IuiiHnyFxCinYCJobiY1N8cUrmDaMTAPrwer2YRYn20=
Subject key identifier:   CC:19:24:48:95:FF:D8:D8:DC:FD:23:66:38:F0:2F:B6:6D:ED:35:C5
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       019B7BA51EA9EF146E14923546AFD0E96B11
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/zBkkSJX_2Njc_SNmOPAvtm3tNcU.roa
Signing time:             Thu 01 Jan 2026 22:19:37 +0000
ROA not before:           Thu 01 Jan 2026 22:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57801
IP address blocks:        2a04:2b00:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1e:a9:ef:14:6e:14:92:35:46:af:d0:e9:6b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 22:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc19244895ffd8d8dcfd236638f02fb66ded35c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:66:c5:e7:a5:00:93:c9:61:c7:f7:ad:9d:6c:
                    68:86:cf:50:90:07:f2:6d:24:2d:ef:36:e9:39:02:
                    22:b7:77:a3:92:f0:7a:bd:f8:7b:71:39:e1:14:58:
                    09:29:3f:ba:c6:22:ed:0b:fe:00:ae:a8:5b:55:a5:
                    18:8f:49:d5:7b:84:2c:5d:d0:27:13:e8:c0:11:1d:
                    d4:a3:72:81:d4:8d:af:3b:10:93:46:25:38:e0:af:
                    c9:18:33:0d:cb:0f:6f:8c:52:f6:3f:2a:dc:ab:ed:
                    4a:96:8e:66:c1:fc:48:6d:d6:d3:f0:3a:02:c4:0c:
                    6d:59:2f:68:e3:43:c0:07:83:6f:7b:0e:c1:51:03:
                    5a:20:99:f8:a5:9e:4b:9d:59:84:cf:07:aa:e4:b4:
                    08:c2:69:79:1e:b1:f0:bd:2a:8e:3c:9a:32:80:ca:
                    f2:79:74:85:e5:22:66:f2:ba:fc:3a:a4:e0:a1:a7:
                    e8:78:93:75:93:f8:72:66:32:30:88:02:a6:80:7a:
                    41:74:73:10:04:80:1a:89:1e:7a:fb:d6:17:89:ff:
                    5f:78:ae:61:1c:61:3c:3c:08:7c:f3:71:aa:33:2a:
                    6d:55:04:46:cd:8a:6c:f8:ba:c6:f8:75:b5:3b:13:
                    e7:78:f1:79:8a:48:44:7b:31:92:43:95:ab:b4:89:
                    3b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:19:24:48:95:FF:D8:D8:DC:FD:23:66:38:F0:2F:B6:6D:ED:35:C5
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/zBkkSJX_2Njc_SNmOPAvtm3tNcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:6c:99:98:57:6c:22:81:f8:d1:e0:da:8a:bb:cf:dc:c7:74:
         54:dc:56:2f:95:d1:98:ef:80:97:e2:2b:6f:9d:30:6f:50:fb:
         ad:8f:c6:d5:7a:5b:9b:aa:53:34:fe:4d:57:56:7e:3b:61:85:
         8c:49:4c:3f:c9:09:5a:87:4b:93:fa:5e:bf:53:67:a0:b6:b8:
         68:4a:0b:ad:37:1c:2a:e2:35:a0:8b:db:3c:95:bf:89:1b:c3:
         65:dd:6b:22:00:62:62:3d:8e:aa:e8:fc:86:c2:5c:db:0e:d0:
         ba:4f:75:6c:7d:11:ec:71:9e:2b:36:f8:c1:9b:e2:99:62:b3:
         1b:7a:5f:ff:08:f5:68:2e:ed:f8:c7:d3:29:29:5f:c6:00:87:
         f1:b0:67:88:5f:66:b7:06:b7:61:da:0a:df:f3:06:1e:cb:3e:
         32:9b:5d:24:0b:75:ac:9d:71:54:db:7e:05:88:8a:9b:78:f5:
         8f:24:b8:d4:c2:f6:b1:c4:11:a7:81:01:80:c7:b3:03:00:f1:
         0e:50:db:c1:c7:d2:8d:ea:13:65:00:9a:86:b8:53:f3:be:24:
         7f:e7:b9:fd:f2:fb:59:ac:b3:38:43:db:ad:c4:63:5e:8d:45:
         9b:f1:1a:b9:75:c2:9a:81:12:73:ca:e5:69:26:d9:a1:0f:02:
         47:7c:bd:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pR6p7xRuFJI1Rq/Q6WsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjYwMTAxMjIxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzE5MjQ0ODk1ZmZkOGQ4ZGNmZDIzNjYzOGYwMmZiNjZkZWQzNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12bF56UAk8lhx/etnWxohs9QkAfy
bSQt7zbpOQIit3ejkvB6vfh7cTnhFFgJKT+6xiLtC/4ArqhbVaUYj0nVe4QsXdAn
E+jAER3Uo3KB1I2vOxCTRiU44K/JGDMNyw9vjFL2Pyrcq+1Klo5mwfxIbdbT8DoC
xAxtWS9o40PAB4Nvew7BUQNaIJn4pZ5LnVmEzweq5LQIwml5HrHwvSqOPJoygMry
eXSF5SJm8rr8OqTgoafoeJN1k/hyZjIwiAKmgHpBdHMQBIAaiR56+9YXif9feK5h
HGE8PAh883GqMyptVQRGzYps+LrG+HW1OxPnePF5ikhEezGSQ5WrtIk7DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMwZJEiV/9jY3P0jZjjwL7Zt7TXFMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvekJra1NKWF8yTmpjX1NObU9QQXZ0bTN0TmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQrAAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQB1bJmYV2wigfjR4NqKu8/cx3RU3FYvldGY74CX
4itvnTBvUPutj8bVelubqlM0/k1XVn47YYWMSUw/yQlah0uT+l6/U2egtrhoSgut
Nxwq4jWgi9s8lb+JG8Nl3WsiAGJiPY6q6PyGwlzbDtC6T3VsfRHscZ4rNvjBm+KZ
YrMbel//CPVoLu34x9MpKV/GAIfxsGeIX2a3Brdh2grf8wYeyz4ym10kC3WsnXFU
234FiIqbePWPJLjUwvaxxBGngQGAx7MDAPEOUNvBx9KN6hNlAJqGuFPzviR/57n9
8vtZrLM4Q9utxGNejUWb8Rq5dcKagRJzyuVpJtmhDwJHfL2v
-----END CERTIFICATE-----