This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/4zWqGYcx90MSsSObTI71OMevGLI.roa
File:                     4zWqGYcx90MSsSObTI71OMevGLI.roa (raw, json)
Hash identifier:          2KPRh6/VRnqwHzM72EcE6I/hpiMNrQvfbcobdTHvrp8=
Subject key identifier:   E3:35:AA:19:87:31:F7:43:12:B1:23:9B:4C:8E:F5:38:C7:AF:18:B2
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       019B7AC890B3BEF764C24C3C89E5747FE50D
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/4zWqGYcx90MSsSObTI71OMevGLI.roa
Signing time:             Thu 01 Jan 2026 18:18:43 +0000
ROA not before:           Thu 01 Jan 2026 18:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39871
IP address blocks:        2001:67c:254c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:90:b3:be:f7:64:c2:4c:3c:89:e5:74:7f:e5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan  1 18:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e335aa198731f74312b1239b4c8ef538c7af18b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fa:ad:99:86:83:8f:37:92:10:f7:2f:ed:8d:
                    5d:5b:9e:88:46:ac:34:43:cd:3a:7f:92:ec:e6:9a:
                    66:bb:eb:70:92:49:38:51:04:7a:2b:08:70:37:8b:
                    0d:5e:26:2d:ed:a2:66:ba:9d:c2:0a:80:90:05:5d:
                    07:a9:75:66:4c:bc:31:e8:ba:e4:4c:81:57:94:df:
                    c2:b4:46:73:9b:61:e4:59:05:60:da:fa:ac:51:49:
                    71:69:96:69:84:79:d6:f8:36:f3:42:c4:d6:b6:01:
                    3b:fc:11:44:65:e5:0d:b5:8a:4d:25:4e:ea:58:fa:
                    fb:7a:69:80:34:f0:7b:4b:69:01:c2:07:9b:be:2e:
                    7b:8b:b9:cc:08:b6:88:08:06:cc:01:41:33:3c:7f:
                    be:71:0b:8f:71:95:fc:91:10:8c:a3:c4:a4:5f:54:
                    7a:38:3e:10:0b:41:99:17:88:a4:99:6c:79:da:5e:
                    96:c7:38:32:38:dc:8c:64:f8:de:95:03:f3:38:8d:
                    17:b0:8c:fc:32:06:ed:39:89:6a:23:5c:f7:fb:05:
                    a3:6f:94:22:47:76:ff:76:a3:0b:5d:57:9b:a8:50:
                    80:15:40:9e:da:12:7c:0d:9d:1f:fb:8f:5e:36:a4:
                    a1:25:4e:86:66:7e:96:5d:42:04:3f:fc:a1:77:fc:
                    7a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:35:AA:19:87:31:F7:43:12:B1:23:9B:4C:8E:F5:38:C7:AF:18:B2
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/4zWqGYcx90MSsSObTI71OMevGLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:254c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:29:a5:86:79:d9:82:9a:0c:22:04:3d:2b:03:68:e1:ec:c6:
         60:76:a4:5e:51:2a:9b:64:e4:e7:5a:a1:ff:9e:b8:37:80:e6:
         cf:4d:9f:57:75:07:ad:e6:19:75:7a:65:93:de:4c:88:e3:64:
         4b:21:53:9c:d0:ea:6b:bb:5c:05:9e:49:d4:97:02:4c:8c:4c:
         03:8c:ab:eb:92:e8:3f:00:b7:7f:76:00:47:35:03:b9:c0:72:
         9c:20:d2:10:96:85:bd:b3:d0:d4:fc:72:ea:20:64:f5:36:df:
         8b:74:bb:9f:19:8a:64:08:94:f1:10:57:7d:e7:46:2e:89:a1:
         bc:4c:44:67:d3:90:82:fd:21:bc:cd:7a:06:88:f9:1b:b0:af:
         ff:c2:f2:13:7a:d4:7b:fc:76:1f:66:e1:32:44:3a:4a:d7:b2:
         f2:24:d4:a0:87:b2:67:a7:ab:99:c0:f1:07:b3:e1:67:ee:38:
         86:a2:9d:95:0a:5d:18:9c:95:4f:ae:a5:db:dc:26:86:b1:f4:
         2a:68:e0:76:5c:02:56:5c:8e:67:b4:58:0f:5d:3d:49:37:ef:
         34:e1:aa:8c:12:2c:1b:9f:c5:bb:78:0d:db:dd:dd:39:bb:ea:
         32:66:49:74:b8:fe:d3:3b:df:7c:25:9f:2f:55:b6:b0:ee:0c:
         a6:da:a3:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6yJCzvvdkwkw8ieV0f+UNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjYwMTAxMTgxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzM1YWExOTg3MzFmNzQzMTJiMTIzOWI0YzhlZjUzOGM3YWYxOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/qtmYaDjzeSEPcv7Y1dW56IRqw0
Q806f5Ls5ppmu+twkkk4UQR6KwhwN4sNXiYt7aJmup3CCoCQBV0HqXVmTLwx6Lrk
TIFXlN/CtEZzm2HkWQVg2vqsUUlxaZZphHnW+DbzQsTWtgE7/BFEZeUNtYpNJU7q
WPr7emmANPB7S2kBwgebvi57i7nMCLaICAbMAUEzPH++cQuPcZX8kRCMo8SkX1R6
OD4QC0GZF4ikmWx52l6WxzgyONyMZPjelQPzOI0XsIz8MgbtOYlqI1z3+wWjb5Qi
R3b/dqMLXVebqFCAFUCe2hJ8DZ0f+49eNqShJU6GZn6WXUIEP/yhd/x6OQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOM1qhmHMfdDErEjm0yO9TjHrxiyMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvNHpXcUdZY3g5ME1Tc1NPYlRJNzFPTWV2R0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCVM
MA0GCSqGSIb3DQEBCwUAA4IBAQB6KaWGedmCmgwiBD0rA2jh7MZgdqReUSqbZOTn
WqH/nrg3gObPTZ9XdQet5hl1emWT3kyI42RLIVOc0Opru1wFnknUlwJMjEwDjKvr
kug/ALd/dgBHNQO5wHKcINIQloW9s9DU/HLqIGT1Nt+LdLufGYpkCJTxEFd950Yu
iaG8TERn05CC/SG8zXoGiPkbsK//wvITetR7/HYfZuEyRDpK17LyJNSgh7Jnp6uZ
wPEHs+Fn7jiGop2VCl0YnJVPrqXb3CaGsfQqaOB2XAJWXI5ntFgPXT1JN+804aqM
Eiwbn8W7eA3b3d05u+oyZkl0uP7TO998JZ8vVbaw7gym2qPW
-----END CERTIFICATE-----