This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/4zqOo2SM12tzCSyJyEiRJDqyLeE.roa
File:                     4zqOo2SM12tzCSyJyEiRJDqyLeE.roa (raw, json)
Hash identifier:          xhzylJcPJUd2ec6iCX/8IUuxbVDyJDMhXg/eaPmydQk=
Subject key identifier:   E3:3A:8E:A3:64:8C:D7:6B:73:09:2C:89:C8:48:91:24:3A:B2:2D:E1
Certificate issuer:       /CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
Certificate serial:       019B7BA4D99B136D30ADADA755A4A8C31BC8
Authority key identifier: A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/4zqOo2SM12tzCSyJyEiRJDqyLeE.roa
Signing time:             Thu 01 Jan 2026 22:19:19 +0000
ROA not before:           Thu 01 Jan 2026 22:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8434
IP address blocks:        2001:1400:ffef::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:d9:9b:13:6d:30:ad:ad:a7:55:a4:a8:c3:1b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
        Validity
            Not Before: Jan  1 22:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e33a8ea3648cd76b73092c89c84891243ab22de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d3:1d:0d:fb:18:4f:a0:66:7d:d8:51:09:4e:
                    8d:90:bc:8e:42:a1:9d:b9:a8:ab:72:a9:b1:28:52:
                    f9:b5:59:b6:ae:75:0b:18:bc:ae:ef:ea:91:9b:97:
                    2b:33:c5:3c:d0:4b:ba:3b:e1:eb:36:4e:f4:48:e8:
                    dc:b0:87:03:ad:a6:f4:84:fe:bd:5b:1e:f0:c5:a5:
                    c5:d5:6b:14:10:a4:df:6f:aa:57:0c:09:4c:06:f6:
                    cb:e7:27:85:2a:4f:50:db:35:8f:fb:1f:b1:cd:09:
                    09:b9:a7:22:e5:2d:f7:ea:1e:72:69:fc:eb:fe:85:
                    fc:4d:39:7d:e9:1a:eb:0c:1d:25:67:ee:84:e7:9f:
                    0e:1e:fa:e1:75:74:54:54:7e:b3:9d:03:26:a5:32:
                    d8:c0:72:04:44:20:31:b3:ce:10:83:f5:2a:4f:e1:
                    6f:46:72:fb:6a:6f:4b:54:fc:cf:07:7b:fe:16:8f:
                    99:5e:ef:16:4a:4d:97:bc:67:11:ba:ae:59:d6:04:
                    a9:ba:16:72:3b:9a:e4:d7:f4:19:80:ec:60:fa:e4:
                    2d:c4:97:01:1c:aa:06:3a:a6:dd:4e:66:24:d7:fa:
                    db:37:ad:0d:e0:11:97:26:b8:65:49:b5:ce:eb:df:
                    da:62:73:59:cb:f7:86:d5:c4:c1:6d:3d:f1:1a:8d:
                    e9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3A:8E:A3:64:8C:D7:6B:73:09:2C:89:C8:48:91:24:3A:B2:2D:E1
            X509v3 Authority Key Identifier:
                keyid:A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/4zqOo2SM12tzCSyJyEiRJDqyLeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1400:ffef::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:50:1a:76:5a:b1:fd:88:63:98:86:dc:10:48:16:64:7a:89:
         43:a8:80:9e:ad:39:3d:06:35:9f:f0:f0:3b:91:2a:0d:25:e2:
         c0:d0:48:03:02:a4:82:1c:5c:1d:23:c9:88:00:bd:e2:f2:15:
         8e:d7:37:97:37:b6:06:b1:ba:87:6a:56:93:5a:0b:dd:45:2f:
         72:ec:bd:46:f9:d6:e7:dc:be:c5:f4:27:8d:9b:a9:85:77:0a:
         f0:67:09:ec:18:13:c6:ff:06:48:bc:27:0d:ec:97:8a:72:a8:
         e6:d2:57:08:b8:97:6c:a3:fa:aa:bc:b7:6e:0b:d2:50:74:2a:
         e7:d2:a1:19:bd:20:01:22:4f:1b:cb:ca:6b:67:fe:eb:6d:9f:
         54:65:88:0f:1d:51:79:94:04:19:e4:ad:52:d8:69:28:ef:52:
         1e:74:8c:2f:b3:a3:9a:e6:e1:9d:47:4b:e7:6c:05:cf:83:d5:
         e0:33:65:9b:a8:d4:c4:d3:08:c1:b0:64:fa:b3:0c:3f:37:7d:
         fe:79:6b:91:0c:b9:9e:bc:34:28:ee:e0:7f:11:e9:9d:3d:de:
         3d:8a:c4:ca:28:5b:40:3b:32:8c:b3:99:2f:7c:ce:a1:9d:0a:
         c0:d4:a7:d0:36:a7:cf:fa:5d:2d:27:89:48:d7:b4:e9:c2:03:
         97:1b:93:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pNmbE20wra2nVaSowxvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MmM5YmMyZDJkYWNmZDZmMTMwZDg1YTg0ZmVkZWFiZjE3
OWE1NjcwHhcNMjYwMTAxMjIxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNhOGVhMzY0OGNkNzZiNzMwOTJjODljODQ4OTEyNDNhYjIyZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltMdDfsYT6BmfdhRCU6NkLyOQqGd
uaircqmxKFL5tVm2rnULGLyu7+qRm5crM8U80Eu6O+HrNk70SOjcsIcDrab0hP69
Wx7wxaXF1WsUEKTfb6pXDAlMBvbL5yeFKk9Q2zWP+x+xzQkJuaci5S336h5yafzr
/oX8TTl96RrrDB0lZ+6E558OHvrhdXRUVH6znQMmpTLYwHIERCAxs84Qg/UqT+Fv
RnL7am9LVPzPB3v+Fo+ZXu8WSk2XvGcRuq5Z1gSpuhZyO5rk1/QZgOxg+uQtxJcB
HKoGOqbdTmYk1/rbN60N4BGXJrhlSbXO69/aYnNZy/eG1cTBbT3xGo3pPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOM6jqNkjNdrcwksichIkSQ6si3hMB8GA1UdIwQY
MBaAFKgsm8LS2s/W8TDYWoT+3qvxeaVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgt
NTVjMTQwYzlmNTRmLzEvNHpxT28yU00xMnR6Q1N5SnlFaVJKRHF5TGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgtNTVjMTQwYzlmNTRm
LzEvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEUAP/v
MA0GCSqGSIb3DQEBCwUAA4IBAQAQUBp2WrH9iGOYhtwQSBZkeolDqICerTk9BjWf
8PA7kSoNJeLA0EgDAqSCHFwdI8mIAL3i8hWO1zeXN7YGsbqHalaTWgvdRS9y7L1G
+dbn3L7F9CeNm6mFdwrwZwnsGBPG/wZIvCcN7JeKcqjm0lcIuJdso/qqvLduC9JQ
dCrn0qEZvSABIk8by8prZ/7rbZ9UZYgPHVF5lAQZ5K1S2Gko71IedIwvs6Oa5uGd
R0vnbAXPg9XgM2WbqNTE0wjBsGT6sww/N33+eWuRDLmevDQo7uB/EemdPd49isTK
KFtAOzKMs5kvfM6hnQrA1KfQNqfP+l0tJ4lI17TpwgOXG5NC
-----END CERTIFICATE-----