This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/tW6tlYVnkXnq9oP8owXcbYW47kU.roa
File:                     tW6tlYVnkXnq9oP8owXcbYW47kU.roa (raw, json)
Hash identifier:          g2+Pc2wN2E52WWpsZZidSy7PbjRy5/I1OGghh4rSkGE=
Subject key identifier:   B5:6E:AD:95:85:67:91:79:EA:F6:83:FC:A3:05:DC:6D:85:B8:EE:45
Certificate issuer:       /CN=3d43340fad246465de8e614d039563a699657d8d
Certificate serial:       019B7A5B0E825BEDCA34E43F0AE481666E86
Authority key identifier: 3D:43:34:0F:AD:24:64:65:DE:8E:61:4D:03:95:63:A6:99:65:7D:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/tW6tlYVnkXnq9oP8owXcbYW47kU.roa
Signing time:             Thu 01 Jan 2026 16:19:06 +0000
ROA not before:           Thu 01 Jan 2026 16:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205614
IP address blocks:        2001:67c:e9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:0e:82:5b:ed:ca:34:e4:3f:0a:e4:81:66:6e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d43340fad246465de8e614d039563a699657d8d
        Validity
            Not Before: Jan  1 16:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b56ead9585679179eaf683fca305dc6d85b8ee45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b3:7f:e9:e7:6c:c4:99:86:6a:7f:5d:7b:9f:
                    92:86:2c:b4:39:9e:19:04:93:77:2c:f2:33:9e:17:
                    4f:bd:f7:0e:6c:7a:89:1e:45:94:76:1d:e3:20:11:
                    10:7c:b5:be:8a:fd:38:cf:cf:97:7e:c3:86:f8:22:
                    73:18:94:4b:f2:66:97:e8:7d:2f:33:6a:96:12:38:
                    bc:dc:5b:81:41:f8:83:c5:4c:6e:6a:34:4d:ec:8a:
                    75:c1:bf:d9:50:5f:f9:94:a1:ee:a0:ef:03:07:63:
                    60:8b:55:c8:2f:3e:90:74:48:ba:5f:7b:01:81:93:
                    61:a5:c8:c7:e5:a2:be:87:d7:2d:3d:08:6d:a5:f8:
                    a4:36:b7:9d:6e:d2:ad:7c:1d:13:0c:69:c4:89:ff:
                    ca:6c:23:71:f8:df:c2:60:8a:8b:93:38:86:0f:0e:
                    e8:d6:b3:14:16:ef:08:dc:25:78:f5:a8:f8:88:71:
                    52:35:f5:76:ee:96:e6:2e:34:c5:02:24:86:5e:f2:
                    68:7a:8f:ef:fa:8a:f5:14:a8:be:21:28:36:ec:62:
                    c2:da:8b:ec:e7:f4:ac:46:5d:6f:ba:d8:37:73:6d:
                    2a:35:94:4b:cc:fc:6e:90:a9:1e:d3:78:d4:19:df:
                    c8:41:e6:10:30:0d:5b:1c:d7:1a:c5:06:e8:be:88:
                    50:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6E:AD:95:85:67:91:79:EA:F6:83:FC:A3:05:DC:6D:85:B8:EE:45
            X509v3 Authority Key Identifier:
                keyid:3D:43:34:0F:AD:24:64:65:DE:8E:61:4D:03:95:63:A6:99:65:7D:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUM0D60kZGXejmFNA5VjppllfY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/tW6tlYVnkXnq9oP8owXcbYW47kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6ce922-cdce-4c7a-b346-a437ce892841/1/PUM0D60kZGXejmFNA5VjppllfY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:43:8a:c9:17:3c:9d:c5:28:2f:fe:27:0a:6c:35:cb:31:2a:
         4d:89:4b:40:d7:52:40:9c:17:7b:18:4c:50:d3:79:39:da:81:
         d2:df:1a:da:3b:2f:0c:af:67:b5:b2:3d:f1:16:7c:91:fc:6e:
         4c:47:86:e3:c1:d6:b2:de:48:b5:78:31:8c:f9:45:b9:f2:df:
         87:f1:1f:e8:02:df:16:0e:59:dd:63:6a:a8:d9:f1:1b:ff:aa:
         e1:61:ee:dc:7a:5e:fb:01:24:df:0b:9e:91:21:29:84:0a:03:
         30:ee:17:39:80:56:61:2b:ce:6e:2e:7c:93:af:cf:97:fa:c2:
         c1:0a:a0:20:ed:79:c4:12:e9:c5:a5:92:36:98:5e:66:dd:87:
         ab:dd:a6:2d:8d:ea:cb:bf:8e:ef:bb:6d:25:56:19:da:9a:56:
         5b:ae:39:c0:42:16:8a:f4:ad:18:b8:1d:5e:3f:da:37:10:69:
         dd:7b:94:d0:68:f8:00:31:93:99:6d:04:4e:f4:c5:06:91:ba:
         0a:3b:a0:ff:30:f9:c0:a5:34:ba:c5:1d:01:90:8c:c1:55:27:
         6f:3e:c3:94:3e:e8:b4:0b:35:7b:4d:fc:e4:3d:62:56:60:8d:
         75:a2:10:d3:69:55:09:3f:26:d3:13:d6:86:06:24:02:fd:51:
         dd:0d:63:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6Ww6CW+3KNOQ/CuSBZm6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNDMzNDBmYWQyNDY0NjVkZThlNjE0ZDAzOTU2M2E2OTk2
NTdkOGQwHhcNMjYwMTAxMTYxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZlYWQ5NTg1Njc5MTc5ZWFmNjgzZmNhMzA1ZGM2ZDg1YjhlZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7N/6edsxJmGan9de5+Shiy0OZ4Z
BJN3LPIznhdPvfcObHqJHkWUdh3jIBEQfLW+iv04z8+XfsOG+CJzGJRL8maX6H0v
M2qWEji83FuBQfiDxUxuajRN7Ip1wb/ZUF/5lKHuoO8DB2Ngi1XILz6QdEi6X3sB
gZNhpcjH5aK+h9ctPQhtpfikNredbtKtfB0TDGnEif/KbCNx+N/CYIqLkziGDw7o
1rMUFu8I3CV49aj4iHFSNfV27pbmLjTFAiSGXvJoeo/v+or1FKi+ISg27GLC2ovs
5/SsRl1vutg3c20qNZRLzPxukKke03jUGd/IQeYQMA1bHNcaxQbovohQOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLVurZWFZ5F56vaD/KMF3G2FuO5FMB8GA1UdIwQY
MBaAFD1DNA+tJGRl3o5hTQOVY6aZZX2NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFVNMEQ2MGtaR1hlam1GTkE1VmpwcGxsZlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82Y2U5MjItY2RjZS00YzdhLWIzNDYt
YTQzN2NlODkyODQxLzEvdFc2dGxZVm5rWG5xOW9QOG93WGNiWVc0N2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82Y2U5MjItY2RjZS00YzdhLWIzNDYtYTQzN2NlODkyODQx
LzEvUFVNMEQ2MGtaR1hlam1GTkE1VmpwcGxsZlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6c
MA0GCSqGSIb3DQEBCwUAA4IBAQAiQ4rJFzydxSgv/icKbDXLMSpNiUtA11JAnBd7
GExQ03k52oHS3xraOy8Mr2e1sj3xFnyR/G5MR4bjwday3ki1eDGM+UW58t+H8R/o
At8WDlndY2qo2fEb/6rhYe7cel77ASTfC56RISmECgMw7hc5gFZhK85uLnyTr8+X
+sLBCqAg7XnEEunFpZI2mF5m3Yer3aYtjerLv47vu20lVhnamlZbrjnAQhaK9K0Y
uB1eP9o3EGnde5TQaPgAMZOZbQRO9MUGkboKO6D/MPnApTS6xR0BkIzBVSdvPsOU
Pui0CzV7TfzkPWJWYI11ohDTaVUJPybTE9aGBiQC/VHdDWNL
-----END CERTIFICATE-----