This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/_RQ9AgpzbtjvCvSTOEXzCFEJtR8.roa
File:                     _RQ9AgpzbtjvCvSTOEXzCFEJtR8.roa (raw, json)
Hash identifier:          aJfuUxa/NB5W0qWEQXL6FUBdUFdykGIx4w5mKdTX4Co=
Subject key identifier:   FD:14:3D:02:0A:73:6E:D8:EF:0A:F4:93:38:45:F3:08:51:09:B5:1F
Certificate issuer:       /CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
Certificate serial:       019B78A33E09AEF103A2388F8E065E860E62
Authority key identifier: 29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/_RQ9AgpzbtjvCvSTOEXzCFEJtR8.roa
Signing time:             Thu 01 Jan 2026 08:18:42 +0000
ROA not before:           Thu 01 Jan 2026 08:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29014
IP address blocks:        2001:67c:2e78::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:3e:09:ae:f1:03:a2:38:8f:8e:06:5e:86:0e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29375c9c00b1529d551ee7e28c6070ab43a2fe76
        Validity
            Not Before: Jan  1 08:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd143d020a736ed8ef0af4933845f3085109b51f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:46:79:b9:ae:ab:ac:8a:59:98:55:aa:cd:18:
                    73:74:1a:aa:46:09:29:1e:6b:32:76:a7:14:e6:f5:
                    a2:a0:03:1d:fd:e6:e5:47:c3:c1:15:41:d1:14:78:
                    b3:e0:5a:51:57:fd:d8:5e:b8:d9:ae:0a:f6:c5:00:
                    ae:f9:b3:14:8b:dc:a9:2e:b2:37:4d:99:16:61:73:
                    f0:83:03:d3:e7:81:b3:15:94:43:07:4d:8e:ab:5b:
                    f2:f2:fa:ba:a9:6a:de:57:0b:74:bb:fe:6e:73:8c:
                    7c:80:fa:3d:5a:34:a1:b2:51:a4:a1:61:d2:12:ad:
                    75:34:dd:1f:40:f2:89:26:13:60:53:8d:74:6a:bb:
                    c5:a2:e3:02:79:71:3c:6e:d6:76:f8:7a:6f:87:6d:
                    30:c8:5b:7b:6e:c2:b7:fe:b3:21:50:e4:aa:29:c4:
                    98:78:fb:6a:f9:6a:14:86:79:88:35:e3:e5:55:c2:
                    80:b4:ea:e7:77:cc:d0:6e:01:39:38:b2:19:34:1a:
                    81:be:d6:df:b5:3c:94:ec:81:55:c9:ec:a5:6d:07:
                    ff:8a:57:3a:f8:c8:f9:af:ae:8b:68:9b:5f:a9:6c:
                    62:94:26:47:cf:11:68:12:26:1d:c0:dc:09:18:57:
                    36:24:30:96:0e:a2:da:03:28:d1:77:f7:c7:3f:a9:
                    49:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:14:3D:02:0A:73:6E:D8:EF:0A:F4:93:38:45:F3:08:51:09:B5:1F
            X509v3 Authority Key Identifier:
                keyid:29:37:5C:9C:00:B1:52:9D:55:1E:E7:E2:8C:60:70:AB:43:A2:FE:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTdcnACxUp1VHufijGBwq0Oi_nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/_RQ9AgpzbtjvCvSTOEXzCFEJtR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/77f977-015b-4caf-893f-0504e111a3b8/1/KTdcnACxUp1VHufijGBwq0Oi_nY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e78::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:c7:55:81:11:9f:46:6a:c1:87:86:9d:35:30:c1:20:8a:62:
         d4:d1:ac:f8:ce:c9:45:40:a0:2a:86:37:85:4a:4f:04:6c:35:
         ac:41:f8:7c:53:ab:8e:b0:53:89:16:ad:62:74:41:91:b6:20:
         4d:d5:1a:a0:e4:f7:5e:a4:d5:2a:b7:d8:00:28:6a:26:f6:65:
         c2:08:a4:e8:8d:7f:f6:b6:ba:a1:a9:fc:de:c2:e1:d0:09:a7:
         85:a2:d9:06:dd:bb:2b:29:66:ba:81:9c:41:11:b6:bd:f1:9c:
         e0:12:25:89:c3:52:38:37:67:7c:7c:3c:da:8c:30:ea:5e:ff:
         7c:5e:22:cf:1c:c4:f0:42:8f:24:71:af:b0:46:8e:8b:64:4c:
         34:c9:91:6a:77:96:0b:95:de:1a:8c:28:45:83:21:df:d4:b6:
         0a:3a:81:a5:d7:69:18:bf:04:fa:27:a3:b9:52:56:d5:07:a7:
         77:e8:c6:28:2c:b5:df:e4:e5:55:07:0a:f9:80:3d:7d:4d:14:
         36:25:32:a7:89:cb:a8:ab:fc:a4:36:31:e3:6e:bb:7c:8d:b4:
         2b:56:9a:ec:6f:95:1c:fa:05:4b:06:60:91:2f:f0:e5:7a:41:
         67:11:7b:2a:f7:03:ab:bc:4c:db:de:14:da:91:88:b1:ff:bd:
         ce:6c:0e:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4oz4JrvEDojiPjgZehg5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Mzc1YzljMDBiMTUyOWQ1NTFlZTdlMjhjNjA3MGFiNDNh
MmZlNzYwHhcNMjYwMTAxMDgxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE0M2QwMjBhNzM2ZWQ4ZWYwYWY0OTMzODQ1ZjMwODUxMDliNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UZ5ua6rrIpZmFWqzRhzdBqqRgkp
HmsydqcU5vWioAMd/eblR8PBFUHRFHiz4FpRV/3YXrjZrgr2xQCu+bMUi9ypLrI3
TZkWYXPwgwPT54GzFZRDB02Oq1vy8vq6qWreVwt0u/5uc4x8gPo9WjShslGkoWHS
Eq11NN0fQPKJJhNgU410arvFouMCeXE8btZ2+Hpvh20wyFt7bsK3/rMhUOSqKcSY
ePtq+WoUhnmINePlVcKAtOrnd8zQbgE5OLIZNBqBvtbftTyU7IFVyeylbQf/ilc6
+Mj5r66LaJtfqWxilCZHzxFoEiYdwNwJGFc2JDCWDqLaAyjRd/fHP6lJVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP0UPQIKc27Y7wr0kzhF8whRCbUfMB8GA1UdIwQY
MBaAFCk3XJwAsVKdVR7n4oxgcKtDov52MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2Yt
MDUwNGUxMTFhM2I4LzEvX1JROUFncHpidGp2Q3ZTVE9FWHpDRkVKdFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83N2Y5NzctMDE1Yi00Y2FmLTg5M2YtMDUwNGUxMTFhM2I4
LzEvS1RkY25BQ3hVcDFWSHVmaWpHQndxME9pX25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC54
MA0GCSqGSIb3DQEBCwUAA4IBAQBqx1WBEZ9GasGHhp01MMEgimLU0az4zslFQKAq
hjeFSk8EbDWsQfh8U6uOsFOJFq1idEGRtiBN1Rqg5PdepNUqt9gAKGom9mXCCKTo
jX/2trqhqfzewuHQCaeFotkG3bsrKWa6gZxBEba98ZzgEiWJw1I4N2d8fDzajDDq
Xv98XiLPHMTwQo8kca+wRo6LZEw0yZFqd5YLld4ajChFgyHf1LYKOoGl12kYvwT6
J6O5UlbVB6d36MYoLLXf5OVVBwr5gD19TRQ2JTKnicuoq/ykNjHjbrt8jbQrVprs
b5Uc+gVLBmCRL/DlekFnEXsq9wOrvEzb3hTakYix/73ObA6Q
-----END CERTIFICATE-----