This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/GY64ez_3TBoznc2OZ4hfs_27g8w.roa
File:                     GY64ez_3TBoznc2OZ4hfs_27g8w.roa (raw, json)
Hash identifier:          OnIF1nSE9v8USNjNkyH2G0yJPwu6eDGsA41slMuGwcQ=
Subject key identifier:   19:8E:B8:7B:3F:F7:4C:1A:33:9D:CD:8E:67:88:5F:B3:FD:BB:83:CC
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       019B78A2F5DD0836885414D2A08F7B13D529
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/GY64ez_3TBoznc2OZ4hfs_27g8w.roa
Signing time:             Thu 01 Jan 2026 08:18:24 +0000
ROA not before:           Thu 01 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12929
IP address blocks:        2001:2020::/31 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:f5:dd:08:36:88:54:14:d2:a0:8f:7b:13:d5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Jan  1 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=198eb87b3ff74c1a339dcd8e67885fb3fdbb83cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b0:65:69:8e:44:48:d6:65:13:90:76:91:c8:
                    f3:91:f9:09:92:2d:1a:10:99:5e:39:1d:fa:c4:8e:
                    8e:18:50:84:1f:39:ce:76:1f:0c:b3:8e:e7:bc:b8:
                    59:b5:24:3a:ca:5c:24:da:e2:0d:45:22:41:25:f5:
                    77:40:db:c1:16:b8:47:ef:04:0c:f7:13:b2:29:48:
                    66:43:6d:7c:de:d2:f9:eb:16:31:e1:28:de:0f:9e:
                    66:46:c2:0d:17:4c:96:18:76:54:b6:76:7e:39:7e:
                    86:ce:37:76:0e:94:fa:3f:06:76:43:30:d0:31:23:
                    02:54:57:aa:62:26:9a:ce:cd:2c:4f:28:b2:e1:17:
                    a9:ba:f5:5e:41:39:99:52:8f:1f:a9:b5:83:4e:28:
                    49:e9:3c:5f:96:32:a4:47:f3:21:25:0f:47:b5:ed:
                    61:45:52:70:70:fb:1f:94:c6:c2:47:50:76:3b:66:
                    a5:c6:39:4d:ed:f8:41:8b:e8:84:cb:a6:a9:19:45:
                    3b:1d:d2:c9:32:0f:d4:6f:15:7d:d6:79:6e:0e:a4:
                    e7:c2:eb:4c:c0:36:69:13:49:ac:12:51:d3:a3:b0:
                    d9:14:46:30:11:0e:ad:2f:f7:8f:d0:6d:2b:f4:6e:
                    6b:08:6c:1c:22:98:62:05:89:a3:2c:e0:7c:6e:e0:
                    d4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8E:B8:7B:3F:F7:4C:1A:33:9D:CD:8E:67:88:5F:B3:FD:BB:83:CC
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/GY64ez_3TBoznc2OZ4hfs_27g8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2020::/31

    Signature Algorithm: sha256WithRSAEncryption
         82:a5:4e:33:55:83:93:4c:d5:06:16:57:a3:fe:17:82:4d:a1:
         9c:43:b2:30:7c:d5:b2:2b:3d:82:e2:d2:7d:bd:37:86:67:c1:
         65:c1:cd:af:b2:1c:35:d4:a4:37:57:dc:91:11:12:a2:a5:fd:
         41:16:79:da:ea:ee:b6:63:8e:ba:c8:09:db:c2:b4:f1:81:cd:
         0d:78:66:a9:ca:58:69:6c:8e:7e:9e:a1:a5:a1:61:50:28:e3:
         45:b9:ce:71:16:29:de:dd:07:6f:f4:4c:51:35:86:0e:9a:14:
         4d:a9:a7:fe:e3:82:a1:4e:03:9b:18:ad:8d:0f:75:e2:e3:0c:
         a9:9f:45:53:a8:e5:0d:c3:7d:98:66:22:8f:4d:02:3e:a5:b9:
         d8:1b:7b:12:ea:96:c5:a4:e0:96:5d:ba:af:a2:20:1d:4c:ee:
         9d:76:0c:5d:0b:1a:f9:4d:e1:56:90:97:d3:0e:20:3b:30:cd:
         46:7a:26:53:9d:2b:9c:43:9e:7f:72:41:17:0b:fb:49:06:b8:
         06:b1:42:21:db:9d:63:c2:33:c7:72:34:43:83:1d:65:5e:6d:
         d1:f3:94:6e:d3:f8:4b:53:39:31:44:b3:ab:a9:88:78:44:ef:
         bc:9e:12:a2:dd:07:97:9f:98:5c:03:ed:9f:8c:a5:9d:af:45:
         95:d0:98:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4ovXdCDaIVBTSoI97E9UpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjYwMTAxMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThlYjg3YjNmZjc0YzFhMzM5ZGNkOGU2Nzg4NWZiM2ZkYmI4M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bBlaY5ESNZlE5B2kcjzkfkJki0a
EJleOR36xI6OGFCEHznOdh8Ms47nvLhZtSQ6ylwk2uINRSJBJfV3QNvBFrhH7wQM
9xOyKUhmQ2183tL56xYx4SjeD55mRsINF0yWGHZUtnZ+OX6Gzjd2DpT6PwZ2QzDQ
MSMCVFeqYiaazs0sTyiy4RepuvVeQTmZUo8fqbWDTihJ6TxfljKkR/MhJQ9Hte1h
RVJwcPsflMbCR1B2O2alxjlN7fhBi+iEy6apGUU7HdLJMg/UbxV91nluDqTnwutM
wDZpE0msElHTo7DZFEYwEQ6tL/eP0G0r9G5rCGwcIphiBYmjLOB8buDUdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBmOuHs/90waM53NjmeIX7P9u4PMMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvR1k2NGV6XzNUQm96bmMyT1o0aGZzXzI3Zzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBIAEgIDAN
BgkqhkiG9w0BAQsFAAOCAQEAgqVOM1WDk0zVBhZXo/4Xgk2hnEOyMHzVsis9guLS
fb03hmfBZcHNr7IcNdSkN1fckRESoqX9QRZ52urutmOOusgJ28K08YHNDXhmqcpY
aWyOfp6hpaFhUCjjRbnOcRYp3t0Hb/RMUTWGDpoUTamn/uOCoU4DmxitjQ914uMM
qZ9FU6jlDcN9mGYij00CPqW52Bt7EuqWxaTgll26r6IgHUzunXYMXQsa+U3hVpCX
0w4gOzDNRnomU50rnEOef3JBFwv7SQa4BrFCIdudY8Izx3I0Q4MdZV5t0fOUbtP4
S1M5MUSzq6mIeETvvJ4Sot0Hl5+YXAPtn4ylna9FldCYBg==
-----END CERTIFICATE-----