This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/NzZA0ZJSkjRaWslFXPndZfar7cg.roa
File:                     NzZA0ZJSkjRaWslFXPndZfar7cg.roa (raw, json)
Hash identifier:          RJF0xypUlCqc73vpWjXekHDMqnQ2dCd2RLXFaZqKXeQ=
Subject key identifier:   37:36:40:D1:92:52:92:34:5A:5A:C9:45:5C:F9:DD:65:F6:AB:ED:C8
Certificate issuer:       /CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
Certificate serial:       019B7FF1E40BCD6ECBD4C8B825239331C95D
Authority key identifier: 71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/NzZA0ZJSkjRaWslFXPndZfar7cg.roa
Signing time:             Fri 02 Jan 2026 18:21:57 +0000
ROA not before:           Fri 02 Jan 2026 18:21:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50318
IP address blocks:        2a0e:5b00:40c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:e4:0b:cd:6e:cb:d4:c8:b8:25:23:93:31:c9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
        Validity
            Not Before: Jan  2 18:21:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=373640d1925292345a5ac9455cf9dd65f6abedc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:32:39:35:70:4b:2f:df:a1:1b:8f:e9:0c:3b:
                    08:b5:4a:cd:fe:1b:e0:63:50:4a:53:1b:9b:be:81:
                    cb:49:3f:62:03:af:05:ae:20:10:d0:65:96:10:3f:
                    df:e9:b0:54:3c:a4:b2:ae:47:4d:bd:cf:31:08:11:
                    13:f0:6d:19:97:f8:32:fe:ff:e2:62:ee:09:27:3b:
                    95:f2:49:ea:68:2d:99:f4:f2:fd:a7:8f:56:30:32:
                    dc:71:cc:73:38:39:f7:d9:8a:43:b2:6d:9e:81:72:
                    c1:2c:f3:38:e5:e1:f2:6b:39:81:24:10:fb:94:f3:
                    b5:a4:4d:11:10:09:d4:51:8c:f3:b8:fb:b9:75:b6:
                    5c:51:6c:12:12:20:43:da:3a:bb:52:20:47:61:58:
                    0d:d4:f1:8a:26:92:0a:0f:3f:68:1e:af:ac:1d:a3:
                    44:88:c2:55:82:d3:a2:f8:ea:34:53:8b:23:26:e5:
                    27:a0:4d:c0:af:73:5c:c9:a0:2f:eb:5e:f9:12:c7:
                    cb:c5:72:7d:c1:85:b6:16:22:c5:19:75:d1:c0:e3:
                    40:c7:61:77:ea:47:5f:5a:46:5b:41:ac:b8:14:05:
                    8e:33:8c:b3:8e:75:24:3a:2f:a7:4b:9a:99:c8:04:
                    23:c4:08:24:20:9f:f4:71:46:23:cb:1c:f0:f5:1b:
                    55:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:36:40:D1:92:52:92:34:5A:5A:C9:45:5C:F9:DD:65:F6:AB:ED:C8
            X509v3 Authority Key Identifier:
                keyid:71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/NzZA0ZJSkjRaWslFXPndZfar7cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5b00:40c::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:4b:0a:e1:6f:e0:33:2d:10:f8:d7:5f:94:cd:63:4a:71:1f:
         ec:d3:b6:56:dc:ab:43:42:d2:21:01:f5:41:1b:19:06:7b:d6:
         23:86:d5:f0:03:a3:e6:40:8c:3e:d7:e1:b2:94:1b:d4:6c:5c:
         9f:4a:d9:d3:bb:28:2d:43:8a:f5:c4:bc:d8:f4:96:70:57:01:
         57:27:49:48:86:02:e0:70:2e:3e:07:68:79:a9:75:7d:74:68:
         ac:dc:9b:57:00:53:66:d7:f9:23:c9:ab:95:2d:af:15:19:db:
         8a:c7:ed:9e:f8:27:11:41:9d:5d:30:5a:d6:7a:e6:23:70:06:
         7d:41:e0:3e:ff:cf:b2:7a:d1:fd:99:26:55:73:5a:29:46:70:
         41:99:2f:5b:99:73:2b:86:aa:59:1d:52:78:e1:1d:a4:e8:b7:
         80:14:ec:bf:d4:5d:1d:3d:fe:d9:50:7b:ab:dd:53:94:5f:57:
         51:0c:33:9c:b6:4c:0b:1b:2d:87:92:4e:86:51:33:21:dd:de:
         66:8a:0a:21:e0:c8:44:86:76:29:14:29:2d:d7:a4:3e:9e:64:
         62:3f:38:90:66:d7:c7:51:09:04:95:6e:31:d7:4b:f9:27:86:
         29:e6:bb:82:ec:1f:9d:6c:19:5b:5f:c1:82:e2:41:b8:6b:dc:
         39:e1:1b:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8eQLzW7L1Mi4JSOTMcldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmYyMjY5ZDE1NjMzYmRiYzcxZDhjZDNmNDU4Y2JkMDNm
ZTAzMWYwHhcNMjYwMTAyMTgyMTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM2NDBkMTkyNTI5MjM0NWE1YWM5NDU1Y2Y5ZGQ2NWY2YWJlZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDI5NXBLL9+hG4/pDDsItUrN/hvg
Y1BKUxubvoHLST9iA68FriAQ0GWWED/f6bBUPKSyrkdNvc8xCBET8G0Zl/gy/v/i
Yu4JJzuV8knqaC2Z9PL9p49WMDLcccxzODn32YpDsm2egXLBLPM45eHyazmBJBD7
lPO1pE0REAnUUYzzuPu5dbZcUWwSEiBD2jq7UiBHYVgN1PGKJpIKDz9oHq+sHaNE
iMJVgtOi+Oo0U4sjJuUnoE3Ar3NcyaAv6175EsfLxXJ9wYW2FiLFGXXRwONAx2F3
6kdfWkZbQay4FAWOM4yzjnUkOi+nS5qZyAQjxAgkIJ/0cUYjyxzw9RtVvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDc2QNGSUpI0WlrJRVz53WX2q+3IMB8GA1UdIwQY
MBaAFHEvImnRVjO9vHHYzT9FjL0D/gMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUt
ZDE4YmFiOTUxNWJmLzEvTnpaQTBaSlNralJhV3NsRlhQbmRaZmFyN2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUtZDE4YmFiOTUxNWJm
LzEvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5bAAQM
MA0GCSqGSIb3DQEBCwUAA4IBAQBESwrhb+AzLRD411+UzWNKcR/s07ZW3KtDQtIh
AfVBGxkGe9YjhtXwA6PmQIw+1+GylBvUbFyfStnTuygtQ4r1xLzY9JZwVwFXJ0lI
hgLgcC4+B2h5qXV9dGis3JtXAFNm1/kjyauVLa8VGduKx+2e+CcRQZ1dMFrWeuYj
cAZ9QeA+/8+yetH9mSZVc1opRnBBmS9bmXMrhqpZHVJ44R2k6LeAFOy/1F0dPf7Z
UHur3VOUX1dRDDOctkwLGy2Hkk6GUTMh3d5migoh4MhEhnYpFCkt16Q+nmRiPziQ
ZtfHUQkElW4x10v5J4Yp5ruC7B+dbBlbX8GC4kG4a9w54RtB
-----END CERTIFICATE-----