This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/W1ZhWsdodClad0dJ8wh53Ch0fp8.roa
File:                     W1ZhWsdodClad0dJ8wh53Ch0fp8.roa (raw, json)
Hash identifier:          VKkRvsz7R9Hk3QEeT4dAIBuH8DXYchOllD8/vRJTJCI=
Subject key identifier:   5B:56:61:5A:C7:68:74:29:5A:77:47:49:F3:08:79:DC:28:74:7E:9F
Certificate issuer:       /CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
Certificate serial:       019B7FF1E67F0E147C13C481F378C7534E17
Authority key identifier: 71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/W1ZhWsdodClad0dJ8wh53Ch0fp8.roa
Signing time:             Fri 02 Jan 2026 18:21:58 +0000
ROA not before:           Fri 02 Jan 2026 18:21:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216429
IP address blocks:        2a07:5680:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:e6:7f:0e:14:7c:13:c4:81:f3:78:c7:53:4e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
        Validity
            Not Before: Jan  2 18:21:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b56615ac76874295a774749f30879dc28747e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:42:bd:3c:a4:d6:f5:a7:a6:07:d1:2e:23:8e:
                    40:5f:ef:b0:81:3f:ce:62:01:51:33:f0:7c:8f:48:
                    5e:71:5d:89:9f:ab:f7:c4:e8:71:41:59:0a:c1:ca:
                    20:01:f2:4a:9e:31:02:1f:68:7d:17:ba:2a:65:2b:
                    dd:bd:81:b9:6d:14:13:2f:18:95:b4:61:76:19:03:
                    11:0b:69:24:6d:e7:2b:db:2d:58:4b:58:2d:69:71:
                    c6:b5:d3:b8:9c:2c:ed:67:7c:04:ab:74:b3:83:3c:
                    b5:18:b6:da:90:58:e3:9a:93:22:52:9b:2e:63:6f:
                    6e:d3:95:21:c9:ac:a8:8e:21:a2:9d:31:0d:ef:84:
                    76:bd:5d:c6:3c:b7:9d:65:bc:75:90:0c:ee:ef:08:
                    01:83:25:f0:0a:5d:ff:ed:a5:c0:e5:76:6c:35:6b:
                    2a:7d:6b:55:21:ec:05:08:cd:40:ab:9a:f7:be:a9:
                    6b:e6:65:05:90:36:c7:68:b2:eb:7e:8e:de:89:89:
                    7c:a1:2d:aa:1b:d1:7f:e5:8c:e5:d5:52:25:23:64:
                    e2:1a:a9:08:89:33:bd:25:ef:5a:47:4a:7b:ec:5a:
                    ff:c1:7e:2a:d6:ea:5f:3b:a0:90:ba:14:5e:12:78:
                    ec:3a:6e:de:a2:40:7c:f5:56:c0:8f:7c:84:bf:1d:
                    bd:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:56:61:5A:C7:68:74:29:5A:77:47:49:F3:08:79:DC:28:74:7E:9F
            X509v3 Authority Key Identifier:
                keyid:71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/W1ZhWsdodClad0dJ8wh53Ch0fp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:5680:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:af:29:33:11:79:4c:56:36:3e:dd:a7:d7:51:8c:08:25:2c:
         b1:fa:15:55:02:76:0d:18:b1:02:bc:22:84:f4:ba:c5:97:4f:
         4e:e5:ce:41:f8:9e:f8:1d:5a:72:c0:71:57:9c:84:b9:60:15:
         9b:5a:1d:05:4b:c9:5c:bc:bb:a2:55:c7:e4:f9:ab:3e:38:39:
         d3:9c:5b:39:2c:ea:ce:0a:d2:31:98:30:b2:c2:07:f2:4e:de:
         20:4f:81:6f:8b:09:8f:08:ee:46:d2:1a:5b:dc:62:c4:b0:01:
         ee:ea:14:18:52:12:ff:01:1e:d6:05:15:17:f0:59:af:16:8e:
         45:6f:f2:ee:f7:08:d0:83:30:7e:73:64:ba:e4:ad:ad:02:87:
         b2:fd:6a:ef:1a:c2:92:86:94:cb:e9:05:e2:84:e1:26:29:10:
         0d:ca:ea:e5:22:81:dd:7b:64:7a:1d:29:f8:6b:8b:fd:1e:58:
         9a:8a:0d:a6:31:72:77:42:87:45:50:7e:aa:d9:ae:1b:b1:a2:
         a1:00:90:37:a7:24:ca:27:74:78:64:84:26:75:8b:44:58:30:
         ee:e4:4f:ef:a1:83:69:ee:56:38:c1:bb:54:0d:64:cd:ed:61:
         f4:0d:59:90:23:b7:d7:b9:8e:a8:b2:4d:d5:69:b3:b3:77:03:
         a5:d0:b8:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8eZ/DhR8E8SB83jHU04XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmYyMjY5ZDE1NjMzYmRiYzcxZDhjZDNmNDU4Y2JkMDNm
ZTAzMWYwHhcNMjYwMTAyMTgyMTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU2NjE1YWM3Njg3NDI5NWE3NzQ3NDlmMzA4NzlkYzI4NzQ3ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEK9PKTW9aemB9EuI45AX++wgT/O
YgFRM/B8j0hecV2Jn6v3xOhxQVkKwcogAfJKnjECH2h9F7oqZSvdvYG5bRQTLxiV
tGF2GQMRC2kkbecr2y1YS1gtaXHGtdO4nCztZ3wEq3Szgzy1GLbakFjjmpMiUpsu
Y29u05UhyayojiGinTEN74R2vV3GPLedZbx1kAzu7wgBgyXwCl3/7aXA5XZsNWsq
fWtVIewFCM1Aq5r3vqlr5mUFkDbHaLLrfo7eiYl8oS2qG9F/5Yzl1VIlI2TiGqkI
iTO9Je9aR0p77Fr/wX4q1upfO6CQuhReEnjsOm7eokB89VbAj3yEvx29PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFtWYVrHaHQpWndHSfMIedwodH6fMB8GA1UdIwQY
MBaAFHEvImnRVjO9vHHYzT9FjL0D/gMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUt
ZDE4YmFiOTUxNWJmLzEvVzFaaFdzZG9kQ2xhZDBkSjh3aDUzQ2gwZnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUtZDE4YmFiOTUxNWJm
LzEvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgdWgAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBdrykzEXlMVjY+3afXUYwIJSyx+hVVAnYNGLEC
vCKE9LrFl09O5c5B+J74HVpywHFXnIS5YBWbWh0FS8lcvLuiVcfk+as+ODnTnFs5
LOrOCtIxmDCywgfyTt4gT4FviwmPCO5G0hpb3GLEsAHu6hQYUhL/AR7WBRUX8Fmv
Fo5Fb/Lu9wjQgzB+c2S65K2tAoey/WrvGsKShpTL6QXihOEmKRANyurlIoHde2R6
HSn4a4v9Hliaig2mMXJ3QodFUH6q2a4bsaKhAJA3pyTKJ3R4ZIQmdYtEWDDu5E/v
oYNp7lY4wbtUDWTN7WH0DVmQI7fXuY6osk3VabOzdwOl0LjM
-----END CERTIFICATE-----