This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/T8H29xdvMM615tBBaetAKqxS1Lg.roa
File:                     T8H29xdvMM615tBBaetAKqxS1Lg.roa (raw, json)
Hash identifier:          f1JOsohKbsQAHJoFy6fUS25sjpjOzZztTxeJ515Q3+k=
Subject key identifier:   4F:C1:F6:F7:17:6F:30:CE:B5:E6:D0:41:69:EB:40:2A:AC:52:D4:B8
Certificate issuer:       /CN=a4917d885b675672fc8efb89d6e14e23675052d9
Certificate serial:       019B7758D51D158A3B8EFFA1D37C611D4400
Authority key identifier: A4:91:7D:88:5B:67:56:72:FC:8E:FB:89:D6:E1:4E:23:67:50:52:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/T8H29xdvMM615tBBaetAKqxS1Lg.roa
Signing time:             Thu 01 Jan 2026 02:17:49 +0000
ROA not before:           Thu 01 Jan 2026 02:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199195
IP address blocks:        2001:67c:c40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:d5:1d:15:8a:3b:8e:ff:a1:d3:7c:61:1d:44:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4917d885b675672fc8efb89d6e14e23675052d9
        Validity
            Not Before: Jan  1 02:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fc1f6f7176f30ceb5e6d04169eb402aac52d4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7e:7c:e5:72:bd:34:aa:26:2a:03:7d:9f:a7:
                    9b:6e:e3:4c:ad:44:69:f5:78:0d:d2:63:dd:07:50:
                    4f:86:a7:a9:42:2c:ab:72:21:62:4c:bc:4d:4a:31:
                    23:ec:7e:15:6a:2d:b9:f5:8a:38:b5:9e:b7:ef:09:
                    39:5f:4c:08:db:94:ad:3f:96:42:54:9d:27:38:56:
                    6d:51:82:11:0d:75:03:c2:a3:98:2c:18:fe:c8:5c:
                    71:e7:3b:b7:a9:05:22:77:13:21:6b:25:bd:dc:2f:
                    91:51:7a:5b:3b:0e:a2:b2:67:23:36:34:cc:27:c3:
                    70:1a:ae:00:aa:87:cf:45:44:66:17:20:18:98:5b:
                    fd:84:e2:b8:86:44:a5:d4:06:9e:18:cd:d6:e6:9e:
                    d9:ac:9a:04:b6:e3:c7:2e:41:a7:48:45:dd:c6:58:
                    48:c6:8b:08:75:81:8f:03:c9:9f:f3:99:4f:b8:db:
                    a9:40:b0:be:86:f5:90:1b:24:ee:72:68:3b:7d:32:
                    8e:3a:7f:af:65:b0:b0:a8:b1:e7:c3:92:09:dc:ba:
                    ea:d4:a8:e1:70:3e:9b:2c:bc:2c:50:95:dc:4a:df:
                    2f:c2:f5:bc:1f:53:82:b1:d5:16:a0:1f:3e:80:66:
                    2e:ab:3f:a3:58:1f:34:20:ff:8b:0a:c4:76:fd:aa:
                    07:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C1:F6:F7:17:6F:30:CE:B5:E6:D0:41:69:EB:40:2A:AC:52:D4:B8
            X509v3 Authority Key Identifier:
                keyid:A4:91:7D:88:5B:67:56:72:FC:8E:FB:89:D6:E1:4E:23:67:50:52:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/T8H29xdvMM615tBBaetAKqxS1Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/13bc29-4ef3-421b-a30f-1344d02cfda8/1/pJF9iFtnVnL8jvuJ1uFOI2dQUtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c40::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:06:c3:8a:b9:b9:5d:b4:2d:c8:e0:a3:1f:db:6f:03:ea:e4:
         00:3c:af:05:eb:66:64:60:2e:03:97:7a:5c:2d:29:55:0c:77:
         0b:fc:b3:79:7d:4e:7f:8a:b4:b4:11:58:3f:f8:1a:fa:ef:3a:
         3a:e3:34:99:fd:71:b1:35:19:9b:c6:90:9b:a0:77:34:c8:5e:
         03:61:2b:49:3d:be:22:f0:e5:66:82:69:70:63:62:56:b3:72:
         48:6c:c2:de:85:56:a6:33:32:27:f8:34:1b:f5:57:26:83:27:
         de:b2:01:67:7a:88:5f:3c:a1:ca:ca:3b:fd:57:7b:49:4c:fc:
         00:f3:87:75:2d:6e:c2:22:e3:33:73:98:e5:ea:20:95:b9:3d:
         f6:f5:f3:e8:24:61:7c:1f:fc:72:34:d8:85:70:fa:b0:7a:dc:
         c6:83:40:ef:0a:b5:95:93:2d:15:d4:b4:b2:da:8b:b2:85:7d:
         bb:70:c2:16:b2:31:44:8d:f3:08:2d:42:25:35:b9:4b:3b:2a:
         b8:79:65:38:9f:6f:7b:f1:51:b2:90:25:ca:62:5b:4e:38:37:
         10:f7:0f:f8:3f:d7:20:73:34:92:aa:ef:28:dc:23:7d:b6:a5:
         cb:01:27:27:17:72:2b:2d:12:19:e4:33:1e:19:85:8e:00:d7:
         0a:cd:f4:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WNUdFYo7jv+h03xhHUQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTE3ZDg4NWI2NzU2NzJmYzhlZmI4OWQ2ZTE0ZTIzNjc1
MDUyZDkwHhcNMjYwMTAxMDIxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmMxZjZmNzE3NmYzMGNlYjVlNmQwNDE2OWViNDAyYWFjNTJkNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3585XK9NKomKgN9n6ebbuNMrURp
9XgN0mPdB1BPhqepQiyrciFiTLxNSjEj7H4Vai259Yo4tZ637wk5X0wI25StP5ZC
VJ0nOFZtUYIRDXUDwqOYLBj+yFxx5zu3qQUidxMhayW93C+RUXpbOw6ismcjNjTM
J8NwGq4AqofPRURmFyAYmFv9hOK4hkSl1AaeGM3W5p7ZrJoEtuPHLkGnSEXdxlhI
xosIdYGPA8mf85lPuNupQLC+hvWQGyTucmg7fTKOOn+vZbCwqLHnw5IJ3Lrq1Kjh
cD6bLLwsUJXcSt8vwvW8H1OCsdUWoB8+gGYuqz+jWB80IP+LCsR2/aoH1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE/B9vcXbzDOtebQQWnrQCqsUtS4MB8GA1UdIwQY
MBaAFKSRfYhbZ1Zy/I77idbhTiNnUFLZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpGOWlGdG5Wbkw4anZ1SjF1Rk9JMmRRVXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8xM2JjMjktNGVmMy00MjFiLWEzMGYt
MTM0NGQwMmNmZGE4LzEvVDhIMjl4ZHZNTTYxNXRCQmFldEFLcXhTMUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8xM2JjMjktNGVmMy00MjFiLWEzMGYtMTM0NGQwMmNmZGE4
LzEvcEpGOWlGdG5Wbkw4anZ1SjF1Rk9JMmRRVXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAxA
MA0GCSqGSIb3DQEBCwUAA4IBAQBwBsOKubldtC3I4KMf228D6uQAPK8F62ZkYC4D
l3pcLSlVDHcL/LN5fU5/irS0EVg/+Br67zo64zSZ/XGxNRmbxpCboHc0yF4DYStJ
Pb4i8OVmgmlwY2JWs3JIbMLehVamMzIn+DQb9VcmgyfesgFneohfPKHKyjv9V3tJ
TPwA84d1LW7CIuMzc5jl6iCVuT329fPoJGF8H/xyNNiFcPqwetzGg0DvCrWVky0V
1LSy2ouyhX27cMIWsjFEjfMILUIlNblLOyq4eWU4n2978VGykCXKYltOODcQ9w/4
P9cgczSSqu8o3CN9tqXLAScnF3IrLRIZ5DMeGYWOANcKzfRB
-----END CERTIFICATE-----