This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/Zx2Ej29t4Sy3ugAdSAEr8wgh-eI.roa
File:                     Zx2Ej29t4Sy3ugAdSAEr8wgh-eI.roa (raw, json)
Hash identifier:          6qePl3E6/9bWQI3GzNjE+NBTWrA6JE82fp1zkkf+j8o=
Subject key identifier:   67:1D:84:8F:6F:6D:E1:2C:B7:BA:00:1D:48:01:2B:F3:08:21:F9:E2
Certificate issuer:       /CN=b586a8643633e9874111a8bcf3518a0905f28609
Certificate serial:       019B791004B77DB109038261D4D27AD360D7
Authority key identifier: B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/Zx2Ej29t4Sy3ugAdSAEr8wgh-eI.roa
Signing time:             Thu 01 Jan 2026 10:17:31 +0000
ROA not before:           Thu 01 Jan 2026 10:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49602
IP address blocks:        2a0d:1580:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:04:b7:7d:b1:09:03:82:61:d4:d2:7a:d3:60:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b586a8643633e9874111a8bcf3518a0905f28609
        Validity
            Not Before: Jan  1 10:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=671d848f6f6de12cb7ba001d48012bf30821f9e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:94:ac:de:a2:54:ea:bd:1e:2b:c4:e0:ad:43:
                    5d:bc:52:90:8f:9a:86:a1:d8:49:6e:48:b5:ca:6a:
                    11:05:30:e0:da:09:01:8f:f0:94:aa:06:70:cf:16:
                    bf:3a:47:dd:05:ca:73:81:66:b8:0c:a0:cd:5c:42:
                    ca:4b:51:81:3e:27:97:0c:9f:28:dc:e4:02:e3:2e:
                    47:2f:67:d5:36:dd:cb:41:48:cd:72:77:e8:59:13:
                    6f:5a:2e:46:d9:06:99:35:8b:8b:70:90:41:a6:cf:
                    5a:22:6c:9b:9c:e6:a8:16:51:d9:6a:da:13:f9:3b:
                    d5:fd:1b:eb:dc:ba:1a:f9:00:38:fa:c1:d8:86:e2:
                    11:9a:d9:0a:56:87:40:4b:77:c3:02:22:36:b2:fe:
                    76:66:d4:ca:d4:ac:73:89:d4:e5:a0:5f:54:93:10:
                    6e:ad:57:c9:35:f9:9a:9d:55:86:18:3c:04:b1:72:
                    72:39:56:32:11:df:74:d8:6f:89:e4:cb:2c:6e:48:
                    f4:20:e1:ee:ec:6f:93:cf:25:c8:1d:27:03:59:4b:
                    18:50:25:75:dc:93:5a:fa:d3:55:e5:a6:83:b9:35:
                    08:bd:99:73:8c:09:fa:f8:c6:a3:e8:47:b3:ff:a0:
                    0f:05:21:72:79:ba:7f:3f:0f:2f:df:65:2c:e0:0d:
                    97:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1D:84:8F:6F:6D:E1:2C:B7:BA:00:1D:48:01:2B:F3:08:21:F9:E2
            X509v3 Authority Key Identifier:
                keyid:B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/Zx2Ej29t4Sy3ugAdSAEr8wgh-eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1580:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:93:c0:96:15:31:e8:7e:b9:6d:bb:a0:1c:98:18:73:89:fb:
         3e:1c:83:62:86:02:b5:36:f9:2d:71:84:8a:bc:0b:ea:c6:e5:
         42:6a:b1:8b:76:9c:ea:52:84:2b:cc:82:19:b0:78:e3:7e:ff:
         69:c9:c4:28:4f:68:2f:99:c7:43:8b:68:03:17:3d:e1:75:1b:
         f0:33:ba:c8:64:c2:fb:33:1f:d3:cf:b2:fd:4e:bf:a5:93:a7:
         70:35:3d:1d:95:1b:86:77:0e:bf:78:ba:65:97:e0:a8:66:22:
         e9:26:03:8d:45:a8:8c:f5:af:1e:38:5a:a4:04:04:13:0e:ca:
         e8:16:69:45:0c:54:f9:9a:f1:37:e4:c4:84:40:fb:3a:59:2c:
         cd:1e:42:66:08:f7:5d:6b:b8:6c:c0:04:fe:c3:81:3d:3a:7a:
         6e:74:97:62:6b:91:6a:29:df:d4:7e:f3:72:be:23:d2:3c:de:
         74:22:86:98:01:7b:84:c6:4a:9d:90:6a:69:c4:86:a3:35:35:
         62:29:cf:5f:89:28:9b:b3:95:e1:c0:0c:4c:87:b5:bb:10:c9:
         64:98:96:a3:b4:8d:59:b8:cc:89:f6:a0:48:16:87:66:70:b2:
         d9:c3:81:4d:1b:3d:33:32:e7:c2:0c:2c:7c:f0:0b:95:06:b9:
         18:1b:27:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EAS3fbEJA4Jh1NJ602DXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODZhODY0MzYzM2U5ODc0MTExYThiY2YzNTE4YTA5MDVm
Mjg2MDkwHhcNMjYwMTAxMTAxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFkODQ4ZjZmNmRlMTJjYjdiYTAwMWQ0ODAxMmJmMzA4MjFmOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5Ss3qJU6r0eK8TgrUNdvFKQj5qG
odhJbki1ymoRBTDg2gkBj/CUqgZwzxa/OkfdBcpzgWa4DKDNXELKS1GBPieXDJ8o
3OQC4y5HL2fVNt3LQUjNcnfoWRNvWi5G2QaZNYuLcJBBps9aImybnOaoFlHZatoT
+TvV/Rvr3Loa+QA4+sHYhuIRmtkKVodAS3fDAiI2sv52ZtTK1KxzidTloF9UkxBu
rVfJNfmanVWGGDwEsXJyOVYyEd902G+J5Mssbkj0IOHu7G+TzyXIHScDWUsYUCV1
3JNa+tNV5aaDuTUIvZlzjAn6+Maj6Eez/6APBSFyebp/Pw8v32Us4A2XXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGcdhI9vbeEst7oAHUgBK/MIIfniMB8GA1UdIwQY
MBaAFLWGqGQ2M+mHQRGovPNRigkF8oYJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMt
NDQ5OWUzMjM5ZjFmLzEvWngyRWoyOXQ0U3kzdWdBZFNBRXI4d2doLWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMtNDQ5OWUzMjM5ZjFm
LzEvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0VgAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCRk8CWFTHofrltu6AcmBhzifs+HINihgK1Nvkt
cYSKvAvqxuVCarGLdpzqUoQrzIIZsHjjfv9pycQoT2gvmcdDi2gDFz3hdRvwM7rI
ZML7Mx/Tz7L9Tr+lk6dwNT0dlRuGdw6/eLpll+CoZiLpJgONRaiM9a8eOFqkBAQT
DsroFmlFDFT5mvE35MSEQPs6WSzNHkJmCPdda7hswAT+w4E9OnpudJdia5FqKd/U
fvNyviPSPN50IoaYAXuExkqdkGppxIajNTViKc9fiSibs5XhwAxMh7W7EMlkmJaj
tI1ZuMyJ9qBIFodmcLLZw4FNGz0zMufCDCx88AuVBrkYGyeQ
-----END CERTIFICATE-----