This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/IZRU9aitBtasi5s8LfvUyXF6gJI.roa
File:                     IZRU9aitBtasi5s8LfvUyXF6gJI.roa (raw, json)
Hash identifier:          A+EvTFUEfhqDufK4w5HaH/h/6GcXexGhKX2pAinc5hA=
Subject key identifier:   21:94:54:F5:A8:AD:06:D6:AC:8B:9B:3C:2D:FB:D4:C9:71:7A:80:92
Certificate issuer:       /CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
Certificate serial:       019B7C12C6E224EE75FF8A6A85C673AF4B64
Authority key identifier: A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/IZRU9aitBtasi5s8LfvUyXF6gJI.roa
Signing time:             Fri 02 Jan 2026 00:19:23 +0000
ROA not before:           Fri 02 Jan 2026 00:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210064
IP address blocks:        2a14:f680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:c6:e2:24:ee:75:ff:8a:6a:85:c6:73:af:4b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
        Validity
            Not Before: Jan  2 00:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=219454f5a8ad06d6ac8b9b3c2dfbd4c9717a8092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a5:4d:d1:8a:d5:43:e5:9b:c7:4c:92:03:3b:
                    43:f4:64:b8:99:34:0c:39:12:62:df:29:d2:ed:03:
                    8f:2d:ee:96:43:ac:f0:2c:44:15:76:53:70:88:f4:
                    94:98:5f:be:34:4e:0c:9e:00:ba:69:22:d6:09:99:
                    3d:dc:0e:66:9e:ef:cc:b2:15:c0:66:c0:0c:f3:da:
                    e9:87:ff:a1:15:6c:c0:94:95:dd:16:7d:b9:5b:1a:
                    e6:64:2e:97:65:49:52:f7:54:36:b8:fa:c3:b9:ea:
                    dd:71:22:bb:53:84:b9:5e:3c:38:b3:dc:25:18:56:
                    ac:0c:5a:9a:7c:04:c2:34:06:b9:ba:25:e7:21:f0:
                    57:35:09:78:18:70:fb:28:2f:6f:82:9c:93:aa:30:
                    0a:f2:ea:d6:70:80:78:34:b3:e1:25:0e:e3:93:c0:
                    69:94:03:fa:54:ad:54:37:00:90:fa:83:67:90:bf:
                    45:a7:4a:6b:cb:4c:89:90:b3:ac:9f:fb:4e:f5:c5:
                    2f:38:4e:79:bf:fb:b1:e3:75:2f:0f:5b:62:34:de:
                    8a:69:43:cb:7f:d6:ec:2e:1d:67:96:68:56:25:c2:
                    38:df:17:d5:2f:41:09:f6:bd:7a:00:cb:1c:d5:a7:
                    0d:45:15:ed:f9:83:82:d0:b8:8e:6a:51:fc:6f:20:
                    23:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:94:54:F5:A8:AD:06:D6:AC:8B:9B:3C:2D:FB:D4:C9:71:7A:80:92
            X509v3 Authority Key Identifier:
                keyid:A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/IZRU9aitBtasi5s8LfvUyXF6gJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f680::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:ff:d6:34:cf:e3:ed:2e:f7:1c:62:9b:e1:0a:f8:5a:02:2c:
         62:0f:7b:32:b9:f1:76:02:dd:ba:e4:34:02:ea:ad:56:47:78:
         7a:d7:04:4b:d3:a4:91:30:2b:2e:e4:06:4a:c4:fa:73:fb:63:
         d0:48:14:af:c0:68:ba:bc:ab:30:a1:1f:6f:aa:3c:b5:e4:1e:
         99:61:b8:93:36:6c:1a:39:53:bd:ca:33:ab:1e:96:dd:f6:73:
         ce:6f:02:c2:a0:ff:e2:8e:2d:50:ef:3b:78:e1:cc:dd:c3:0e:
         5b:10:59:8d:cb:90:f6:56:e0:57:b9:66:f0:11:c7:4e:81:3e:
         2b:99:0a:4c:34:4c:b0:dc:f6:3f:ab:ee:a5:e3:24:cc:c1:ba:
         4e:8c:7b:b2:91:c6:7d:fb:d8:f6:1a:78:73:54:a9:e3:24:45:
         4b:2f:fa:31:a2:1f:fe:94:3d:db:29:76:6b:43:55:15:0c:0e:
         cf:0c:a9:8f:24:ca:c3:a4:ca:ff:9a:f2:1c:cc:01:16:a1:9e:
         ce:c5:d8:27:00:e9:1b:c6:bd:e9:e9:51:5c:2b:7b:83:24:f5:
         db:d0:1d:1f:98:40:d3:19:f3:a7:ce:79:be:b2:92:a3:7e:2f:
         21:ce:92:3c:58:fa:81:b2:f9:55:eb:d0:4f:7f:93:2d:66:2b:
         52:d2:37:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8EsbiJO51/4pqhcZzr0tkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWI2NzBlODE0NmVmNTI3NGFlNDVlYjMwZDI5ZTk3MDA2
NWJhMmMwHhcNMjYwMTAyMDAxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk0NTRmNWE4YWQwNmQ2YWM4YjliM2MyZGZiZDRjOTcxN2E4MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KVN0YrVQ+Wbx0ySAztD9GS4mTQM
ORJi3ynS7QOPLe6WQ6zwLEQVdlNwiPSUmF++NE4MngC6aSLWCZk93A5mnu/MshXA
ZsAM89rph/+hFWzAlJXdFn25WxrmZC6XZUlS91Q2uPrDuerdcSK7U4S5Xjw4s9wl
GFasDFqafATCNAa5uiXnIfBXNQl4GHD7KC9vgpyTqjAK8urWcIB4NLPhJQ7jk8Bp
lAP6VK1UNwCQ+oNnkL9Fp0pry0yJkLOsn/tO9cUvOE55v/ux43UvD1tiNN6KaUPL
f9bsLh1nlmhWJcI43xfVL0EJ9r16AMsc1acNRRXt+YOC0LiOalH8byAjwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCGUVPWorQbWrIubPC371MlxeoCSMB8GA1UdIwQY
MBaAFKOrZw6BRu9SdK5F6zDSnpcAZbosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzIt
NjBkNWJlMWI3ZGE5LzEvSVpSVTlhaXRCdGFzaTVzOExmdlV5WEY2Z0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzItNjBkNWJlMWI3ZGE5
LzEvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhT2gDAN
BgkqhkiG9w0BAQsFAAOCAQEAKv/WNM/j7S73HGKb4Qr4WgIsYg97MrnxdgLduuQ0
AuqtVkd4etcES9OkkTArLuQGSsT6c/tj0EgUr8BouryrMKEfb6o8teQemWG4kzZs
GjlTvcozqx6W3fZzzm8CwqD/4o4tUO87eOHM3cMOWxBZjcuQ9lbgV7lm8BHHToE+
K5kKTDRMsNz2P6vupeMkzMG6Tox7spHGffvY9hp4c1Sp4yRFSy/6MaIf/pQ92yl2
a0NVFQwOzwypjyTKw6TK/5ryHMwBFqGezsXYJwDpG8a96elRXCt7gyT129AdH5hA
0xnzp855vrKSo34vIc6SPFj6gbL5VevQT3+TLWYrUtI3Tg==
-----END CERTIFICATE-----