This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/RZP_EJvUPRy8N5V44f-ykW1wgg8.roa
File:                     RZP_EJvUPRy8N5V44f-ykW1wgg8.roa (raw, json)
Hash identifier:          LUUspyCZgfPy/9PXdd/3xbh9XNVlKFlsig4SSBadF24=
Subject key identifier:   45:93:FF:10:9B:D4:3D:1C:BC:37:95:78:E1:FF:B2:91:6D:70:82:0F
Certificate issuer:       /CN=95189b158d8d6011ba5f96252d30266a70d3e066
Certificate serial:       019B76EB13247A5E47C85B3800F337A84E46
Authority key identifier: 95:18:9B:15:8D:8D:60:11:BA:5F:96:25:2D:30:26:6A:70:D3:E0:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRibFY2NYBG6X5YlLTAmanDT4GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/RZP_EJvUPRy8N5V44f-ykW1wgg8.roa
Signing time:             Thu 01 Jan 2026 00:17:55 +0000
ROA not before:           Thu 01 Jan 2026 00:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204302
IP address blocks:        2001:678:640::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/lRibFY2NYBG6X5YlLTAmanDT4GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/lRibFY2NYBG6X5YlLTAmanDT4GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRibFY2NYBG6X5YlLTAmanDT4GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:13:24:7a:5e:47:c8:5b:38:00:f3:37:a8:4e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95189b158d8d6011ba5f96252d30266a70d3e066
        Validity
            Not Before: Jan  1 00:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4593ff109bd43d1cbc379578e1ffb2916d70820f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:53:7d:61:95:69:9e:d6:c1:55:59:f2:0c:91:
                    9c:8c:6a:f0:8c:d8:6a:0e:f9:b7:2b:f7:b7:c2:21:
                    0d:6a:b3:52:a6:2a:d6:50:ff:5e:fe:ca:b1:3f:cd:
                    99:ef:12:13:91:a4:ef:21:5d:00:4a:98:ad:6c:58:
                    3a:ce:5f:4a:3f:3e:32:9f:39:26:3c:55:2b:bb:2f:
                    f5:30:72:01:c7:99:22:3b:79:15:74:5d:e0:35:f6:
                    46:e8:74:7e:d8:df:7a:fa:24:80:0a:ec:6c:33:bd:
                    75:5c:c1:87:bb:b3:b5:0f:82:fc:93:6f:bb:ea:4c:
                    cd:43:ff:33:9d:31:a7:54:b3:0a:87:56:d9:59:91:
                    29:cc:e9:fa:06:d2:d6:1d:a8:e6:c5:80:a9:55:05:
                    a1:8e:88:ea:1d:89:80:4e:75:f2:6d:91:52:29:82:
                    c0:3e:06:8c:7f:83:18:fb:55:f4:94:ff:03:ab:16:
                    cb:64:9e:f7:22:3e:22:36:cb:00:52:23:d5:57:6b:
                    4c:c0:07:43:52:ed:f9:8f:2f:ae:3e:3a:e5:f8:4f:
                    d5:0f:e6:47:6d:27:3e:46:6e:63:e7:32:bd:ef:dc:
                    05:98:08:27:93:67:68:01:a1:f6:ed:d7:0f:69:f3:
                    06:d2:a9:f8:18:85:e9:5d:01:e5:e1:73:39:2e:34:
                    7b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:93:FF:10:9B:D4:3D:1C:BC:37:95:78:E1:FF:B2:91:6D:70:82:0F
            X509v3 Authority Key Identifier:
                keyid:95:18:9B:15:8D:8D:60:11:BA:5F:96:25:2D:30:26:6A:70:D3:E0:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRibFY2NYBG6X5YlLTAmanDT4GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/RZP_EJvUPRy8N5V44f-ykW1wgg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d27ad0-55c2-4904-a8c5-ace180ff9b19/1/lRibFY2NYBG6X5YlLTAmanDT4GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:640::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:f4:38:a1:10:27:4b:3b:24:43:d9:4d:6b:ed:e7:d5:b6:b7:
         9c:76:4d:07:b1:6c:f5:e0:9c:b8:26:fb:0a:f7:a9:e9:52:7c:
         e3:f3:4e:59:9b:a1:35:dd:01:21:f5:e9:22:c9:1f:56:1e:ef:
         9f:d9:59:cc:90:ec:e6:7a:b7:81:6c:21:9f:73:b2:ce:4b:cc:
         9a:98:e7:bf:2b:b0:04:ac:82:ce:98:03:0a:26:da:71:ea:9b:
         15:7f:2e:a9:00:39:70:aa:f1:71:75:a6:38:5a:c5:66:ea:67:
         1c:e9:ba:bc:32:7e:ef:29:4b:af:21:31:75:55:cd:a4:5b:66:
         35:04:45:60:f0:29:83:bc:af:89:ea:b0:4b:b4:10:c7:b5:20:
         29:4e:40:e1:6d:28:80:8e:10:1e:72:b8:29:4b:05:83:75:b1:
         97:01:2e:31:7f:2f:af:4e:c9:de:2b:e0:06:37:96:8a:89:78:
         b5:35:25:c7:b4:85:88:13:1d:00:0c:b9:dd:8f:d3:f6:af:88:
         46:eb:b5:0e:b9:5f:3e:51:f0:5f:bd:c3:61:b2:24:7a:10:21:
         f8:fd:fe:08:27:b2:0d:13:d7:cb:e3:dc:87:51:31:5a:c2:2d:
         8e:61:0e:6c:d1:90:c5:e8:b6:2d:ca:f5:1b:0b:ad:a1:eb:f1:
         17:8e:4f:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt26xMkel5HyFs4APM3qE5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTg5YjE1OGQ4ZDYwMTFiYTVmOTYyNTJkMzAyNjZhNzBk
M2UwNjYwHhcNMjYwMTAxMDAxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTkzZmYxMDliZDQzZDFjYmMzNzk1NzhlMWZmYjI5MTZkNzA4MjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1N9YZVpntbBVVnyDJGcjGrwjNhq
Dvm3K/e3wiENarNSpirWUP9e/sqxP82Z7xITkaTvIV0ASpitbFg6zl9KPz4ynzkm
PFUruy/1MHIBx5kiO3kVdF3gNfZG6HR+2N96+iSACuxsM711XMGHu7O1D4L8k2+7
6kzNQ/8znTGnVLMKh1bZWZEpzOn6BtLWHajmxYCpVQWhjojqHYmATnXybZFSKYLA
PgaMf4MY+1X0lP8DqxbLZJ73Ij4iNssAUiPVV2tMwAdDUu35jy+uPjrl+E/VD+ZH
bSc+Rm5j5zK979wFmAgnk2doAaH27dcPafMG0qn4GIXpXQHl4XM5LjR7BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEWT/xCb1D0cvDeVeOH/spFtcIIPMB8GA1UdIwQY
MBaAFJUYmxWNjWARul+WJS0wJmpw0+BmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJpYkZZMk5ZQkc2WDVZbExUQW1hbkRUNEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMjdhZDAtNTVjMi00OTA0LWE4YzUt
YWNlMTgwZmY5YjE5LzEvUlpQX0VKdlVQUnk4TjVWNDRmLXlrVzF3Z2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMjdhZDAtNTVjMi00OTA0LWE4YzUtYWNlMTgwZmY5YjE5
LzEvbFJpYkZZMk5ZQkc2WDVZbExUQW1hbkRUNEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAZA
MA0GCSqGSIb3DQEBCwUAA4IBAQAN9DihECdLOyRD2U1r7efVtrecdk0HsWz14Jy4
JvsK96npUnzj805Zm6E13QEh9ekiyR9WHu+f2VnMkOzmereBbCGfc7LOS8yamOe/
K7AErILOmAMKJtpx6psVfy6pADlwqvFxdaY4WsVm6mcc6bq8Mn7vKUuvITF1Vc2k
W2Y1BEVg8CmDvK+J6rBLtBDHtSApTkDhbSiAjhAecrgpSwWDdbGXAS4xfy+vTsne
K+AGN5aKiXi1NSXHtIWIEx0ADLndj9P2r4hG67UOuV8+UfBfvcNhsiR6ECH4/f4I
J7INE9fL49yHUTFawi2OYQ5s0ZDF6LYtyvUbC62h6/EXjk8T
-----END CERTIFICATE-----