This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/zQPH05SIZNuQg4zGS0l4MvCEJwc.roa
File:                     zQPH05SIZNuQg4zGS0l4MvCEJwc.roa (raw, json)
Hash identifier:          ueZfBj8JGiHYfSauWwC/j0GXwlPaWH1VC5mIskTovc0=
Subject key identifier:   CD:03:C7:D3:94:88:64:DB:90:83:8C:C6:4B:49:78:32:F0:84:27:07
Certificate issuer:       /CN=5bea046b499780aec7d6182d2d56a75eb08968cd
Certificate serial:       019B7F15338D71BB91D476E4A0186F4B122E
Authority key identifier: 5B:EA:04:6B:49:97:80:AE:C7:D6:18:2D:2D:56:A7:5E:B0:89:68:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/zQPH05SIZNuQg4zGS0l4MvCEJwc.roa
Signing time:             Fri 02 Jan 2026 14:20:54 +0000
ROA not before:           Fri 02 Jan 2026 14:20:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206628
IP address blocks:        2001:678:d3c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:33:8d:71:bb:91:d4:76:e4:a0:18:6f:4b:12:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bea046b499780aec7d6182d2d56a75eb08968cd
        Validity
            Not Before: Jan  2 14:20:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd03c7d3948864db90838cc64b497832f0842707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:04:89:6e:0e:f8:88:73:ec:b9:82:53:4f:71:
                    ec:cd:1a:c5:0f:de:63:18:d2:ef:88:2a:4d:d8:4d:
                    92:10:b0:a4:1c:73:2a:9c:b2:dc:e1:d7:de:59:20:
                    49:9e:4f:3a:65:07:6f:94:d1:a2:05:63:3c:a9:1a:
                    4f:23:10:4c:e7:74:de:0f:1a:c0:5e:60:49:41:be:
                    f9:36:48:06:6b:ed:f5:56:99:97:3b:88:07:d9:a1:
                    c0:a5:a9:77:ca:fc:8c:1a:f7:88:d4:45:6e:94:e6:
                    56:92:f3:ae:94:3d:8a:e0:3e:23:4d:18:55:45:58:
                    cb:ba:dd:60:de:db:74:9f:a6:f4:46:45:61:f4:ca:
                    22:b2:9f:2e:5f:fe:fe:e9:cf:d4:00:b4:fb:ca:ae:
                    53:17:80:e6:07:fe:84:34:e2:c1:01:f0:e7:f2:26:
                    e4:06:31:39:b9:4b:83:eb:8c:5e:4d:c5:a9:c4:63:
                    d9:ff:a9:56:32:28:6d:5c:75:f3:94:9d:31:05:36:
                    bb:d0:1c:d4:db:4e:73:08:57:13:cf:d5:75:1b:97:
                    71:cc:56:59:2c:0e:aa:37:f4:73:4e:5e:03:d8:64:
                    ab:f6:ea:5f:14:47:5c:e3:3c:4c:17:99:49:2a:87:
                    c5:e3:51:d5:b0:82:ee:a4:fb:b6:90:cf:96:7e:6a:
                    21:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:03:C7:D3:94:88:64:DB:90:83:8C:C6:4B:49:78:32:F0:84:27:07
            X509v3 Authority Key Identifier:
                keyid:5B:EA:04:6B:49:97:80:AE:C7:D6:18:2D:2D:56:A7:5E:B0:89:68:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/zQPH05SIZNuQg4zGS0l4MvCEJwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:32:da:5d:ef:9a:e4:9d:f1:d4:6e:60:b9:23:6d:f2:5a:8c:
         8f:10:6f:ec:3c:65:75:f9:52:06:86:e7:6d:18:5d:c0:52:fb:
         5e:68:a9:7a:d1:84:e4:24:aa:0f:d5:d3:5b:e7:fc:e4:e4:f5:
         ce:96:9c:5c:16:bb:48:2d:9e:b2:8b:42:09:a4:a2:10:24:30:
         8e:11:22:ed:2d:3c:18:ac:7b:7b:85:b3:d5:f7:ec:2c:d6:21:
         5e:6b:85:eb:ed:8c:5d:6b:04:08:a2:ee:b1:e9:3e:d9:2d:dd:
         fe:af:36:14:a0:d5:23:35:96:a8:6e:2f:5f:49:48:64:3f:9e:
         e0:08:32:af:68:03:da:2e:f2:6e:9f:f5:61:e5:6b:17:10:23:
         62:3d:a9:70:f9:5f:e7:ea:72:3f:ef:55:26:be:bf:5e:a2:ac:
         1b:b5:8e:7d:89:ed:8e:0c:38:82:75:d4:8d:0c:d5:84:d2:03:
         2e:ff:5c:65:33:62:7b:47:2f:97:33:fc:ae:bd:52:3f:c3:fc:
         94:44:f0:bb:47:76:3a:b0:1f:d7:37:27:b0:57:08:5c:ce:d8:
         8d:02:f9:19:74:50:70:49:f7:82:a4:89:49:a0:9e:c7:f0:76:
         90:22:9e:87:88:2e:e0:5a:12:0c:cf:b7:0b:ef:56:5c:13:87:
         0b:fd:4b:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FTONcbuR1HbkoBhvSxIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWEwNDZiNDk5NzgwYWVjN2Q2MTgyZDJkNTZhNzVlYjA4
OTY4Y2QwHhcNMjYwMTAyMTQyMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDAzYzdkMzk0ODg2NGRiOTA4MzhjYzY0YjQ5NzgzMmYwODQyNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsASJbg74iHPsuYJTT3HszRrFD95j
GNLviCpN2E2SELCkHHMqnLLc4dfeWSBJnk86ZQdvlNGiBWM8qRpPIxBM53TeDxrA
XmBJQb75NkgGa+31VpmXO4gH2aHApal3yvyMGveI1EVulOZWkvOulD2K4D4jTRhV
RVjLut1g3tt0n6b0RkVh9Moisp8uX/7+6c/UALT7yq5TF4DmB/6ENOLBAfDn8ibk
BjE5uUuD64xeTcWpxGPZ/6lWMihtXHXzlJ0xBTa70BzU205zCFcTz9V1G5dxzFZZ
LA6qN/RzTl4D2GSr9upfFEdc4zxMF5lJKofF41HVsILupPu2kM+WfmohxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM0Dx9OUiGTbkIOMxktJeDLwhCcHMB8GA1UdIwQY
MBaAFFvqBGtJl4Cux9YYLS1Wp16wiWjNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1vRWEwbVhnSzdIMWhndExWYW5YckNKYU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hYzRjMmQtOGFiMS00ZTAxLWI2YjEt
Mjk2MDIyMTVhZGQwLzEvelFQSDA1U0laTnVRZzR6R1MwbDRNdkNFSndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hYzRjMmQtOGFiMS00ZTAxLWI2YjEtMjk2MDIyMTVhZGQw
LzEvVy1vRWEwbVhnSzdIMWhndExWYW5YckNKYU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA08
MA0GCSqGSIb3DQEBCwUAA4IBAQAfMtpd75rknfHUbmC5I23yWoyPEG/sPGV1+VIG
hudtGF3AUvteaKl60YTkJKoP1dNb5/zk5PXOlpxcFrtILZ6yi0IJpKIQJDCOESLt
LTwYrHt7hbPV9+ws1iFea4Xr7YxdawQIou6x6T7ZLd3+rzYUoNUjNZaobi9fSUhk
P57gCDKvaAPaLvJun/Vh5WsXECNiPalw+V/n6nI/71Umvr9eoqwbtY59ie2ODDiC
ddSNDNWE0gMu/1xlM2J7Ry+XM/yuvVI/w/yURPC7R3Y6sB/XNyewVwhcztiNAvkZ
dFBwSfeCpIlJoJ7H8HaQIp6HiC7gWhIMz7cL71ZcE4cL/UsB
-----END CERTIFICATE-----