This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zYxYRAP9u5F3jsVOwBwaECKVSfQ.roa
File:                     zYxYRAP9u5F3jsVOwBwaECKVSfQ.roa (raw, json)
Hash identifier:          xaRiAijSC2CzFybNmVPCza0Iv+L7QdAl+PosddXHUfE=
Subject key identifier:   CD:8C:58:44:03:FD:BB:91:77:8E:C5:4E:C0:1C:1A:10:22:95:49:F4
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019B32E72CD3856606E8504CBE2A46849CE5
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zYxYRAP9u5F3jsVOwBwaECKVSfQ.roa
Signing time:             Thu 18 Dec 2025 19:19:29 +0000
ROA not before:           Thu 18 Dec 2025 19:19:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214477
IP address blocks:        2a13:c441::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 08:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:32:e7:2c:d3:85:66:06:e8:50:4c:be:2a:46:84:9c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Dec 18 19:19:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd8c584403fdbb91778ec54ec01c1a10229549f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a0:c7:87:ae:13:23:ed:8a:af:e3:85:99:7f:
                    d1:70:92:7d:45:5d:e3:ac:3d:a5:6c:97:03:96:2d:
                    6f:74:b1:99:62:1f:e8:f5:a1:ca:60:d4:4c:de:eb:
                    26:fb:c8:e0:93:8f:9e:38:4a:ce:9a:9f:8c:14:0f:
                    5b:55:32:bb:7c:57:b0:66:44:d5:bb:7c:04:57:91:
                    77:9e:0a:e4:76:aa:b1:0b:9b:04:07:55:2a:af:21:
                    80:7c:d5:81:5e:dd:4a:4e:24:37:2a:24:ee:88:a7:
                    de:48:82:ac:d1:2a:42:f3:5c:77:d4:4b:90:12:ce:
                    7d:6c:c0:97:7c:2a:9e:9f:4e:3d:68:43:1d:b6:6e:
                    63:a3:b0:9e:8b:f9:94:17:35:14:ab:2e:86:18:2e:
                    20:3a:15:a4:4e:ba:8d:a8:ea:25:a3:2e:8a:05:ef:
                    58:72:85:76:53:c8:97:55:88:37:dc:3e:a8:e4:ab:
                    e7:36:c0:13:0b:51:ed:62:71:15:f2:68:82:b1:87:
                    27:6a:62:48:67:de:e6:f9:ec:1a:57:9b:43:ec:b0:
                    7d:5e:30:87:c7:42:45:8c:12:47:26:b2:9c:2c:94:
                    73:62:d5:2c:77:20:db:c9:82:6d:d3:ab:b3:c1:5d:
                    94:8f:3e:9f:23:df:27:b0:4a:45:60:f0:49:de:99:
                    18:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8C:58:44:03:FD:BB:91:77:8E:C5:4E:C0:1C:1A:10:22:95:49:F4
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zYxYRAP9u5F3jsVOwBwaECKVSfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c441::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:30:b2:1e:5d:1d:f6:17:8f:07:ec:1d:01:a9:93:bd:9e:42:
         b8:56:dd:89:12:2c:5d:80:ba:58:55:79:7d:99:12:5f:84:03:
         4e:03:2d:17:9e:c0:48:2c:c9:f9:37:23:c2:af:e1:07:a9:6c:
         70:c3:c1:2c:36:09:25:a9:08:a0:c3:17:f8:b4:74:3f:e3:40:
         d0:68:b3:be:97:40:08:8a:f1:5c:94:e2:6d:63:a7:79:77:07:
         22:98:9c:d1:e2:13:f3:e1:73:0c:ee:60:e7:e7:00:80:23:db:
         17:6e:ff:e9:2a:80:61:e1:16:9a:3a:c0:7e:07:9a:a6:2d:ac:
         29:2a:08:2b:1d:f1:a9:5a:04:de:29:34:90:dd:3c:2c:c3:97:
         3b:24:54:07:27:18:1a:12:7f:23:9e:f3:b1:14:27:f8:a8:d2:
         0a:a6:bd:4a:53:09:de:fc:c6:64:5c:4d:f4:9b:29:b5:17:ad:
         b9:97:d0:03:b1:4c:67:03:a4:b9:05:a6:eb:d2:29:15:9f:53:
         1e:a3:b5:ef:77:a4:31:77:fc:01:64:02:76:f2:eb:3b:c6:0a:
         dc:ba:ef:d9:d9:63:99:32:92:2e:ab:98:a0:b2:0f:c7:b9:54:
         33:cf:c6:86:7e:41:01:94:d1:a6:47:ee:dc:97:b7:16:4b:ba:
         d3:d6:3d:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZsy5yzThWYG6FBMvipGhJzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUxMjE4MTkxOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDhjNTg0NDAzZmRiYjkxNzc4ZWM1NGVjMDFjMWExMDIyOTU0OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qDHh64TI+2Kr+OFmX/RcJJ9RV3j
rD2lbJcDli1vdLGZYh/o9aHKYNRM3usm+8jgk4+eOErOmp+MFA9bVTK7fFewZkTV
u3wEV5F3ngrkdqqxC5sEB1UqryGAfNWBXt1KTiQ3KiTuiKfeSIKs0SpC81x31EuQ
Es59bMCXfCqen049aEMdtm5jo7Cei/mUFzUUqy6GGC4gOhWkTrqNqOoloy6KBe9Y
coV2U8iXVYg33D6o5KvnNsATC1HtYnEV8miCsYcnamJIZ97m+ewaV5tD7LB9XjCH
x0JFjBJHJrKcLJRzYtUsdyDbyYJt06uzwV2Ujz6fI98nsEpFYPBJ3pkYVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM2MWEQD/buRd47FTsAcGhAilUn0MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvell4WVJBUDl1NUYzanNWT3dCd2FFQ0tWU2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPEQTAN
BgkqhkiG9w0BAQsFAAOCAQEAmzCyHl0d9hePB+wdAamTvZ5CuFbdiRIsXYC6WFV5
fZkSX4QDTgMtF57ASCzJ+Tcjwq/hB6lscMPBLDYJJakIoMMX+LR0P+NA0GizvpdA
CIrxXJTibWOneXcHIpic0eIT8+FzDO5g5+cAgCPbF27/6SqAYeEWmjrAfgeapi2s
KSoIKx3xqVoE3ik0kN08LMOXOyRUBycYGhJ/I57zsRQn+KjSCqa9SlMJ3vzGZFxN
9JsptRetuZfQA7FMZwOkuQWm69IpFZ9THqO173ekMXf8AWQCdvLrO8YK3Lrv2dlj
mTKSLquYoLIPx7lUM8/Ghn5BAZTRpkfu3Je3Fku609Y9BA==
-----END CERTIFICATE-----