This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/Kw4ehkeFdhJyIYvKo5TkPObECaU.roa
File:                     Kw4ehkeFdhJyIYvKo5TkPObECaU.roa (raw, json)
Hash identifier:          eV4xuQ9y0xW+Y+Qh7Gz6UOri5HdKzx1wpaGm5MSkuEA=
Subject key identifier:   2B:0E:1E:86:47:85:76:12:72:21:8B:CA:A3:94:E4:3C:E6:C4:09:A5
Certificate issuer:       /CN=58a127453dfba17e10c347fa34bbebab14905a57
Certificate serial:       019B7AC8BE1B30519F4FB97B1143F58D502D
Authority key identifier: 58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/Kw4ehkeFdhJyIYvKo5TkPObECaU.roa
Signing time:             Thu 01 Jan 2026 18:18:54 +0000
ROA not before:           Thu 01 Jan 2026 18:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206564
IP address blocks:        2001:678:5d0::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 23:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:be:1b:30:51:9f:4f:b9:7b:11:43:f5:8d:50:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a127453dfba17e10c347fa34bbebab14905a57
        Validity
            Not Before: Jan  1 18:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b0e1e864785761272218bcaa394e43ce6c409a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a4:99:a7:13:94:b6:a7:cc:62:6f:15:15:cc:
                    c9:05:31:08:9b:30:31:81:48:f0:9f:41:d8:ee:c7:
                    65:40:ae:25:04:b7:73:3f:a9:60:bf:66:44:48:ab:
                    09:86:5c:93:70:e5:88:6d:b8:ed:84:5e:10:12:ca:
                    ce:76:32:30:e3:04:f5:fa:79:b1:68:e6:23:2f:70:
                    1a:19:08:9f:c1:5d:ed:31:92:b9:cf:c8:9d:fa:72:
                    9f:d4:03:ec:45:28:c2:6b:13:36:07:0a:e8:7e:12:
                    1e:2f:61:00:c0:60:45:c6:3b:8d:8e:79:9a:3d:1e:
                    cd:a1:5a:8f:68:68:63:f8:56:1f:1d:5d:d3:b4:e0:
                    76:c5:37:9c:c3:56:08:28:15:24:6d:40:ce:34:8a:
                    19:23:2d:15:5a:38:eb:e4:2f:59:46:5e:02:19:01:
                    ed:61:19:cf:a4:75:17:e3:49:de:a9:a5:19:8a:90:
                    74:49:42:a6:3e:38:5f:eb:b2:22:26:73:4a:34:bd:
                    26:cf:dc:54:9e:45:97:51:b3:24:37:2d:e6:61:dd:
                    c1:97:d6:17:2f:b0:79:7e:ec:ff:c9:45:50:48:b0:
                    c0:5c:df:87:95:ee:17:6a:e1:ee:3b:7a:e9:a8:b4:
                    45:a5:72:10:d8:a4:fc:ef:15:e1:d6:56:9a:b7:bc:
                    03:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0E:1E:86:47:85:76:12:72:21:8B:CA:A3:94:E4:3C:E6:C4:09:A5
            X509v3 Authority Key Identifier:
                keyid:58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/Kw4ehkeFdhJyIYvKo5TkPObECaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:f1:b2:17:32:35:d7:ad:f6:89:fa:75:b0:b1:19:7e:ec:0f:
         de:fc:c1:80:e9:0e:67:13:c7:0e:b9:98:46:83:12:93:e6:b1:
         19:fb:0b:73:42:2f:cd:bc:0d:59:e9:02:9a:09:1a:f4:15:56:
         2a:37:2b:60:3b:9c:86:20:05:3c:8a:63:14:8b:ac:50:ba:3c:
         cd:a9:13:6c:d5:2c:1e:91:ab:c8:63:67:7a:62:6f:3b:7e:63:
         1e:ca:70:80:95:38:39:8c:5b:e6:d0:ec:2b:9a:d8:f7:cc:97:
         68:3b:09:ec:e4:19:e9:f1:65:3c:d5:3b:69:46:bd:b6:da:76:
         68:08:46:c2:68:74:d4:c4:ad:2a:47:eb:ba:26:66:97:c3:85:
         7e:7b:5a:36:3f:5d:08:16:ca:ee:37:71:6c:e4:55:11:29:77:
         7e:0b:60:38:30:b6:9a:85:83:3b:c9:8b:80:00:26:16:45:4c:
         5f:bc:7a:ca:e2:d3:9e:86:02:fb:d9:64:c8:2b:c6:ba:84:6a:
         9e:8d:f0:3a:c8:ee:05:cf:e7:22:56:53:59:8d:1d:c2:1d:37:
         e6:1d:9e:7e:39:cc:96:6e:9c:a6:2a:47:59:bb:9f:03:b8:02:
         fa:f3:72:d2:46:98:6a:c0:5d:d0:a5:6d:9a:23:91:b5:d0:db:
         a1:a1:06:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6yL4bMFGfT7l7EUP1jVAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTEyNzQ1M2RmYmExN2UxMGMzNDdmYTM0YmJlYmFiMTQ5
MDVhNTcwHhcNMjYwMTAxMTgxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBlMWU4NjQ3ODU3NjEyNzIyMThiY2FhMzk0ZTQzY2U2YzQwOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKSZpxOUtqfMYm8VFczJBTEImzAx
gUjwn0HY7sdlQK4lBLdzP6lgv2ZESKsJhlyTcOWIbbjthF4QEsrOdjIw4wT1+nmx
aOYjL3AaGQifwV3tMZK5z8id+nKf1APsRSjCaxM2BwrofhIeL2EAwGBFxjuNjnma
PR7NoVqPaGhj+FYfHV3TtOB2xTecw1YIKBUkbUDONIoZIy0VWjjr5C9ZRl4CGQHt
YRnPpHUX40neqaUZipB0SUKmPjhf67IiJnNKNL0mz9xUnkWXUbMkNy3mYd3Bl9YX
L7B5fuz/yUVQSLDAXN+Hle4XauHuO3rpqLRFpXIQ2KT87xXh1laat7wDZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCsOHoZHhXYSciGLyqOU5DzmxAmlMB8GA1UdIwQY
MBaAFFihJ0U9+6F+EMNH+jS766sUkFpXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2Yt
ZGE5NjAxOWQ0YzIwLzEvS3c0ZWhrZUZkaEp5SVl2S281VGtQT2JFQ2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2YtZGE5NjAxOWQ0YzIw
LzEvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCX8bIXMjXXrfaJ+nWwsRl+7A/e/MGA6Q5nE8cO
uZhGgxKT5rEZ+wtzQi/NvA1Z6QKaCRr0FVYqNytgO5yGIAU8imMUi6xQujzNqRNs
1SwekavIY2d6Ym87fmMeynCAlTg5jFvm0Owrmtj3zJdoOwns5Bnp8WU81TtpRr22
2nZoCEbCaHTUxK0qR+u6JmaXw4V+e1o2P10IFsruN3Fs5FURKXd+C2A4MLaahYM7
yYuAACYWRUxfvHrK4tOehgL72WTIK8a6hGqejfA6yO4Fz+ciVlNZjR3CHTfmHZ5+
OcyWbpymKkdZu58DuAL683LSRphqwF3QpW2aI5G10NuhoQaW
-----END CERTIFICATE-----