This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZmEsqklKT0kTqBopkQ2JzAgQ9PY.roa
File:                     ZmEsqklKT0kTqBopkQ2JzAgQ9PY.roa (raw, json)
Hash identifier:          8Q/0/p+3nSnAtn74KGfHmJDNhX0mU3SNduXZ5Dydu4s=
Subject key identifier:   66:61:2C:AA:49:4A:4F:49:13:A8:1A:29:91:0D:89:CC:08:10:F4:F6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019B7D5CC73A1DDE0D3F4715561EEC8645AC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZmEsqklKT0kTqBopkQ2JzAgQ9PY.roa
Signing time:             Fri 02 Jan 2026 06:19:50 +0000
ROA not before:           Fri 02 Jan 2026 06:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138632
IP address blocks:        2a0e:b107:1f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:c7:3a:1d:de:0d:3f:47:15:56:1e:ec:86:45:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 06:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66612caa494a4f4913a81a29910d89cc0810f4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:06:c6:5b:0d:25:43:16:0e:80:27:37:4d:d7:
                    d4:c0:b7:b1:4d:6c:b1:89:17:11:30:36:17:05:b3:
                    0b:69:a0:33:38:e5:84:d9:f3:16:67:5b:de:00:ca:
                    5a:b2:58:f1:0c:9a:e1:d1:6f:53:82:fa:5e:d7:c9:
                    7c:7c:68:b6:6a:b7:57:29:11:4e:91:22:89:4d:7b:
                    b4:21:24:b6:44:b9:98:41:c8:38:5b:b0:47:bf:c4:
                    b8:63:ce:39:e7:3a:7a:9b:10:73:ca:6f:2d:3f:62:
                    09:62:35:b1:4a:df:12:fe:d2:4f:d2:15:9f:47:5e:
                    32:61:f6:d0:fd:5a:ab:56:83:16:ba:0c:d9:22:ba:
                    19:b2:d2:6c:b9:8f:ca:1f:e2:2a:f8:76:e8:1b:96:
                    49:3e:5c:34:64:1d:96:3b:f1:71:17:5b:f4:03:2f:
                    f0:c1:27:4d:87:89:e8:a4:d8:4f:66:d8:43:62:e7:
                    90:2f:aa:69:8d:22:b6:7c:07:4a:e7:02:2a:f3:ad:
                    72:6e:32:89:55:51:7f:ad:8f:70:47:60:96:c3:54:
                    53:51:ba:20:e1:2b:37:ea:db:1c:68:1d:67:55:d0:
                    3d:11:1f:4e:b0:eb:db:53:6d:22:2d:7f:31:10:d4:
                    57:41:16:2f:d5:69:8f:98:f9:18:9f:ee:06:46:12:
                    1b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:61:2C:AA:49:4A:4F:49:13:A8:1A:29:91:0D:89:CC:08:10:F4:F6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZmEsqklKT0kTqBopkQ2JzAgQ9PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:75:23:71:a8:37:ca:9b:74:d0:53:c9:65:4d:1b:47:41:30:
         fd:7a:78:8b:c6:1a:27:76:5f:eb:a0:a1:45:fb:02:cd:64:8e:
         cc:ab:b5:eb:73:92:8e:20:9a:8e:8f:41:12:dc:84:35:d9:0b:
         79:f3:77:cc:d2:9f:81:d8:9e:6e:14:72:89:33:4b:73:67:ff:
         de:d6:0a:2a:f5:4a:6a:bb:c6:1b:b7:d8:8c:4f:63:75:cb:ad:
         7f:05:dc:a0:8d:20:c4:90:c2:c5:3f:9a:53:1f:7f:e2:79:6e:
         5d:f2:fc:7f:4a:29:5f:f7:87:26:04:2d:78:1b:1c:72:96:8a:
         07:0b:36:5e:a8:5a:8c:53:99:2f:66:aa:ed:b8:62:eb:9d:b5:
         e6:ca:4c:a5:ef:14:5e:98:ae:35:c9:b7:ad:19:77:77:a3:38:
         47:6a:5e:76:32:3c:d9:12:5f:9c:4f:33:aa:1f:2d:0b:e6:79:
         61:b9:2e:57:6c:ea:7d:a4:5f:3b:6c:d7:5b:b8:35:6a:7f:fc:
         2f:ef:73:8f:06:69:2f:ea:7c:2d:ac:53:c7:93:75:eb:19:06:
         83:88:49:47:7b:cc:72:e3:93:f5:c0:ab:37:c1:a4:d3:4f:86:
         fd:f7:24:2f:d9:07:90:1d:37:ae:60:99:57:aa:44:be:c9:17:
         00:5e:6b:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XMc6Hd4NP0cVVh7shkWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMTAyMDYxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjYxMmNhYTQ5NGE0ZjQ5MTNhODFhMjk5MTBkODljYzA4MTBmNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QbGWw0lQxYOgCc3TdfUwLexTWyx
iRcRMDYXBbMLaaAzOOWE2fMWZ1veAMpasljxDJrh0W9Tgvpe18l8fGi2ardXKRFO
kSKJTXu0ISS2RLmYQcg4W7BHv8S4Y8455zp6mxBzym8tP2IJYjWxSt8S/tJP0hWf
R14yYfbQ/VqrVoMWugzZIroZstJsuY/KH+Iq+HboG5ZJPlw0ZB2WO/FxF1v0Ay/w
wSdNh4nopNhPZthDYueQL6ppjSK2fAdK5wIq861ybjKJVVF/rY9wR2CWw1RTUbog
4Ss36tscaB1nVdA9ER9OsOvbU20iLX8xENRXQRYv1WmPmPkYn+4GRhIbSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZhLKpJSk9JE6gaKZENicwIEPT2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWm1Fc3FrbEtUMGtUcUJvcGtRMkp6QWdROVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwHw
MA0GCSqGSIb3DQEBCwUAA4IBAQAkdSNxqDfKm3TQU8llTRtHQTD9eniLxhondl/r
oKFF+wLNZI7Mq7Xrc5KOIJqOj0ES3IQ12Qt583fM0p+B2J5uFHKJM0tzZ//e1goq
9Upqu8Ybt9iMT2N1y61/BdygjSDEkMLFP5pTH3/ieW5d8vx/Silf94cmBC14Gxxy
looHCzZeqFqMU5kvZqrtuGLrnbXmykyl7xRemK41ybetGXd3ozhHal52MjzZEl+c
TzOqHy0L5nlhuS5XbOp9pF87bNdbuDVqf/wv73OPBmkv6nwtrFPHk3XrGQaDiElH
e8xy45P1wKs3waTTT4b99yQv2QeQHTeuYJlXqkS+yRcAXmtW
-----END CERTIFICATE-----