This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/kd2XyIAA-MPLC2WR1qBq8uj_YCs.roa
File:                     kd2XyIAA-MPLC2WR1qBq8uj_YCs.roa (raw, json)
Hash identifier:          Pu4TD0igNqCoga7095gS2kWNo5RYGEJpD46HuH2Gwbk=
Subject key identifier:   91:DD:97:C8:80:00:F8:C3:CB:0B:65:91:D6:A0:6A:F2:E8:FF:60:2B
Certificate issuer:       /CN=d3358c3ec71fc19a6ac9846baf4de59836357293
Certificate serial:       019B7B362CD578F75C256BEE7BD6F5FAC260
Authority key identifier: D3:35:8C:3E:C7:1F:C1:9A:6A:C9:84:6B:AF:4D:E5:98:36:35:72:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/kd2XyIAA-MPLC2WR1qBq8uj_YCs.roa
Signing time:             Thu 01 Jan 2026 20:18:26 +0000
ROA not before:           Thu 01 Jan 2026 20:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:c9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:2c:d5:78:f7:5c:25:6b:ee:7b:d6:f5:fa:c2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3358c3ec71fc19a6ac9846baf4de59836357293
        Validity
            Not Before: Jan  1 20:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91dd97c88000f8c3cb0b6591d6a06af2e8ff602b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:87:6a:79:e3:49:e4:a7:e3:29:6f:49:c7:1e:
                    d1:86:e2:f8:74:af:6a:49:12:10:08:2d:2e:ab:8b:
                    5e:e5:bd:8b:65:c3:a9:3f:a7:ea:7a:ba:28:ea:bc:
                    5d:b5:10:f8:c9:be:33:2f:6f:4f:a2:cf:6a:8c:07:
                    60:61:7e:ff:5a:3e:0e:0f:83:90:84:06:61:51:8c:
                    8e:11:a1:72:95:f0:cd:d8:54:36:03:0b:08:55:80:
                    00:f7:9d:69:13:ef:b5:bd:e5:3c:a4:cd:89:6b:f3:
                    4d:f3:f4:72:d6:9e:65:f2:2e:27:6e:b2:3c:19:90:
                    f2:b9:a4:f4:71:6b:5c:db:ff:d3:e5:45:f4:d9:81:
                    89:89:47:35:57:62:a7:2e:b8:bd:ce:cf:e8:4d:e8:
                    2a:f5:64:36:84:ad:4d:28:36:76:ab:01:1c:f8:ee:
                    fb:33:3e:ed:9a:3e:25:9d:50:7f:1b:59:9d:5d:7d:
                    cc:15:22:3b:1c:ab:d7:52:c9:ef:58:83:9c:e0:f0:
                    95:c7:e3:e0:32:d9:aa:e0:f6:ee:d9:e3:75:e1:72:
                    e2:9a:00:55:42:40:40:e1:84:07:a8:ba:de:c1:f1:
                    cd:99:90:78:7d:a3:62:22:69:0f:6f:1f:9c:c0:11:
                    9b:30:7b:d0:35:aa:4a:83:35:ae:c0:b0:a5:6a:9e:
                    5f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DD:97:C8:80:00:F8:C3:CB:0B:65:91:D6:A0:6A:F2:E8:FF:60:2B
            X509v3 Authority Key Identifier:
                keyid:D3:35:8C:3E:C7:1F:C1:9A:6A:C9:84:6B:AF:4D:E5:98:36:35:72:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/kd2XyIAA-MPLC2WR1qBq8uj_YCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:04:b9:ec:54:08:a0:4c:a8:df:25:a1:5d:b7:39:bf:4e:0e:
         fd:14:32:78:33:0e:1c:75:a8:d8:b0:f0:05:48:ae:17:b7:60:
         05:fe:57:77:32:bb:4a:ce:99:76:e5:eb:7d:b8:49:59:34:99:
         2d:6b:9f:8a:f0:2e:6e:a9:05:57:a0:e8:0b:3c:8a:db:90:23:
         99:2c:92:01:93:ca:4d:c7:ed:ad:41:9c:4b:70:24:68:2f:ae:
         1d:7f:7d:72:99:4e:b8:63:de:3c:68:8d:18:3c:f0:53:99:10:
         39:78:65:82:14:37:94:42:51:a2:06:42:4c:96:65:e2:bb:8a:
         45:30:d8:52:f1:06:5d:b6:bc:58:8f:6b:6f:12:ab:5d:80:27:
         4f:97:76:ce:aa:27:db:5a:8e:1b:8f:91:31:cf:4b:cb:b8:05:
         f7:cc:34:9a:d8:0c:8d:b9:ee:8b:88:75:cd:02:da:e0:a1:fe:
         5b:4b:58:dc:5d:c9:79:3e:65:ac:36:17:12:12:83:55:c9:eb:
         d3:31:4e:c5:26:76:42:8a:e2:f9:dd:f5:fd:8b:3b:20:fc:c1:
         7a:5d:9f:7d:fa:db:ef:5d:b4:65:67:b0:8d:bc:39:41:11:25:
         17:b8:d7:d0:23:53:37:2a:0a:a5:f7:42:fd:bd:2a:ad:93:02:
         87:a6:ad:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NizVePdcJWvue9b1+sJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMzU4YzNlYzcxZmMxOWE2YWM5ODQ2YmFmNGRlNTk4MzYz
NTcyOTMwHhcNMjYwMTAxMjAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRkOTdjODgwMDBmOGMzY2IwYjY1OTFkNmEwNmFmMmU4ZmY2MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiodqeeNJ5KfjKW9Jxx7RhuL4dK9q
SRIQCC0uq4te5b2LZcOpP6fqeroo6rxdtRD4yb4zL29Pos9qjAdgYX7/Wj4OD4OQ
hAZhUYyOEaFylfDN2FQ2AwsIVYAA951pE++1veU8pM2Ja/NN8/Ry1p5l8i4nbrI8
GZDyuaT0cWtc2//T5UX02YGJiUc1V2KnLri9zs/oTegq9WQ2hK1NKDZ2qwEc+O77
Mz7tmj4lnVB/G1mdXX3MFSI7HKvXUsnvWIOc4PCVx+PgMtmq4Pbu2eN14XLimgBV
QkBA4YQHqLrewfHNmZB4faNiImkPbx+cwBGbMHvQNapKgzWuwLClap5f0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJHdl8iAAPjDywtlkdagavLo/2ArMB8GA1UdIwQY
MBaAFNM1jD7HH8GaasmEa69N5Zg2NXKTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHpXTVBzY2Z3WnBxeVlScnIwM2xtRFkxY3BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kMDFkNTgtNTQxOC00MjE3LTg5YWUt
MjNhODRlZWRkOTU2LzEva2QyWHlJQUEtTVBMQzJXUjFxQnE4dWpfWUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kMDFkNTgtNTQxOC00MjE3LTg5YWUtMjNhODRlZWRkOTU2
LzEvMHpXTVBzY2Z3WnBxeVlScnIwM2xtRFkxY3BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyc
MA0GCSqGSIb3DQEBCwUAA4IBAQAtBLnsVAigTKjfJaFdtzm/Tg79FDJ4Mw4cdajY
sPAFSK4Xt2AF/ld3MrtKzpl25et9uElZNJkta5+K8C5uqQVXoOgLPIrbkCOZLJIB
k8pNx+2tQZxLcCRoL64df31ymU64Y948aI0YPPBTmRA5eGWCFDeUQlGiBkJMlmXi
u4pFMNhS8QZdtrxYj2tvEqtdgCdPl3bOqifbWo4bj5Exz0vLuAX3zDSa2AyNue6L
iHXNAtrgof5bS1jcXcl5PmWsNhcSEoNVyevTMU7FJnZCiuL53fX9izsg/MF6XZ99
+tvvXbRlZ7CNvDlBESUXuNfQI1M3Kgql90L9vSqtkwKHpq0u
-----END CERTIFICATE-----