This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DsnbTq5Pjq6lgXF5EC0nbqiuqQk.roa
File:                     DsnbTq5Pjq6lgXF5EC0nbqiuqQk.roa (raw, json)
Hash identifier:          78yiRFlaYGgO14k6HATZRoEJl+0j6xMktvFJwVtWWW0=
Subject key identifier:   0E:C9:DB:4E:AE:4F:8E:AE:A5:81:71:79:10:2D:27:6E:A8:AE:A9:09
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019B7FF1B8F60763598186C113E0A77E22DA
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DsnbTq5Pjq6lgXF5EC0nbqiuqQk.roa
Signing time:             Fri 02 Jan 2026 18:21:46 +0000
ROA not before:           Fri 02 Jan 2026 18:21:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202747
IP address blocks:        2a03:5840:136::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:b8:f6:07:63:59:81:86:c1:13:e0:a7:7e:22:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 18:21:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ec9db4eae4f8eaea5817179102d276ea8aea909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:58:24:7f:75:de:1d:65:e5:a3:96:ab:29:f5:
                    c2:50:23:fc:6f:fa:d0:ac:ef:3f:dc:eb:62:2f:71:
                    d8:0f:50:56:f2:77:f4:39:19:fc:c9:82:d9:54:5d:
                    4f:48:ad:dd:18:e3:b0:49:77:77:4c:bc:da:b5:59:
                    d5:a7:7a:4c:45:ac:b9:f7:83:3d:08:9a:4f:f9:30:
                    75:58:d3:32:65:66:b0:75:02:f4:c2:b2:e5:84:06:
                    a9:82:73:0a:79:d0:9c:93:37:fe:ad:8b:c2:92:43:
                    bd:36:e2:ac:5f:78:f7:4f:d5:bd:08:49:a4:3f:80:
                    81:1f:48:fb:25:9f:77:c6:99:c0:b2:75:f0:5a:70:
                    96:d7:21:8c:3f:6d:24:a9:d9:61:14:40:1f:a2:c2:
                    0a:b2:d1:74:aa:87:89:e4:fc:40:c3:5c:48:d0:f3:
                    16:46:42:9b:dd:9c:e9:88:41:3a:08:07:c4:d2:b4:
                    b8:e6:42:97:cc:62:d8:05:13:1b:c2:16:fc:a7:1c:
                    57:23:53:d3:8d:ca:5f:5f:80:ef:ea:db:e4:f2:da:
                    ee:55:39:f9:d2:17:05:b3:cd:99:b5:33:cb:45:78:
                    a7:6d:01:1e:88:3c:76:b4:d1:65:0e:a4:f6:1a:e8:
                    a8:75:c7:22:b5:cb:95:ae:64:f8:8e:b3:58:d5:6f:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C9:DB:4E:AE:4F:8E:AE:A5:81:71:79:10:2D:27:6E:A8:AE:A9:09
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DsnbTq5Pjq6lgXF5EC0nbqiuqQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:136::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:fe:d6:fc:1e:9d:50:c6:58:3d:90:97:8a:8d:af:c3:a5:00:
         8e:ca:0b:84:1d:37:3c:2f:31:91:66:fb:ef:27:f7:68:dc:a4:
         80:7a:60:93:b0:6c:a9:2c:c5:5b:c9:93:7f:78:03:ca:43:b8:
         c7:80:b5:ac:4d:f7:c1:d6:7f:39:5f:7b:7c:bb:85:8e:b1:89:
         8b:2b:70:13:a5:c2:05:19:b8:a5:c6:f8:e3:f7:61:20:7c:a4:
         99:fa:f1:34:83:eb:a8:2f:f4:06:f4:6c:4a:f8:99:2c:7f:8c:
         4f:94:7f:33:9b:1d:e3:31:14:c2:02:88:69:f5:89:69:a8:8b:
         45:c1:3f:b4:b7:c9:cd:2c:0f:9f:4b:5e:2a:10:68:c7:4f:1d:
         38:24:08:3f:f6:ad:fd:a1:0d:61:84:10:45:9f:e9:8d:91:30:
         db:20:1a:78:88:81:00:bf:fb:5c:5d:45:36:8d:37:71:85:e8:
         fc:86:67:6e:3a:ee:80:cd:50:83:59:1a:85:49:68:6a:bb:a8:
         ba:6e:23:15:f7:d4:56:8b:b4:2a:7b:49:b2:18:24:54:27:40:
         9b:55:0b:31:51:b7:f5:72:27:50:a0:d1:17:54:25:3e:fb:1a:
         4c:73:20:cf:05:7f:7f:cd:6b:88:91:0d:52:7a:cc:88:db:4f:
         30:69:e6:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8bj2B2NZgYbBE+CnfiLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwMTAyMTgyMTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM5ZGI0ZWFlNGY4ZWFlYTU4MTcxNzkxMDJkMjc2ZWE4YWVhOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1gkf3XeHWXlo5arKfXCUCP8b/rQ
rO8/3OtiL3HYD1BW8nf0ORn8yYLZVF1PSK3dGOOwSXd3TLzatVnVp3pMRay594M9
CJpP+TB1WNMyZWawdQL0wrLlhAapgnMKedCckzf+rYvCkkO9NuKsX3j3T9W9CEmk
P4CBH0j7JZ93xpnAsnXwWnCW1yGMP20kqdlhFEAfosIKstF0qoeJ5PxAw1xI0PMW
RkKb3ZzpiEE6CAfE0rS45kKXzGLYBRMbwhb8pxxXI1PTjcpfX4Dv6tvk8truVTn5
0hcFs82ZtTPLRXinbQEeiDx2tNFlDqT2GuiodccitcuVrmT4jrNY1W/PHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA7J206uT46upYFxeRAtJ26orqkJMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvRHNuYlRxNVBqcTZsZ1hGNUVDMG5icWl1cVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAE2
MA0GCSqGSIb3DQEBCwUAA4IBAQAj/tb8Hp1Qxlg9kJeKja/DpQCOyguEHTc8LzGR
ZvvvJ/do3KSAemCTsGypLMVbyZN/eAPKQ7jHgLWsTffB1n85X3t8u4WOsYmLK3AT
pcIFGbilxvjj92EgfKSZ+vE0g+uoL/QG9GxK+Jksf4xPlH8zmx3jMRTCAohp9Ylp
qItFwT+0t8nNLA+fS14qEGjHTx04JAg/9q39oQ1hhBBFn+mNkTDbIBp4iIEAv/tc
XUU2jTdxhej8hmduOu6AzVCDWRqFSWhqu6i6biMV99RWi7Qqe0myGCRUJ0CbVQsx
Ubf1cidQoNEXVCU++xpMcyDPBX9/zWuIkQ1SesyI208waeZ4
-----END CERTIFICATE-----