This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XX9Xp3095ExMFTX0WPK7cJAVdmE.roa
File:                     XX9Xp3095ExMFTX0WPK7cJAVdmE.roa (raw, json)
Hash identifier:          HmIGtkP42FsVMuN4jz57z34zM6am36Aqnmqoiir6o5s=
Subject key identifier:   5D:7F:57:A7:7D:3D:E4:4C:4C:15:35:F4:58:F2:BB:70:90:15:76:61
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019B7FF1C81F7FCC2C12AC5AAA52AF785F83
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XX9Xp3095ExMFTX0WPK7cJAVdmE.roa
Signing time:             Fri 02 Jan 2026 18:21:50 +0000
ROA not before:           Fri 02 Jan 2026 18:21:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216009
IP address blocks:        2a03:5840:111::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:c8:1f:7f:cc:2c:12:ac:5a:aa:52:af:78:5f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 18:21:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d7f57a77d3de44c4c1535f458f2bb7090157661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:82:33:1f:b8:51:6d:87:a8:1c:2e:0b:1d:89:
                    34:1f:f2:9a:bb:02:04:01:eb:9c:9c:1d:4a:1e:a8:
                    98:1e:04:e8:87:0e:31:2d:cb:21:9c:8c:66:cd:48:
                    e5:d9:49:d0:49:e4:77:d4:92:d3:3e:8d:42:d2:dc:
                    df:ae:b1:06:0d:c3:b4:9e:fc:65:72:93:08:3d:60:
                    8a:ab:f1:eb:95:ce:fb:a3:58:71:15:da:26:4d:4b:
                    ac:dc:27:ce:63:ce:8c:10:11:5b:51:43:f7:7e:c3:
                    bc:35:68:21:08:de:f7:bf:bc:30:f9:1d:c2:79:3a:
                    04:3c:ac:cc:02:09:41:6f:4c:ec:89:a9:3a:07:1c:
                    41:c0:bf:26:c9:69:03:78:db:8f:1d:6b:88:5b:87:
                    af:22:19:11:6d:67:f4:3f:df:65:2c:ed:6d:d0:1a:
                    28:83:8d:d7:1e:93:d1:04:2b:68:1d:b1:d2:2d:21:
                    8c:e8:c3:bc:ec:60:d2:c7:2f:1d:fb:08:8c:02:5d:
                    42:ff:de:05:a7:38:b8:a6:36:63:cf:1c:ee:0e:a3:
                    58:38:de:dd:83:14:09:c6:56:d8:a4:cf:fd:15:35:
                    57:da:26:c1:76:da:ae:d2:b9:ca:14:4e:96:0f:d6:
                    ff:6d:6e:17:c8:51:bf:b4:f7:c6:d7:ba:e1:34:10:
                    bc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7F:57:A7:7D:3D:E4:4C:4C:15:35:F4:58:F2:BB:70:90:15:76:61
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XX9Xp3095ExMFTX0WPK7cJAVdmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:111::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:16:84:44:0e:a0:85:ae:26:27:37:b2:a5:0f:ff:62:76:a1:
         2b:88:9f:d6:66:7e:87:6a:b1:3b:66:3e:d9:30:06:c7:d1:01:
         bb:b1:62:fb:b0:82:10:1b:a0:d1:5a:e9:fe:f7:f1:dd:6a:5a:
         78:7e:e8:64:35:32:d0:9f:13:22:ff:05:60:dd:c5:5b:b9:d6:
         89:d4:4e:a9:28:fe:eb:29:61:bd:7b:25:d0:2c:b4:63:c7:17:
         bc:26:41:3a:7f:c1:d2:bc:14:45:41:c7:9d:27:44:ec:86:f3:
         7f:d9:6e:ca:ca:64:a0:ab:dd:d7:de:2f:2f:ef:8c:e3:2f:94:
         88:67:be:bf:6d:a0:29:7e:4b:e8:31:c6:48:29:b3:8d:af:80:
         e9:3a:b1:18:d0:f8:1f:b5:d6:bf:90:4f:3e:d2:ce:14:aa:98:
         e8:c8:05:be:b8:f3:25:1a:61:e7:a2:eb:63:16:13:30:00:3e:
         b4:2d:83:d6:29:8a:d9:de:0b:7f:00:08:76:58:76:1d:0c:ff:
         3c:c2:a8:e6:09:21:a5:5d:ef:91:e5:fc:b5:cf:86:ed:64:e8:
         99:50:8d:7a:f6:ef:26:8a:f3:f7:3a:e0:d5:3f:27:ca:98:98:
         e3:d3:4f:a2:76:17:27:a0:76:a7:ed:ea:b9:3b:35:61:71:83:
         fa:81:ba:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8cgff8wsEqxaqlKveF+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwMTAyMTgyMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdmNTdhNzdkM2RlNDRjNGMxNTM1ZjQ1OGYyYmI3MDkwMTU3NjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoIzH7hRbYeoHC4LHYk0H/KauwIE
AeucnB1KHqiYHgTohw4xLcshnIxmzUjl2UnQSeR31JLTPo1C0tzfrrEGDcO0nvxl
cpMIPWCKq/Hrlc77o1hxFdomTUus3CfOY86MEBFbUUP3fsO8NWghCN73v7ww+R3C
eToEPKzMAglBb0zsiak6BxxBwL8myWkDeNuPHWuIW4evIhkRbWf0P99lLO1t0Boo
g43XHpPRBCtoHbHSLSGM6MO87GDSxy8d+wiMAl1C/94Fpzi4pjZjzxzuDqNYON7d
gxQJxlbYpM/9FTVX2ibBdtqu0rnKFE6WD9b/bW4XyFG/tPfG17rhNBC8/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF1/V6d9PeRMTBU19Fjyu3CQFXZhMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvWFg5WHAzMDk1RXhNRlRYMFdQSzdjSkFWZG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAER
MA0GCSqGSIb3DQEBCwUAA4IBAQCvFoREDqCFriYnN7KlD/9idqEriJ/WZn6HarE7
Zj7ZMAbH0QG7sWL7sIIQG6DRWun+9/Hdalp4fuhkNTLQnxMi/wVg3cVbudaJ1E6p
KP7rKWG9eyXQLLRjxxe8JkE6f8HSvBRFQcedJ0TshvN/2W7KymSgq93X3i8v74zj
L5SIZ76/baApfkvoMcZIKbONr4DpOrEY0Pgftda/kE8+0s4UqpjoyAW+uPMlGmHn
outjFhMwAD60LYPWKYrZ3gt/AAh2WHYdDP88wqjmCSGlXe+R5fy1z4btZOiZUI16
9u8mivP3OuDVPyfKmJjj00+idhcnoHan7eq5OzVhcYP6gbpw
-----END CERTIFICATE-----
Generated at Fri Jan 23 15:20:44 2026 by rpki-client