This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PhY8VpVCs-zI4pzSl1AlpcBUZyA.roa
File:                     PhY8VpVCs-zI4pzSl1AlpcBUZyA.roa (raw, json)
Hash identifier:          0G8y+xYpap3HjnisbsPxH+9qWeTV3B8A8wt6Q+7UoOw=
Subject key identifier:   3E:16:3C:56:95:42:B3:EC:C8:E2:9C:D2:97:50:25:A5:C0:54:67:20
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019B79ED4ACA3209145460A1D20E3B27FAEF
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PhY8VpVCs-zI4pzSl1AlpcBUZyA.roa
Signing time:             Thu 01 Jan 2026 14:19:12 +0000
ROA not before:           Thu 01 Jan 2026 14:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138181
IP address blocks:        2a0f:607:1300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:4a:ca:32:09:14:54:60:a1:d2:0e:3b:27:fa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 14:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e163c569542b3ecc8e29cd2975025a5c0546720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6a:62:f2:b4:f8:81:f4:79:7a:61:e9:f8:b4:
                    0a:46:77:fd:97:6d:f1:ed:0b:86:b6:6d:c0:4a:1e:
                    3b:ce:e9:45:8e:a3:b6:25:72:c4:a8:7f:42:ac:bb:
                    86:3b:a6:94:35:2e:06:25:f6:41:43:e6:6b:8a:95:
                    c0:c1:b9:99:b6:73:a2:38:ed:6b:3c:30:b9:92:cc:
                    50:a6:65:79:ea:6f:52:80:67:b9:b4:a0:1e:88:60:
                    d7:75:e7:db:4e:39:79:85:f8:8d:d8:2e:83:03:50:
                    05:cb:fa:50:bc:c7:4c:60:a8:49:83:fc:15:53:39:
                    06:78:9b:fc:26:49:b5:52:af:76:1a:25:b8:73:88:
                    be:ef:b3:33:c8:0d:8f:c5:40:d9:ff:23:3b:3a:e1:
                    6a:a0:50:b8:0f:28:07:2b:12:10:b2:0a:e5:83:2a:
                    21:7e:8e:94:9c:99:ed:0c:e7:65:2f:35:26:2e:dd:
                    24:08:b6:62:f3:d6:8c:73:21:6e:2d:b5:42:e9:a9:
                    d2:77:cf:c5:dc:43:0f:e7:e9:91:4b:20:41:c1:eb:
                    d7:fa:ec:bf:87:27:89:8e:f4:58:2d:27:e4:4c:74:
                    54:23:f0:11:78:9e:1c:00:75:f8:2b:da:8c:91:16:
                    d9:33:8a:e1:9c:f9:3e:35:0b:be:f2:01:91:65:30:
                    85:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:16:3C:56:95:42:B3:EC:C8:E2:9C:D2:97:50:25:A5:C0:54:67:20
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PhY8VpVCs-zI4pzSl1AlpcBUZyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         8d:8a:3e:69:1b:e6:e7:6a:44:fa:9e:2a:29:48:dc:a1:f2:71:
         63:e5:99:8a:13:f6:43:38:aa:ff:f7:a1:ae:d5:ca:97:60:0a:
         92:ce:c8:71:d2:33:b7:df:3d:e5:d1:5f:bd:4b:da:57:f4:35:
         0b:6c:70:23:e2:6b:2f:5a:5a:8e:c0:26:05:46:75:67:4a:a3:
         c4:6d:a6:26:76:3b:dd:73:0f:c6:bd:12:7b:3e:0e:af:f0:88:
         6b:0b:27:09:8e:da:77:69:a5:d6:c0:da:76:63:37:bb:7d:25:
         62:e6:17:86:a7:8a:51:3f:10:8d:87:e1:db:40:d0:ff:50:9e:
         48:98:8b:1e:c0:18:db:5e:12:8f:b0:c7:26:b8:cf:ae:7b:ae:
         0e:8c:d0:3c:e7:5f:8c:ac:8b:f9:bb:21:e8:96:3a:c7:8b:4a:
         52:a3:12:78:db:6e:85:4d:a6:84:51:96:12:e5:76:72:de:fc:
         51:f1:ff:76:b6:6a:e2:08:05:bd:8e:1f:67:54:35:ff:86:d6:
         59:ac:36:af:0e:81:b4:37:97:f9:5f:b8:c7:d5:88:4d:c6:c1:
         80:80:42:db:ce:e5:1e:4e:18:8b:30:2c:ed:8a:49:f3:b2:eb:
         d0:94:01:ed:f1:74:57:59:2b:95:07:fe:63:67:b7:78:84:3c:
         de:a1:04:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57UrKMgkUVGCh0g47J/rvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjYwMTAxMTQxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTE2M2M1Njk1NDJiM2VjYzhlMjljZDI5NzUwMjVhNWMwNTQ2NzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWpi8rT4gfR5emHp+LQKRnf9l23x
7QuGtm3ASh47zulFjqO2JXLEqH9CrLuGO6aUNS4GJfZBQ+ZripXAwbmZtnOiOO1r
PDC5ksxQpmV56m9SgGe5tKAeiGDXdefbTjl5hfiN2C6DA1AFy/pQvMdMYKhJg/wV
UzkGeJv8Jkm1Uq92GiW4c4i+77MzyA2PxUDZ/yM7OuFqoFC4DygHKxIQsgrlgyoh
fo6UnJntDOdlLzUmLt0kCLZi89aMcyFuLbVC6anSd8/F3EMP5+mRSyBBwevX+uy/
hyeJjvRYLSfkTHRUI/AReJ4cAHX4K9qMkRbZM4rhnPk+NQu+8gGRZTCFSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD4WPFaVQrPsyOKc0pdQJaXAVGcgMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvUGhZOFZwVkNzLXpJNHB6U2wxQWxwY0JVWnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCNij5pG+bnakT6niopSNyh8nFj5ZmKE/ZDOKr/
96Gu1cqXYAqSzshx0jO33z3l0V+9S9pX9DULbHAj4msvWlqOwCYFRnVnSqPEbaYm
djvdcw/GvRJ7Pg6v8IhrCycJjtp3aaXWwNp2Yze7fSVi5heGp4pRPxCNh+HbQND/
UJ5ImIsewBjbXhKPsMcmuM+ue64OjNA851+MrIv5uyHoljrHi0pSoxJ4226FTaaE
UZYS5XZy3vxR8f92tmriCAW9jh9nVDX/htZZrDavDoG0N5f5X7jH1YhNxsGAgELb
zuUeThiLMCztiknzsuvQlAHt8XRXWSuVB/5jZ7d4hDzeoQRl
-----END CERTIFICATE-----