This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y1OMIxkXJrvMhItcpsB6ZaRauGE.roa
File:                     Y1OMIxkXJrvMhItcpsB6ZaRauGE.roa (raw, json)
Hash identifier:          nR0JpFQFbz7bh4jT2eomGOeCYKnUB5v4/GBk+24NYXw=
Subject key identifier:   63:53:8C:23:19:17:26:BB:CC:84:8B:5C:A6:C0:7A:65:A4:5A:B8:61
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019B79ED4DFA3EBE443C1EFAEB95E154F764
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y1OMIxkXJrvMhItcpsB6ZaRauGE.roa
Signing time:             Thu 01 Jan 2026 14:19:13 +0000
ROA not before:           Thu 01 Jan 2026 14:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212279
IP address blocks:        2a0f:607:1100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:4d:fa:3e:be:44:3c:1e:fa:eb:95:e1:54:f7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 14:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63538c23191726bbcc848b5ca6c07a65a45ab861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:35:86:e8:6f:7c:b9:77:2e:25:9a:f7:de:d5:
                    2d:59:37:94:e1:0e:1e:e3:1d:48:7c:df:1b:8b:72:
                    79:67:63:ca:fb:79:30:52:04:26:de:94:33:64:38:
                    a5:ef:ff:9f:9b:71:1c:a9:f9:71:f4:7e:fa:b4:aa:
                    5d:75:67:e0:1c:2b:7a:78:a8:51:1a:63:30:e6:b9:
                    40:d7:3e:65:51:41:70:c3:d8:1b:ff:dc:27:04:f7:
                    6d:6c:ea:20:f4:7b:78:67:ea:88:10:41:73:cf:78:
                    de:bc:70:37:46:4c:68:7f:e4:38:2c:15:c9:1e:cb:
                    db:24:7e:05:4b:0c:d6:91:cc:be:3c:ea:e0:87:53:
                    8b:22:8b:08:97:7a:db:ac:ce:4a:8e:ca:c6:cd:92:
                    85:5c:4b:5a:c2:85:44:77:f7:35:e0:1c:1c:e4:75:
                    e1:58:e4:24:d4:57:1b:e7:b7:ad:04:9b:28:a6:7e:
                    cc:8b:b0:29:8c:db:8a:78:39:33:10:a7:95:72:e6:
                    cf:82:f9:16:32:fe:10:54:b8:2e:66:51:36:e2:03:
                    4b:11:72:61:a5:ee:8f:bb:14:0c:8e:0a:30:f1:77:
                    7a:87:22:ec:f9:69:bc:83:42:38:59:b1:ca:b7:d7:
                    fe:41:be:02:ff:78:03:ff:fa:b1:6c:5e:c7:3f:79:
                    f0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:53:8C:23:19:17:26:BB:CC:84:8B:5C:A6:C0:7A:65:A4:5A:B8:61
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y1OMIxkXJrvMhItcpsB6ZaRauGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:62:a6:00:b1:4e:3a:26:ed:18:a6:61:bc:8d:e2:10:d4:78:
         33:73:f3:d6:be:47:6f:eb:33:61:bd:88:db:c5:66:42:af:dc:
         68:5f:11:7b:b6:ea:60:d8:50:bd:5c:ac:e9:9f:b8:37:7f:5b:
         13:8b:ef:f7:2f:c3:ed:74:33:0e:22:b2:95:e2:a2:79:ef:69:
         38:e6:c8:7d:9e:85:67:57:c5:3b:9d:d5:45:38:0b:4c:5a:5f:
         01:c7:8d:fc:19:b7:46:04:da:0b:00:54:eb:92:0d:1b:d0:7e:
         05:ea:b0:cc:53:0f:ae:9b:76:e3:48:0e:2a:bb:c5:05:8c:19:
         c9:be:99:8f:05:0e:79:5b:9d:ca:ad:ac:fa:72:99:0e:c1:30:
         36:61:68:62:1b:80:3c:b7:42:19:e1:46:00:11:d6:a4:ff:44:
         34:ee:78:3b:e9:69:bd:94:f4:5e:e1:93:d5:ce:89:2d:71:da:
         b1:fb:60:26:42:3d:9b:2b:a9:9d:60:72:86:87:79:dc:27:8b:
         0e:8d:41:19:92:8c:e6:b5:d9:df:96:b1:5f:13:3f:71:5a:a6:
         3c:eb:36:2e:14:19:31:62:10:ad:86:a0:cc:c5:8a:9c:54:82:
         57:b4:11:89:2b:78:a6:2c:3c:ad:e7:00:f7:27:0f:c3:23:ce:
         62:7f:75:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57U36Pr5EPB7665XhVPdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjYwMTAxMTQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzUzOGMyMzE5MTcyNmJiY2M4NDhiNWNhNmMwN2E2NWE0NWFiODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TWG6G98uXcuJZr33tUtWTeU4Q4e
4x1IfN8bi3J5Z2PK+3kwUgQm3pQzZDil7/+fm3Ecqflx9H76tKpddWfgHCt6eKhR
GmMw5rlA1z5lUUFww9gb/9wnBPdtbOog9Ht4Z+qIEEFzz3jevHA3Rkxof+Q4LBXJ
HsvbJH4FSwzWkcy+POrgh1OLIosIl3rbrM5KjsrGzZKFXEtawoVEd/c14Bwc5HXh
WOQk1Fcb57etBJsopn7Mi7ApjNuKeDkzEKeVcubPgvkWMv4QVLguZlE24gNLEXJh
pe6PuxQMjgow8Xd6hyLs+Wm8g0I4WbHKt9f+Qb4C/3gD//qxbF7HP3nwSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGNTjCMZFya7zISLXKbAemWkWrhhMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvWTFPTUl4a1hKcnZNaEl0Y3BzQjZaYVJhdUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAUYqYAsU46Ju0YpmG8jeIQ1Hgzc/PWvkdv6zNh
vYjbxWZCr9xoXxF7tupg2FC9XKzpn7g3f1sTi+/3L8PtdDMOIrKV4qJ572k45sh9
noVnV8U7ndVFOAtMWl8Bx438GbdGBNoLAFTrkg0b0H4F6rDMUw+um3bjSA4qu8UF
jBnJvpmPBQ55W53Kraz6cpkOwTA2YWhiG4A8t0IZ4UYAEdak/0Q07ng76Wm9lPRe
4ZPVzoktcdqx+2AmQj2bK6mdYHKGh3ncJ4sOjUEZkozmtdnflrFfEz9xWqY86zYu
FBkxYhCthqDMxYqcVIJXtBGJK3imLDyt5wD3Jw/DI85if3V/
-----END CERTIFICATE-----