This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          nAL9lGSo9gDdUX190YsdIbMR99bH//cK0ZIucEBJDl8=
Subject key identifier:   9C:E1:BE:4B:E9:EC:4A:1D:9A:B7:BF:3A:60:F5:67:E7:62:AE:86:7F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5F79E1997584BFC7C9C881688E595E7599FFD666
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
Signing time:             Wed 19 Nov 2025 21:46:32 +0000
ROA not before:           Wed 19 Nov 2025 21:41:32 +0000
ROA not after:            Wed 18 Nov 2026 21:46:32 +0000
asID:                     0
IP address blocks:        2a06:a000:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:79:e1:99:75:84:bf:c7:c9:c8:81:68:8e:59:5e:75:99:ff:d6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Nov 19 21:41:32 2025 GMT
            Not After : Nov 18 21:46:32 2026 GMT
        Subject: CN=9CE1BE4BE9EC4A1D9AB7BF3A60F567E762AE867F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0c:bd:8c:fd:c4:24:e4:c5:a9:49:ea:b8:68:
                    72:0b:2a:1b:37:bf:5c:91:e1:2f:e5:33:f6:be:89:
                    18:8c:73:e5:15:15:a7:e4:0d:dd:dc:36:aa:5f:b3:
                    bc:d5:61:ad:27:72:b6:91:8b:85:88:b5:a4:34:fa:
                    c1:7f:2a:90:81:bc:d8:da:61:33:8a:b9:50:a8:09:
                    a9:20:18:93:81:aa:61:3d:c7:e1:88:5c:27:92:fb:
                    c4:6b:df:d0:ec:00:c0:99:f9:58:76:8a:41:63:e0:
                    3c:ce:3c:c6:12:5f:01:af:c8:2f:89:c9:58:93:83:
                    fd:f3:83:e4:a9:f7:28:77:7a:40:ce:38:bf:3c:e6:
                    49:0c:b0:16:ba:56:07:1e:d7:74:bf:9e:92:26:8d:
                    fb:96:36:55:c7:dc:f2:e4:cc:24:21:40:e5:39:17:
                    b7:5b:c5:d2:83:9c:3a:8a:ac:7d:da:ff:7b:86:5f:
                    d8:4d:e8:2f:3c:af:e3:43:61:40:5e:c0:88:a2:c6:
                    b9:ff:9b:88:ee:a3:65:ef:13:f0:ff:1d:f6:bf:2f:
                    74:fe:31:59:60:e8:72:60:68:c5:a8:92:21:f5:c1:
                    da:60:3b:d2:5d:6e:f2:84:96:a3:64:69:c0:5b:c5:
                    46:94:ce:16:4c:9b:8a:d3:29:8a:06:6d:31:a8:84:
                    da:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E1:BE:4B:E9:EC:4A:1D:9A:B7:BF:3A:60:F5:67:E7:62:AE:86:7F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:a8:5d:65:81:b3:6d:a2:12:e4:ed:46:f8:45:13:0d:ac:ea:
         1a:0e:f2:bc:1c:f3:7d:4b:e3:44:1e:1a:fe:da:2f:9c:3a:d0:
         85:df:eb:0d:38:d3:40:15:ac:2d:33:dc:d4:ce:1b:fc:cb:6c:
         1f:40:a3:77:de:e8:18:cf:85:17:2f:68:73:82:39:20:31:ee:
         96:85:19:48:a6:37:c6:4d:65:b6:29:a5:63:d4:cc:cc:82:a3:
         d6:11:18:53:e8:df:1f:3e:b6:a6:76:be:33:20:0f:5b:db:a0:
         f3:9b:1b:eb:1b:5a:f7:c3:3d:79:f2:63:8f:77:9e:94:c7:09:
         f7:a8:03:d9:1c:7c:3b:61:72:09:cd:a8:77:13:7b:4d:88:64:
         4d:4b:7c:58:41:55:ee:a3:1a:ee:c0:17:0e:6d:42:d5:64:54:
         5b:dc:c6:87:c1:94:f2:e5:6c:ad:d5:38:0f:0f:fb:2a:3a:90:
         14:80:56:7b:c9:a5:c0:fc:1e:4a:17:90:a5:5e:6a:58:f2:d5:
         69:98:0a:11:d5:50:31:36:6a:88:07:18:f2:cd:04:11:cd:d6:
         5d:30:51:85:a6:53:fc:11:99:e2:c9:65:51:87:90:f5:10:8b:
         0a:8f:ac:e8:69:b7:8b:03:e6:35:b8:c5:00:bf:5a:91:2f:34:
         1f:ce:98:26
-----BEGIN CERTIFICATE-----
MIIE4jCCA8qgAwIBAgIUX3nhmXWEv8fJyIFojlledZn/1mYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTExMTkyMTQxMzJaFw0yNjExMTgyMTQ2MzJaMDMxMTAvBgNV
BAMTKDlDRTFCRTRCRTlFQzRBMUQ5QUI3QkYzQTYwRjU2N0U3NjJBRTg2N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkDL2M/cQk5MWpSeq4aHILKhs3
v1yR4S/lM/a+iRiMc+UVFafkDd3cNqpfs7zVYa0ncraRi4WItaQ0+sF/KpCBvNja
YTOKuVCoCakgGJOBqmE9x+GIXCeS+8Rr39DsAMCZ+Vh2ikFj4DzOPMYSXwGvyC+J
yViTg/3zg+Sp9yh3ekDOOL885kkMsBa6Vgce13S/npImjfuWNlXH3PLkzCQhQOU5
F7dbxdKDnDqKrH3a/3uGX9hN6C88r+NDYUBewIiixrn/m4juo2XvE/D/Hfa/L3T+
MVlg6HJgaMWokiH1wdpgO9JdbvKElqNkacBbxUaUzhZMm4rTKYoGbTGohNofAgMB
AAGjggHsMIIB6DAdBgNVHQ4EFgQUnOG+S+nsSh2at786YPVn52Kuhn8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQS
MBAwDgQCAAIwCAMGACoGoAABMA0GCSqGSIb3DQEBCwUAA4IBAQAOqF1lgbNtohLk
7Ub4RRMNrOoaDvK8HPN9S+NEHhr+2i+cOtCF3+sNONNAFawtM9zUzhv8y2wfQKN3
3ugYz4UXL2hzgjkgMe6WhRlIpjfGTWW2KaVj1MzMgqPWERhT6N8fPramdr4zIA9b
26DzmxvrG1r3wz158mOPd56Uxwn3qAPZHHw7YXIJzah3E3tNiGRNS3xYQVXuoxru
wBcObULVZFRb3MaHwZTy5Wyt1TgPD/sqOpAUgFZ7yaXA/B5KF5ClXmpY8tVpmAoR
1VAxNmqIBxjyzQQRzdZdMFGFplP8EZniyWVRh5D1EIsKj6zoabeLA+Y1uMUAv1qR
LzQfzpgm
-----END CERTIFICATE-----