This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/zw3H3DTpeUhcqqHWXtBf0WnIJoM.roa
File:                     zw3H3DTpeUhcqqHWXtBf0WnIJoM.roa (raw, json)
Hash identifier:          6GByi9aIOsCybNHah1sj3rggT+SfOktCNujJlbLQbPg=
Subject key identifier:   CF:0D:C7:DC:34:E9:79:48:5C:AA:A1:D6:5E:D0:5F:D1:69:C8:26:83
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019B7AC82D7B62A840C937FEDB74A994A841
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/zw3H3DTpeUhcqqHWXtBf0WnIJoM.roa
Signing time:             Thu 01 Jan 2026 18:18:17 +0000
ROA not before:           Thu 01 Jan 2026 18:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0b:ec82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:2d:7b:62:a8:40:c9:37:fe:db:74:a9:94:a8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 18:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf0dc7dc34e979485caaa1d65ed05fd169c82683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f5:e5:cb:13:ea:49:50:a5:fc:8e:15:3c:5a:
                    11:bd:09:5a:a3:a4:af:93:78:7f:ab:e8:11:4c:ea:
                    84:d2:7f:08:0d:1d:32:8b:fc:64:9c:2f:60:85:c0:
                    01:ce:a9:f3:b2:0c:96:64:4d:3c:ff:b1:c6:40:53:
                    ba:be:86:9c:f2:5b:07:cd:6e:26:b7:66:90:1a:4f:
                    94:ff:7a:e0:cb:82:81:9b:dd:f8:fb:6f:3c:06:74:
                    74:e6:13:9e:9b:54:85:c8:8c:db:79:63:7c:33:74:
                    90:39:87:b9:f0:9d:45:72:84:36:49:ef:d8:b0:85:
                    db:da:50:87:86:6c:3c:a2:de:6e:2c:50:a5:1c:a0:
                    dd:89:41:9f:74:5f:c2:8c:97:9d:a8:02:d1:a4:85:
                    5d:3e:39:61:da:ae:b2:41:2e:f8:b0:58:eb:af:bd:
                    29:5b:df:de:d4:b3:44:ef:c3:d9:44:1d:bd:41:f5:
                    b1:00:11:9f:4f:e4:bf:11:3b:42:ab:78:32:c4:df:
                    0c:85:7c:41:81:0f:10:19:91:2e:60:b9:b3:19:8f:
                    46:0e:c7:9d:54:06:e1:dd:b5:d1:82:2b:65:98:29:
                    ae:0d:4d:65:d6:f6:5f:b7:be:1c:40:21:ed:e7:31:
                    61:80:50:f2:28:8f:de:dd:18:27:fc:62:94:2c:d2:
                    75:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0D:C7:DC:34:E9:79:48:5C:AA:A1:D6:5E:D0:5F:D1:69:C8:26:83
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/zw3H3DTpeUhcqqHWXtBf0WnIJoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:ec82::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:65:5d:4b:e1:d4:d0:8e:dc:da:02:fb:99:0e:1a:fd:01:13:
         b8:b3:56:49:0f:1d:09:9a:84:14:c2:97:99:fd:5c:c1:10:6c:
         49:7c:07:c4:07:93:89:85:c8:2d:5f:13:77:02:5c:62:7c:01:
         ef:32:33:3b:fc:a2:e1:70:71:8e:2f:4b:6f:b7:9f:be:e8:fd:
         99:c5:ed:8a:cc:2e:b1:dd:de:68:93:36:33:dc:93:b7:d3:af:
         39:11:70:8b:64:89:b6:ec:09:bd:2f:dc:7f:33:68:f0:97:50:
         74:3a:33:da:ec:2b:a4:bd:98:1f:80:02:71:ce:ca:84:b4:b6:
         5e:85:9a:e7:e2:cb:c8:38:fe:17:b1:f5:e1:a0:9f:96:a8:be:
         62:64:27:85:58:c3:22:d5:61:42:14:d9:e6:86:49:26:a1:77:
         61:84:b9:6d:65:9c:50:b6:34:9e:b3:40:f6:e2:8b:e5:1a:df:
         b8:1d:c7:f1:0b:fa:3a:5a:6a:43:a8:cb:81:d2:b8:d9:24:b7:
         b3:61:33:07:fe:c6:e5:27:d6:76:d3:14:cc:44:7d:84:7b:c6:
         8b:4e:dc:ea:b7:88:c9:13:22:03:61:b4:b9:a0:be:7a:c8:bb:
         bf:84:81:f2:2c:51:5b:5b:fa:2e:ae:0b:3c:14:db:de:44:dd:
         42:4b:74:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6yC17YqhAyTf+23SplKhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwMTAxMTgxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjBkYzdkYzM0ZTk3OTQ4NWNhYWExZDY1ZWQwNWZkMTY5YzgyNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/XlyxPqSVCl/I4VPFoRvQlao6Sv
k3h/q+gRTOqE0n8IDR0yi/xknC9ghcABzqnzsgyWZE08/7HGQFO6voac8lsHzW4m
t2aQGk+U/3rgy4KBm934+288BnR05hOem1SFyIzbeWN8M3SQOYe58J1FcoQ2Se/Y
sIXb2lCHhmw8ot5uLFClHKDdiUGfdF/CjJedqALRpIVdPjlh2q6yQS74sFjrr70p
W9/e1LNE78PZRB29QfWxABGfT+S/ETtCq3gyxN8MhXxBgQ8QGZEuYLmzGY9GDsed
VAbh3bXRgitlmCmuDU1l1vZft74cQCHt5zFhgFDyKI/e3Rgn/GKULNJ1hwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM8Nx9w06XlIXKqh1l7QX9FpyCaDMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvenczSDNEVHBlVWhjcXFIV1h0QmYwV25JSm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvsgjAN
BgkqhkiG9w0BAQsFAAOCAQEAdmVdS+HU0I7c2gL7mQ4a/QETuLNWSQ8dCZqEFMKX
mf1cwRBsSXwHxAeTiYXILV8TdwJcYnwB7zIzO/yi4XBxji9Lb7efvuj9mcXtiswu
sd3eaJM2M9yTt9OvORFwi2SJtuwJvS/cfzNo8JdQdDoz2uwrpL2YH4ACcc7KhLS2
XoWa5+LLyDj+F7H14aCflqi+YmQnhVjDItVhQhTZ5oZJJqF3YYS5bWWcULY0nrNA
9uKL5RrfuB3H8Qv6OlpqQ6jLgdK42SS3s2EzB/7G5SfWdtMUzER9hHvGi07c6reI
yRMiA2G0uaC+esi7v4SB8ixRW1v6Lq4LPBTb3kTdQkt0TQ==
-----END CERTIFICATE-----