This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3HcEi9YP54x39lIAO0JFDNGZgYM.roa
File:                     3HcEi9YP54x39lIAO0JFDNGZgYM.roa (raw, json)
Hash identifier:          0iw3MCkheL7gQt6gk7jIDBvAKkDj+wwwtyHN4k6SZ+w=
Subject key identifier:   DC:77:04:8B:D6:0F:E7:8C:77:F6:52:00:3B:42:45:0C:D1:99:81:83
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019B7EA6F1758546F2A0CCD34868F4E49310
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3HcEi9YP54x39lIAO0JFDNGZgYM.roa
Signing time:             Fri 02 Jan 2026 12:20:28 +0000
ROA not before:           Fri 02 Jan 2026 12:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207965
IP address blocks:        2a0c:9a40:8010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:f1:75:85:46:f2:a0:cc:d3:48:68:f4:e4:93:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  2 12:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc77048bd60fe78c77f652003b42450cd1998183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e1:6b:e3:93:43:a5:e2:0c:da:fe:1c:d7:0a:
                    ac:52:65:43:36:ae:11:6e:a1:b5:ea:cc:f5:ce:10:
                    f4:fb:29:7d:c7:ab:00:da:20:3c:37:ef:39:bf:28:
                    e9:02:38:a0:55:1a:5d:1b:c9:c3:72:b5:10:da:0a:
                    0c:52:f7:45:20:82:c6:7c:dd:c5:22:1a:6e:fa:1b:
                    69:aa:c0:60:e2:c5:fa:c3:1f:72:81:d3:a3:15:3c:
                    b6:c2:cd:1f:82:ef:00:78:23:d7:a1:4f:0c:7b:f3:
                    57:69:56:58:99:86:36:8b:f7:79:4d:73:b0:b0:33:
                    88:01:b3:d2:05:1a:79:fe:04:ca:d0:55:8f:b9:15:
                    2e:0a:19:8b:de:24:a1:8b:8b:ab:26:ea:8d:c5:91:
                    52:89:2b:ed:f8:f0:1b:6e:b9:3a:80:d7:fe:bd:41:
                    91:7e:d4:f9:a1:65:e6:5a:89:24:21:74:eb:5e:ef:
                    5d:04:af:cb:14:7d:f5:3a:56:ad:11:c8:6f:2a:0c:
                    b4:10:4f:91:78:1d:84:76:d1:33:d7:2d:5c:ed:98:
                    9d:ca:a1:1b:6c:f4:f7:eb:73:a6:33:68:13:a3:c4:
                    a2:98:b2:7f:2b:b0:3e:42:84:9a:05:e1:10:e8:8b:
                    5a:76:00:da:95:62:97:11:1f:31:e3:14:5a:46:62:
                    b7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:77:04:8B:D6:0F:E7:8C:77:F6:52:00:3B:42:45:0C:D1:99:81:83
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/3HcEi9YP54x39lIAO0JFDNGZgYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8010::/44

    Signature Algorithm: sha256WithRSAEncryption
         44:04:81:99:d5:35:c6:3a:39:50:b7:82:6e:b2:c9:64:f6:fc:
         9c:8b:91:c8:e8:5d:21:2c:f9:35:8d:db:91:ff:42:12:1b:aa:
         06:60:20:01:6e:90:f9:b2:b4:3f:f4:6c:85:2d:17:f1:37:59:
         cc:6c:59:bb:43:ec:25:d7:ed:ee:a3:98:bd:81:e8:d8:35:ee:
         23:a0:36:ad:b3:2d:35:fb:3a:28:00:c4:b2:08:7e:ed:ed:ce:
         36:bd:ad:9e:4f:8e:dd:b3:b7:a6:29:55:a2:53:b9:5e:dc:f9:
         02:c8:fe:a3:8f:17:ae:8b:25:64:ca:42:c0:df:33:b3:59:07:
         be:71:15:5a:4c:f0:b5:56:d2:b1:bc:9f:f4:7d:21:44:e2:d4:
         cf:55:a7:b5:4b:ff:fb:13:fb:3c:5e:62:39:ea:75:05:48:99:
         66:d6:22:61:c1:19:8e:d9:8d:08:d2:e1:ba:f7:03:5f:3f:0f:
         b5:0e:72:f4:4a:16:65:99:d8:67:21:60:ad:87:82:1b:0d:df:
         c6:e9:35:26:f9:63:59:1e:14:98:de:0a:4b:cd:c2:07:1d:7d:
         e1:24:3a:6c:26:a7:95:0f:aa:d3:09:3f:ed:e2:b9:61:23:cd:
         0c:dc:ba:ee:c7:ed:d2:36:63:8e:5a:77:93:3d:64:5c:f8:d8:
         b7:95:14:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pvF1hUbyoMzTSGj05JMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMTAyMTIyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc3MDQ4YmQ2MGZlNzhjNzdmNjUyMDAzYjQyNDUwY2QxOTk4MTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuFr45NDpeIM2v4c1wqsUmVDNq4R
bqG16sz1zhD0+yl9x6sA2iA8N+85vyjpAjigVRpdG8nDcrUQ2goMUvdFIILGfN3F
Ihpu+htpqsBg4sX6wx9ygdOjFTy2ws0fgu8AeCPXoU8Me/NXaVZYmYY2i/d5TXOw
sDOIAbPSBRp5/gTK0FWPuRUuChmL3iShi4urJuqNxZFSiSvt+PAbbrk6gNf+vUGR
ftT5oWXmWokkIXTrXu9dBK/LFH31OlatEchvKgy0EE+ReB2EdtEz1y1c7ZidyqEb
bPT363OmM2gTo8SimLJ/K7A+QoSaBeEQ6ItadgDalWKXER8x4xRaRmK3nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNx3BIvWD+eMd/ZSADtCRQzRmYGDMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvM0hjRWk5WVA1NHgzOWxJQU8wSkZETkdaZ1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBEBIGZ1TXGOjlQt4Jusslk9vyci5HI6F0hLPk1
jduR/0ISG6oGYCABbpD5srQ/9GyFLRfxN1nMbFm7Q+wl1+3uo5i9gejYNe4joDat
sy01+zooAMSyCH7t7c42va2eT47ds7emKVWiU7le3PkCyP6jjxeuiyVkykLA3zOz
WQe+cRVaTPC1VtKxvJ/0fSFE4tTPVae1S//7E/s8XmI56nUFSJlm1iJhwRmO2Y0I
0uG69wNfPw+1DnL0ShZlmdhnIWCth4IbDd/G6TUm+WNZHhSY3gpLzcIHHX3hJDps
JqeVD6rTCT/t4rlhI80M3Lrux+3SNmOOWneTPWRc+Ni3lRTw
-----END CERTIFICATE-----