This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aAZFBvB33TUWy_ospoI-naDrWQ0.roa
File:                     aAZFBvB33TUWy_ospoI-naDrWQ0.roa (raw, json)
Hash identifier:          mnqfAfnAzZcm+i8gU9nPzM9NL+N4WDWsNMnCwwLsscQ=
Subject key identifier:   68:06:45:06:F0:77:DD:35:16:CB:FA:2C:A6:82:3E:9D:A0:EB:59:0D
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019B7EA6C95A37FE81DCBB175D7DBE5E217C
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aAZFBvB33TUWy_ospoI-naDrWQ0.roa
Signing time:             Fri 02 Jan 2026 12:20:18 +0000
ROA not before:           Fri 02 Jan 2026 12:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44103
IP address blocks:        2a0e:46c3:700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:c9:5a:37:fe:81:dc:bb:17:5d:7d:be:5e:21:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  2 12:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68064506f077dd3516cbfa2ca6823e9da0eb590d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8b:74:07:f9:7c:0b:8c:80:2e:04:ad:00:78:
                    af:2d:c8:b6:32:f8:cb:3d:fa:51:2b:58:41:dd:3c:
                    e4:82:8f:3b:49:07:09:a4:8d:c5:62:b9:5f:11:6b:
                    eb:35:d2:41:09:8a:09:c4:e8:c4:8e:13:96:32:f8:
                    4b:10:cb:2c:53:ca:81:f7:5d:ff:e9:ed:d1:dc:6f:
                    98:5b:4a:bc:88:46:e1:dd:b6:99:30:87:36:a0:07:
                    8b:4e:ed:91:1e:23:5b:4a:2d:f1:ef:6b:43:5a:08:
                    ea:68:45:2e:e4:a2:22:0d:14:1f:88:c0:6d:0a:ef:
                    12:c5:c1:55:1e:c2:ff:7e:27:5d:2a:ea:51:55:65:
                    36:94:d2:0c:3c:15:b8:30:f0:10:4e:f8:04:47:07:
                    26:fb:c1:a6:db:ad:99:62:ae:1f:0b:c2:de:cd:1f:
                    61:0b:d8:92:cc:07:23:4a:5d:73:d6:3b:ea:fe:83:
                    8e:c9:65:93:47:35:08:1a:5c:f9:70:90:d9:a1:dd:
                    a6:ad:7e:9f:46:f0:3d:50:d4:b1:6c:5c:ba:a1:aa:
                    1a:f7:64:26:fe:35:6f:94:ef:e7:8c:b7:94:90:6f:
                    c2:9c:0c:7e:4e:d8:71:96:07:b7:da:6e:a4:ff:05:
                    56:b3:33:35:ef:4d:4e:b7:7a:41:a8:f5:db:d2:c4:
                    7b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:06:45:06:F0:77:DD:35:16:CB:FA:2C:A6:82:3E:9D:A0:EB:59:0D
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aAZFBvB33TUWy_ospoI-naDrWQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c3:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:47:a0:2d:f0:cb:d3:e8:bf:57:40:45:a9:46:87:0f:51:7f:
         1d:97:c2:62:99:b9:f3:d4:98:82:ee:bf:8c:78:ce:6e:20:79:
         1f:e6:8f:96:ca:b1:a8:51:2b:24:1a:57:1a:c1:55:9c:dd:00:
         76:07:af:28:29:7f:14:36:54:be:84:89:89:a3:a6:38:73:56:
         bf:9f:5f:1a:bd:aa:23:44:5e:cf:cd:8b:3e:41:58:69:e1:43:
         ef:43:93:f7:c7:0a:ae:18:25:c3:8b:ca:ec:9c:38:74:53:9a:
         18:56:9c:9f:18:75:09:67:49:9f:3e:d7:9c:b9:de:e5:95:53:
         56:a2:10:48:83:9f:b0:bd:55:bc:7e:3b:c3:e1:13:50:e7:7e:
         a0:b9:2c:88:66:7e:f7:97:72:d9:bc:2d:4c:19:93:03:42:92:
         c4:87:06:c2:fb:ae:78:bf:ef:90:4c:be:d7:d0:16:12:b5:5c:
         9a:a6:2b:96:f4:b7:d9:48:31:54:12:cd:ec:fc:0e:95:df:5b:
         a4:c9:18:9a:a7:69:26:99:9f:9f:70:d8:45:fd:39:e0:cf:bf:
         d3:b6:d1:81:f8:bc:a5:9a:b8:c9:24:bc:d6:f4:1f:90:3e:49:
         f3:6c:ab:01:83:10:bc:a6:52:b5:ed:ef:98:21:72:46:c1:53:
         c5:3c:20:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+pslaN/6B3LsXXX2+XiF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMTAyMTIyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA2NDUwNmYwNzdkZDM1MTZjYmZhMmNhNjgyM2U5ZGEwZWI1OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIt0B/l8C4yALgStAHivLci2MvjL
PfpRK1hB3Tzkgo87SQcJpI3FYrlfEWvrNdJBCYoJxOjEjhOWMvhLEMssU8qB913/
6e3R3G+YW0q8iEbh3baZMIc2oAeLTu2RHiNbSi3x72tDWgjqaEUu5KIiDRQfiMBt
Cu8SxcFVHsL/fiddKupRVWU2lNIMPBW4MPAQTvgERwcm+8Gm262ZYq4fC8LezR9h
C9iSzAcjSl1z1jvq/oOOyWWTRzUIGlz5cJDZod2mrX6fRvA9UNSxbFy6oaoa92Qm
/jVvlO/njLeUkG/CnAx+Tthxlge32m6k/wVWszM1701Ot3pBqPXb0sR7jwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGgGRQbwd901Fsv6LKaCPp2g61kNMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYUFaRkJ2QjMzVFVXeV9vc3BvSS1uYURyV1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5Gwwcw
DQYJKoZIhvcNAQELBQADggEBAB5HoC3wy9Pov1dARalGhw9Rfx2XwmKZufPUmILu
v4x4zm4geR/mj5bKsahRKyQaVxrBVZzdAHYHrygpfxQ2VL6EiYmjpjhzVr+fXxq9
qiNEXs/Niz5BWGnhQ+9Dk/fHCq4YJcOLyuycOHRTmhhWnJ8YdQlnSZ8+15y53uWV
U1aiEEiDn7C9Vbx+O8PhE1DnfqC5LIhmfveXctm8LUwZkwNCksSHBsL7rni/75BM
vtfQFhK1XJqmK5b0t9lIMVQSzez8DpXfW6TJGJqnaSaZn59w2EX9OeDPv9O20YH4
vKWauMkkvNb0H5A+SfNsqwGDELymUrXt75ghckbBU8U8IIQ=
-----END CERTIFICATE-----