This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bFQvECMXh4iX11X7N7imS-tiT28.roa
File:                     bFQvECMXh4iX11X7N7imS-tiT28.roa (raw, json)
Hash identifier:          F7bjZzCSrJIZAcbDUn/AX+8h+EB+SwXSctki+KNNrHo=
Subject key identifier:   6C:54:2F:10:23:17:87:88:97:D7:55:FB:37:B8:A6:4B:EB:62:4F:6F
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019B7EA6FA9B84891C96C9A61FA54CC358EF
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bFQvECMXh4iX11X7N7imS-tiT28.roa
Signing time:             Fri 02 Jan 2026 12:20:30 +0000
ROA not before:           Fri 02 Jan 2026 12:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210633
IP address blocks:        2a0c:9a40:8170::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:fa:9b:84:89:1c:96:c9:a6:1f:a5:4c:c3:58:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  2 12:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c542f102317878897d755fb37b8a64beb624f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3d:20:c1:14:57:58:12:6e:01:12:ec:35:b0:
                    4b:0f:d2:78:ce:89:88:96:20:9b:08:c3:1d:f0:fe:
                    19:ba:21:46:4b:ed:a5:2b:a8:55:a1:d7:8d:e6:ab:
                    74:06:64:3b:05:a7:ab:a0:e8:8c:59:8e:89:45:35:
                    b2:ee:db:78:ad:fd:39:4c:67:f7:c3:58:4b:bc:92:
                    0e:79:04:0d:4a:d9:ca:7e:6e:6e:28:f6:a9:d5:f7:
                    7a:cd:a1:6c:12:54:5d:7a:9c:ef:cf:7b:fc:52:d7:
                    79:02:1f:83:24:0f:47:0b:b7:f4:87:5a:ce:ae:72:
                    aa:e1:bc:56:32:9f:47:64:4b:0e:88:a1:b4:6e:50:
                    4a:2b:e2:3a:a7:cd:55:94:e2:5b:b9:3c:f5:51:c6:
                    cc:c8:7d:15:6f:1b:f3:d0:ae:13:28:10:03:fe:15:
                    43:23:fd:10:2c:36:fa:da:ef:7e:f1:e4:d8:75:6b:
                    09:3d:d9:46:3d:ee:38:93:90:86:66:7f:58:92:b0:
                    84:14:3b:61:31:7e:fd:8a:f7:e4:86:8f:d7:b5:f6:
                    fc:f5:5f:28:02:74:1b:1d:83:55:57:44:30:0c:aa:
                    1c:49:72:44:a5:c6:1b:ea:cc:cf:59:46:d4:f2:12:
                    64:91:a4:2b:25:9d:da:4d:19:8b:23:1c:a1:b7:54:
                    a5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:54:2F:10:23:17:87:88:97:D7:55:FB:37:B8:A6:4B:EB:62:4F:6F
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/bFQvECMXh4iX11X7N7imS-tiT28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8170::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:5a:a9:94:96:a9:f8:b1:3a:b4:93:2d:0e:77:dd:0e:0e:7e:
         c1:43:e8:73:42:0a:f4:4e:6b:66:a7:dc:fe:7d:a1:b6:65:82:
         b3:6c:5c:0a:6c:b7:75:8c:9c:37:97:12:44:21:e2:e3:17:82:
         3d:10:98:85:5d:7f:8c:1b:39:5b:91:d2:89:8b:41:4a:7a:0b:
         cf:11:4a:a7:af:3e:c9:4a:79:93:8e:30:62:22:8d:8e:b5:c2:
         7e:0e:d0:94:25:fd:96:9a:f3:7c:dd:98:67:69:76:53:53:c4:
         e6:4f:d4:63:91:85:3b:97:bb:b9:32:90:9b:f4:40:ad:1a:05:
         cf:d9:2c:d7:c5:a5:49:df:13:15:76:e8:52:2d:8b:38:6f:63:
         07:e3:a6:b9:80:9c:9b:d6:75:26:2d:b7:9e:f2:77:8e:3e:7c:
         20:1d:61:56:bf:67:6e:52:5c:73:8f:8d:8d:dc:75:ae:2c:6b:
         02:c7:7a:c3:4b:ae:7d:0c:c8:09:8f:41:ce:2b:c3:3d:c2:e1:
         86:3d:3c:14:9b:4b:f7:a5:0c:ac:c9:e4:f2:46:ba:a8:20:b4:
         f7:78:6d:c9:e5:4e:32:ac:22:11:51:3e:eb:52:76:0b:66:85:
         7d:9d:4b:1f:16:25:58:07:d3:1d:de:af:e0:5b:ca:3a:67:6b:
         82:81:ce:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pvqbhIkclsmmH6VMw1jvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMTAyMTIyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzU0MmYxMDIzMTc4Nzg4OTdkNzU1ZmIzN2I4YTY0YmViNjI0ZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT0gwRRXWBJuARLsNbBLD9J4zomI
liCbCMMd8P4ZuiFGS+2lK6hVodeN5qt0BmQ7BaeroOiMWY6JRTWy7tt4rf05TGf3
w1hLvJIOeQQNStnKfm5uKPap1fd6zaFsElRdepzvz3v8Utd5Ah+DJA9HC7f0h1rO
rnKq4bxWMp9HZEsOiKG0blBKK+I6p81VlOJbuTz1UcbMyH0Vbxvz0K4TKBAD/hVD
I/0QLDb62u9+8eTYdWsJPdlGPe44k5CGZn9YkrCEFDthMX79ivfkho/Xtfb89V8o
AnQbHYNVV0QwDKocSXJEpcYb6szPWUbU8hJkkaQrJZ3aTRmLIxyht1SlNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGxULxAjF4eIl9dV+ze4pkvrYk9vMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYkZRdkVDTVhoNGlYMTFYN043aW1TLXRpVDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIFw
MA0GCSqGSIb3DQEBCwUAA4IBAQC8WqmUlqn4sTq0ky0Od90ODn7BQ+hzQgr0Tmtm
p9z+faG2ZYKzbFwKbLd1jJw3lxJEIeLjF4I9EJiFXX+MGzlbkdKJi0FKegvPEUqn
rz7JSnmTjjBiIo2OtcJ+DtCUJf2WmvN83ZhnaXZTU8TmT9RjkYU7l7u5MpCb9ECt
GgXP2SzXxaVJ3xMVduhSLYs4b2MH46a5gJyb1nUmLbee8neOPnwgHWFWv2duUlxz
j42N3HWuLGsCx3rDS659DMgJj0HOK8M9wuGGPTwUm0v3pQysyeTyRrqoILT3eG3J
5U4yrCIRUT7rUnYLZoV9nUsfFiVYB9Md3q/gW8o6Z2uCgc6+
-----END CERTIFICATE-----