This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tthqH9EsSMyDaxoP_nk4KhsUQnc.roa
File:                     tthqH9EsSMyDaxoP_nk4KhsUQnc.roa (raw, json)
Hash identifier:          GVkxgS8/jAudX2THXNaZS0OR7vF3f0kr7hrABG7ZTc8=
Subject key identifier:   B6:D8:6A:1F:D1:2C:48:CC:83:6B:1A:0F:FE:79:38:2A:1B:14:42:77
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019B7EA713A1E4707BCBE36507AA4D446E73
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tthqH9EsSMyDaxoP_nk4KhsUQnc.roa
Signing time:             Fri 02 Jan 2026 12:20:37 +0000
ROA not before:           Fri 02 Jan 2026 12:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215574
IP address blocks:        2a0c:9a40:88c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:13:a1:e4:70:7b:cb:e3:65:07:aa:4d:44:6e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  2 12:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6d86a1fd12c48cc836b1a0ffe79382a1b144277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:12:aa:03:d8:2d:2d:1a:6c:82:ad:af:15:7c:
                    4a:ee:3d:6f:68:7c:c6:7e:03:1c:ce:08:b4:91:b6:
                    fb:65:7e:f0:41:a7:77:68:74:d7:2e:f2:e7:e2:34:
                    18:5f:c7:e1:b9:33:e9:d5:d2:07:9e:5b:28:88:0a:
                    5e:49:7d:61:30:a9:31:11:e4:cd:01:3b:c4:10:f6:
                    c4:b1:cb:8f:a8:98:6c:0b:27:10:e4:8d:e4:1c:61:
                    ca:37:9e:6b:60:01:ca:cc:14:a8:61:50:a8:fd:4c:
                    de:85:8d:1f:e5:b4:b9:d5:91:82:cb:5a:2c:bd:54:
                    0f:35:4e:2e:a4:28:42:46:76:59:05:cc:18:34:c9:
                    79:fe:f8:79:d6:81:6a:c7:31:c4:58:e0:59:5f:0e:
                    00:13:f0:6d:17:73:ac:f4:79:57:9c:cf:0e:9d:e3:
                    08:08:6e:79:4f:79:78:7c:71:07:1f:a6:a2:98:05:
                    a7:88:71:e8:76:79:06:a5:82:11:9a:83:98:ec:ee:
                    6b:ef:30:28:82:41:12:94:2a:3a:91:2a:9e:72:b7:
                    d8:dc:e4:21:dd:b2:65:9a:f4:78:22:3a:2f:74:b0:
                    4c:a6:7f:1b:e7:bd:a1:bb:2b:88:f6:4b:45:71:5a:
                    1e:de:f2:61:b9:e1:14:2b:fd:67:9d:06:ae:ed:37:
                    e2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D8:6A:1F:D1:2C:48:CC:83:6B:1A:0F:FE:79:38:2A:1B:14:42:77
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tthqH9EsSMyDaxoP_nk4KhsUQnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:88c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:37:ba:49:57:e8:45:2b:2b:43:02:30:9e:dc:27:ba:22:4d:
         7a:c1:e1:c0:67:57:f7:3f:21:e4:84:68:3a:5d:96:11:ef:c5:
         54:95:31:55:94:73:ae:0e:70:e3:88:6b:29:93:48:1a:e3:61:
         27:07:aa:62:9e:72:cf:6a:ac:80:50:14:b2:88:36:fa:74:6a:
         c6:ac:42:1a:92:7b:5c:03:83:3d:da:43:31:e8:8c:99:e2:2e:
         98:e6:7a:56:4c:ed:24:ba:d4:ce:98:e7:c6:e5:e4:a7:8d:02:
         ff:b3:3e:0e:d9:f4:74:f8:3c:a1:5a:ad:71:38:d5:0b:8f:68:
         93:d0:e8:ca:a6:ce:be:01:ac:5b:9b:b9:36:44:ed:71:0a:eb:
         0d:2a:5d:d6:2c:e4:ba:8a:c9:8c:01:a1:df:be:92:4b:c9:6a:
         b5:57:42:2a:f9:fa:db:35:de:e8:9b:ec:23:53:3d:2f:31:37:
         e9:76:97:97:9c:92:e6:1f:3b:d2:f0:bb:dc:61:c8:e1:67:73:
         2e:1c:b5:d9:ce:d5:26:73:a2:ed:ee:71:b9:e2:2c:0b:9a:d3:
         cf:f8:aa:51:9b:db:56:17:b4:be:38:dd:25:4e:96:1d:84:ba:
         26:df:c1:e5:2e:1c:4f:2b:60:0b:41:6c:93:4c:73:83:8f:d0:
         5d:bd:ce:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pxOh5HB7y+NlB6pNRG5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMTAyMTIyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ4NmExZmQxMmM0OGNjODM2YjFhMGZmZTc5MzgyYTFiMTQ0Mjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhKqA9gtLRpsgq2vFXxK7j1vaHzG
fgMczgi0kbb7ZX7wQad3aHTXLvLn4jQYX8fhuTPp1dIHnlsoiApeSX1hMKkxEeTN
ATvEEPbEscuPqJhsCycQ5I3kHGHKN55rYAHKzBSoYVCo/UzehY0f5bS51ZGCy1os
vVQPNU4upChCRnZZBcwYNMl5/vh51oFqxzHEWOBZXw4AE/BtF3Os9HlXnM8OneMI
CG55T3l4fHEHH6aimAWniHHodnkGpYIRmoOY7O5r7zAogkESlCo6kSqecrfY3OQh
3bJlmvR4IjovdLBMpn8b572huyuI9ktFcVoe3vJhueEUK/1nnQau7TfiTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLbYah/RLEjMg2saD/55OCobFEJ3MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdHRocUg5RXNTTXlEYXhvUF9uazRLaHNVUW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIjA
MA0GCSqGSIb3DQEBCwUAA4IBAQA5N7pJV+hFKytDAjCe3Ce6Ik16weHAZ1f3PyHk
hGg6XZYR78VUlTFVlHOuDnDjiGspk0ga42EnB6pinnLPaqyAUBSyiDb6dGrGrEIa
kntcA4M92kMx6IyZ4i6Y5npWTO0kutTOmOfG5eSnjQL/sz4O2fR0+DyhWq1xONUL
j2iT0OjKps6+Aaxbm7k2RO1xCusNKl3WLOS6ismMAaHfvpJLyWq1V0Iq+frbNd7o
m+wjUz0vMTfpdpeXnJLmHzvS8LvcYcjhZ3MuHLXZztUmc6Lt7nG54iwLmtPP+KpR
m9tWF7S+ON0lTpYdhLom38HlLhxPK2ALQWyTTHODj9Bdvc46
-----END CERTIFICATE-----