This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/i_fytzvyxwG53KWVE9QAYKkho0Y.roa
File:                     i_fytzvyxwG53KWVE9QAYKkho0Y.roa (raw, json)
Hash identifier:          5GkZyytH7JdVjBbsZ02ixFMBkgHMmde3+fzDOBq+r/s=
Subject key identifier:   8B:F7:F2:B7:3B:F2:C7:01:B9:DC:A5:95:13:D4:00:60:A9:21:A3:46
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       019B7FF206184D416BFBE73D67D25C18C5A5
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/i_fytzvyxwG53KWVE9QAYKkho0Y.roa
Signing time:             Fri 02 Jan 2026 18:22:06 +0000
ROA not before:           Fri 02 Jan 2026 18:22:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     131631
IP address blocks:        2a13:d040:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:06:18:4d:41:6b:fb:e7:3d:67:d2:5c:18:c5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Jan  2 18:22:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bf7f2b73bf2c701b9dca59513d40060a921a346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:11:ea:6d:5a:1e:81:51:4a:09:b2:83:ce:4b:
                    a4:a6:68:1f:83:d2:ed:a5:11:c0:8e:63:28:3b:d0:
                    c7:ae:9b:bd:ac:27:e0:59:eb:6e:15:d4:b5:c9:4a:
                    5e:99:b1:df:c1:8a:40:03:8b:d5:7c:6f:31:39:18:
                    a8:08:86:73:5d:31:5e:17:10:24:60:cb:d7:1d:19:
                    1d:91:0b:8f:31:7a:94:ed:dc:36:1e:d1:bc:d7:37:
                    6d:ba:29:58:2d:3c:1b:58:18:69:23:1d:e5:be:0e:
                    01:24:d8:20:ab:3e:72:a6:dc:f2:9d:68:79:af:4e:
                    8d:0c:11:9f:f0:24:cf:49:a0:01:a3:9f:ab:d7:ce:
                    df:21:da:36:63:76:de:65:83:f8:ee:7e:da:e9:15:
                    4a:fc:39:17:ac:f5:60:b2:d2:29:2b:7d:7d:8e:94:
                    d4:9e:81:ae:a6:36:de:2f:09:fc:e4:12:1d:c3:fc:
                    26:fa:49:e1:04:de:20:25:65:7a:81:6d:8c:66:f4:
                    17:cd:ad:65:a1:18:e3:4d:b1:07:f8:22:1b:7f:d4:
                    cb:26:80:aa:8d:55:21:c9:7e:15:cc:14:ce:43:54:
                    32:fe:95:5d:3c:23:53:32:60:d8:7b:fe:c4:b0:bb:
                    62:58:4d:40:a2:46:f0:dd:c6:00:ba:1a:41:da:e6:
                    03:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F7:F2:B7:3B:F2:C7:01:B9:DC:A5:95:13:D4:00:60:A9:21:A3:46
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/i_fytzvyxwG53KWVE9QAYKkho0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:3d:7d:a7:b1:83:d7:6d:02:7e:41:49:83:2a:e1:ca:60:7f:
         f7:55:82:64:d1:2e:49:cb:25:7b:21:b7:88:78:f6:8f:b5:81:
         17:8e:2a:2e:39:76:b1:95:3e:5a:be:52:83:d5:a8:43:0f:29:
         c4:e9:12:f3:35:2b:a9:77:f6:f3:72:81:65:ed:b5:ac:eb:f3:
         92:6f:70:5d:ee:10:36:87:79:b2:b0:9a:d4:70:9b:9f:a0:43:
         ec:69:97:dd:3f:7b:bf:8a:88:f7:6e:c8:94:73:c4:9b:b1:3a:
         40:b9:20:e9:42:be:d4:1e:b7:fa:ee:28:24:9a:7a:17:bd:af:
         53:89:45:b8:2a:5a:e5:cf:86:10:66:e8:bc:43:c6:6e:74:2e:
         ed:31:a8:17:24:56:02:f8:f7:32:ca:5a:c8:bb:06:0f:da:68:
         27:a1:d8:9c:00:bd:a9:eb:c2:de:bf:1f:76:d1:48:c2:c6:4a:
         fa:19:20:31:12:69:2e:47:b9:5a:7c:8a:48:39:d8:93:9f:c6:
         e5:96:da:48:04:c1:83:e6:d2:9f:94:1f:1b:8a:d7:b1:91:29:
         c9:42:21:57:f5:fb:97:c9:b4:0f:c9:4e:88:41:9b:a1:8a:22:
         4a:39:61:b2:fb:f6:5c:a0:99:ee:d0:a1:66:5d:cd:dd:3e:89:
         ad:28:64:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8gYYTUFr++c9Z9JcGMWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjYwMTAyMTgyMjA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY3ZjJiNzNiZjJjNzAxYjlkY2E1OTUxM2Q0MDA2MGE5MjFhMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RHqbVoegVFKCbKDzkukpmgfg9Lt
pRHAjmMoO9DHrpu9rCfgWetuFdS1yUpembHfwYpAA4vVfG8xORioCIZzXTFeFxAk
YMvXHRkdkQuPMXqU7dw2HtG81zdtuilYLTwbWBhpIx3lvg4BJNggqz5yptzynWh5
r06NDBGf8CTPSaABo5+r187fIdo2Y3beZYP47n7a6RVK/DkXrPVgstIpK319jpTU
noGupjbeLwn85BIdw/wm+knhBN4gJWV6gW2MZvQXza1loRjjTbEH+CIbf9TLJoCq
jVUhyX4VzBTOQ1Qy/pVdPCNTMmDYe/7EsLtiWE1Aokbw3cYAuhpB2uYDTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIv38rc78scBudyllRPUAGCpIaNGMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvaV9meXR6dnl4d0c1M0tXVkU5UUFZS2tobzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPQQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCOPX2nsYPXbQJ+QUmDKuHKYH/3VYJk0S5JyyV7
IbeIePaPtYEXjiouOXaxlT5avlKD1ahDDynE6RLzNSupd/bzcoFl7bWs6/OSb3Bd
7hA2h3mysJrUcJufoEPsaZfdP3u/ioj3bsiUc8SbsTpAuSDpQr7UHrf67igkmnoX
va9TiUW4Klrlz4YQZui8Q8ZudC7tMagXJFYC+PcyylrIuwYP2mgnodicAL2p68Le
vx920UjCxkr6GSAxEmkuR7lafIpIOdiTn8blltpIBMGD5tKflB8bitexkSnJQiFX
9fuXybQPyU6IQZuhiiJKOWGy+/ZcoJnu0KFmXc3dPomtKGQS
-----END CERTIFICATE-----