This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/ujXjrHSBskkRtzQpgabT3c58RZQ.roa
File:                     ujXjrHSBskkRtzQpgabT3c58RZQ.roa (raw, json)
Hash identifier:          hcJwU6ySjyVPwOkpMUkEEZB++4hAYjO13djZi7l/+iU=
Subject key identifier:   BA:35:E3:AC:74:81:B2:49:11:B7:34:29:81:A6:D3:DD:CE:7C:45:94
Certificate issuer:       /CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
Certificate serial:       019B79ED46872595DA05EEE18E0310E18B41
Authority key identifier: 2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/ujXjrHSBskkRtzQpgabT3c58RZQ.roa
Signing time:             Thu 01 Jan 2026 14:19:11 +0000
ROA not before:           Thu 01 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44283
IP address blocks:        2a13:7300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:46:87:25:95:da:05:ee:e1:8e:03:10:e1:8b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
        Validity
            Not Before: Jan  1 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba35e3ac7481b24911b7342981a6d3ddce7c4594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8c:a2:9f:db:91:56:cb:ad:bd:ca:99:e3:df:
                    09:a1:ae:cc:2d:88:8f:99:16:f3:03:74:cc:cb:61:
                    80:0a:17:5d:aa:f3:56:c9:66:d4:4a:3f:3a:35:21:
                    b4:55:08:78:60:89:bd:a8:5b:98:15:26:bd:80:d7:
                    04:cc:ac:b1:a9:67:c6:0a:9b:b4:21:51:25:ab:b5:
                    76:e2:06:30:98:78:aa:b4:ee:53:00:c9:10:56:18:
                    44:ea:45:48:57:62:94:fe:24:8a:5e:c8:6d:ff:6f:
                    27:ef:f7:89:bd:d0:09:bb:d7:2e:90:ee:cc:dc:12:
                    47:f3:82:fa:cc:0e:0b:31:7b:66:17:f6:1d:3d:75:
                    50:b1:23:10:35:35:6a:fc:74:f0:ec:3f:ff:2a:a0:
                    cb:a7:a2:b4:e7:06:25:5f:78:cf:9a:13:da:25:c3:
                    a2:67:a0:1a:1d:90:b0:d9:be:fd:0d:4f:e1:9a:9c:
                    fd:7f:04:90:bf:e5:9f:35:b2:35:d4:6f:de:72:8a:
                    f5:18:00:79:8f:07:63:d5:a3:dc:d4:93:19:77:f8:
                    70:72:da:23:a6:f4:b7:1c:41:93:a0:b1:f5:3d:e6:
                    6d:c9:78:67:8a:30:ec:72:cb:7d:78:5b:30:ac:1d:
                    8a:29:43:24:e9:0d:02:84:79:92:2f:ac:80:83:60:
                    aa:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:35:E3:AC:74:81:B2:49:11:B7:34:29:81:A6:D3:DD:CE:7C:45:94
            X509v3 Authority Key Identifier:
                keyid:2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/ujXjrHSBskkRtzQpgabT3c58RZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7300::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:49:a3:77:1b:d1:57:27:30:ea:5e:43:3d:c9:ab:67:5d:92:
         da:5e:fd:a7:e0:61:81:22:64:a4:02:8e:82:5b:53:71:08:e6:
         d0:4e:b8:18:5d:2c:d1:61:d5:b6:f6:b7:b0:ca:96:73:6b:30:
         d3:3e:3d:a2:07:05:be:ae:82:e4:f6:7b:1a:dc:92:2d:f4:25:
         a1:80:01:1f:cb:65:c3:b7:2b:05:d2:7c:9d:99:88:a2:f6:39:
         5c:64:e9:0e:48:c1:4d:b0:63:3d:99:96:d5:30:8d:ad:ee:fa:
         0a:f5:28:ff:ba:e1:89:92:93:d2:4c:fe:7e:5e:73:1b:4a:83:
         38:46:ea:77:7b:1b:fc:97:cc:e0:45:e3:d7:68:df:a5:32:f1:
         8c:80:d3:78:7f:77:60:1d:dc:6c:e9:10:0d:96:12:78:cb:55:
         3f:6b:fb:9c:97:43:9e:22:14:75:f0:63:73:f3:83:b4:24:f7:
         7c:3f:d6:8d:48:88:7b:16:c3:3b:18:94:55:f1:c5:92:9d:3c:
         40:50:3e:d0:0d:81:a2:45:67:db:fd:15:52:bd:d1:fc:33:3d:
         c0:cd:56:f5:2e:01:f4:f8:1a:49:b0:60:64:5e:59:4d:48:ec:
         90:98:fc:b6:a7:f2:6c:d8:4e:97:a2:e2:0d:0c:71:36:ae:a0:
         1a:cf:b0:d6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt57UaHJZXaBe7hjgMQ4YtBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNzhjZGNhMTYxNmMzYzZiNWYxOTFmYzMzYTkzNDc4OWIx
MmMwNjkwHhcNMjYwMTAxMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTM1ZTNhYzc0ODFiMjQ5MTFiNzM0Mjk4MWE2ZDNkZGNlN2M0NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIyin9uRVsutvcqZ498Joa7MLYiP
mRbzA3TMy2GAChddqvNWyWbUSj86NSG0VQh4YIm9qFuYFSa9gNcEzKyxqWfGCpu0
IVElq7V24gYwmHiqtO5TAMkQVhhE6kVIV2KU/iSKXsht/28n7/eJvdAJu9cukO7M
3BJH84L6zA4LMXtmF/YdPXVQsSMQNTVq/HTw7D//KqDLp6K05wYlX3jPmhPaJcOi
Z6AaHZCw2b79DU/hmpz9fwSQv+WfNbI11G/ecor1GAB5jwdj1aPc1JMZd/hwctoj
pvS3HEGToLH1PeZtyXhnijDscst9eFswrB2KKUMk6Q0ChHmSL6yAg2CqHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLo146x0gbJJEbc0KYGm093OfEWUMB8GA1UdIwQY
MBaAFCt4zcoWFsPGtfGR/DOpNHibEsBpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEt
M2VhYTAzNGE4OTc4LzEvdWpYanJIU0Jza2tSdHpRcGdhYlQzYzU4UlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEtM2VhYTAzNGE4OTc4
LzEvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNzADAN
BgkqhkiG9w0BAQsFAAOCAQEAI0mjdxvRVycw6l5DPcmrZ12S2l79p+BhgSJkpAKO
gltTcQjm0E64GF0s0WHVtva3sMqWc2sw0z49ogcFvq6C5PZ7GtySLfQloYABH8tl
w7crBdJ8nZmIovY5XGTpDkjBTbBjPZmW1TCNre76CvUo/7rhiZKT0kz+fl5zG0qD
OEbqd3sb/JfM4EXj12jfpTLxjIDTeH93YB3cbOkQDZYSeMtVP2v7nJdDniIUdfBj
c/ODtCT3fD/WjUiIexbDOxiUVfHFkp08QFA+0A2BokVn2/0VUr3R/DM9wM1W9S4B
9PgaSbBgZF5ZTUjskJj8tqfybNhOl6LiDQxxNq6gGs+w1g==
-----END CERTIFICATE-----