This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/bFYiDJKsGB0ZympkJZ5TjPDffcs.roa
File:                     bFYiDJKsGB0ZympkJZ5TjPDffcs.roa (raw, json)
Hash identifier:          0Z23FXjNdERF8k8I3emVp0R5JdsnHYRyYZTMKy2BSlY=
Subject key identifier:   6C:56:22:0C:92:AC:18:1D:19:CA:6A:64:25:9E:53:8C:F0:DF:7D:CB
Certificate issuer:       /CN=9b744da79f0531a73ad6f4baf0837e93eb6801b1
Certificate serial:       019B77C6FEADB1AB1D03A07A6E31573AAEE2
Authority key identifier: 9B:74:4D:A7:9F:05:31:A7:3A:D6:F4:BA:F0:83:7E:93:EB:68:01:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m3RNp58FMac61vS68IN-k-toAbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/bFYiDJKsGB0ZympkJZ5TjPDffcs.roa
Signing time:             Thu 01 Jan 2026 04:18:08 +0000
ROA not before:           Thu 01 Jan 2026 04:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139317
IP address blocks:        2a0a:d680::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/m3RNp58FMac61vS68IN-k-toAbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/m3RNp58FMac61vS68IN-k-toAbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m3RNp58FMac61vS68IN-k-toAbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:fe:ad:b1:ab:1d:03:a0:7a:6e:31:57:3a:ae:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b744da79f0531a73ad6f4baf0837e93eb6801b1
        Validity
            Not Before: Jan  1 04:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c56220c92ac181d19ca6a64259e538cf0df7dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1a:00:7f:1d:2b:a6:c2:c2:42:11:7d:6d:57:
                    92:db:17:75:e6:aa:ee:0e:d6:b0:9d:b4:f5:eb:bf:
                    25:07:84:de:00:2d:8f:df:4a:41:cb:ca:4c:31:dd:
                    68:40:c9:6a:b1:39:f4:1c:68:36:c2:01:c6:66:aa:
                    56:34:1b:db:f1:2b:66:ed:30:4b:9f:91:5f:a6:57:
                    87:90:5b:e4:7b:05:9a:fa:bb:4b:95:a5:34:e2:1e:
                    19:8e:c9:58:61:34:fd:8d:4d:b2:0d:0e:c3:d8:8e:
                    7f:94:1b:5d:57:52:eb:ce:b9:19:2a:58:bd:07:e4:
                    e2:cb:ec:6a:46:c3:51:01:02:f5:30:5f:c0:14:47:
                    87:aa:1b:6e:33:ab:47:a2:fb:87:40:68:08:c5:99:
                    f9:fe:a9:7f:d4:ba:47:e6:1b:1a:a4:a4:0a:c5:fd:
                    68:31:b7:29:28:e6:29:47:b5:76:89:7c:1e:30:0a:
                    c1:4b:73:29:57:81:ad:c7:e7:e5:92:70:4f:e7:7a:
                    08:69:a7:31:a1:f1:88:f7:42:26:a6:1c:b3:36:37:
                    00:61:3c:9e:8d:a3:25:b9:01:80:49:27:99:4e:0e:
                    38:5c:5f:8f:3b:3b:dc:63:b2:0f:58:20:d3:65:d5:
                    2f:1a:79:bb:58:b4:dd:c5:d4:2f:db:4e:06:cc:88:
                    8a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:56:22:0C:92:AC:18:1D:19:CA:6A:64:25:9E:53:8C:F0:DF:7D:CB
            X509v3 Authority Key Identifier:
                keyid:9B:74:4D:A7:9F:05:31:A7:3A:D6:F4:BA:F0:83:7E:93:EB:68:01:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m3RNp58FMac61vS68IN-k-toAbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/bFYiDJKsGB0ZympkJZ5TjPDffcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3b1742-3075-4cc9-8e8e-92ab80e2efd5/1/m3RNp58FMac61vS68IN-k-toAbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:05:d1:3f:92:33:3b:7f:72:2e:82:f0:fd:21:18:85:8e:e5:
         32:4f:c5:56:0c:fe:7f:b5:45:11:6d:cf:16:ca:bc:a2:0f:0c:
         0a:19:3b:03:8e:58:bf:a7:af:ec:b7:62:60:9a:46:f4:cd:cb:
         2f:8c:b4:aa:26:87:15:9d:3c:df:46:1a:9e:58:44:30:37:2e:
         3f:f8:96:4a:f3:00:85:5f:65:1f:b5:b2:b6:8c:9c:e5:3f:cb:
         89:7d:86:6a:7d:a1:7c:34:47:c0:ae:b7:83:8c:ee:6e:6f:b5:
         ea:04:5a:7c:e4:99:07:db:03:f7:65:ce:35:8a:db:b4:63:fc:
         cd:4b:53:b1:79:7b:1d:af:61:84:9b:a3:89:14:17:70:ed:3f:
         a3:c7:d1:70:e6:2a:0d:d3:b6:41:7a:fa:c7:86:fb:62:6b:15:
         74:70:cc:1d:52:34:55:91:d1:1b:e5:17:33:87:5a:76:46:cb:
         14:f1:ab:2a:48:ff:41:ca:e4:4a:b7:4f:c8:6a:99:1b:84:4a:
         98:09:f2:92:8a:ad:0f:60:88:b5:e2:91:1a:c0:e4:7b:18:ed:
         35:ec:55:47:ca:4b:90:5f:3a:45:93:99:05:e7:bb:11:de:8b:
         ba:a6:cc:6b:a8:63:1a:7c:9c:55:f9:b4:2f:57:f6:55:d0:9c:
         ef:9f:73:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3xv6tsasdA6B6bjFXOq7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNzQ0ZGE3OWYwNTMxYTczYWQ2ZjRiYWYwODM3ZTkzZWI2
ODAxYjEwHhcNMjYwMTAxMDQxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzU2MjIwYzkyYWMxODFkMTljYTZhNjQyNTllNTM4Y2YwZGY3ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxoAfx0rpsLCQhF9bVeS2xd15qru
DtawnbT1678lB4TeAC2P30pBy8pMMd1oQMlqsTn0HGg2wgHGZqpWNBvb8Stm7TBL
n5FfpleHkFvkewWa+rtLlaU04h4ZjslYYTT9jU2yDQ7D2I5/lBtdV1LrzrkZKli9
B+Tiy+xqRsNRAQL1MF/AFEeHqhtuM6tHovuHQGgIxZn5/ql/1LpH5hsapKQKxf1o
MbcpKOYpR7V2iXweMArBS3MpV4Gtx+flknBP53oIaacxofGI90ImphyzNjcAYTye
jaMluQGASSeZTg44XF+POzvcY7IPWCDTZdUvGnm7WLTdxdQv204GzIiKqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGxWIgySrBgdGcpqZCWeU4zw333LMB8GA1UdIwQY
MBaAFJt0TaefBTGnOtb0uvCDfpPraAGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTNSTnA1OEZNYWM2MXZTNjhJTi1rLXRvQWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zYjE3NDItMzA3NS00Y2M5LThlOGUt
OTJhYjgwZTJlZmQ1LzEvYkZZaURKS3NHQjBaeW1wa0paNVRqUERmZmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zYjE3NDItMzA3NS00Y2M5LThlOGUtOTJhYjgwZTJlZmQ1
LzEvbTNSTnA1OEZNYWM2MXZTNjhJTi1rLXRvQWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrWgDAN
BgkqhkiG9w0BAQsFAAOCAQEATAXRP5IzO39yLoLw/SEYhY7lMk/FVgz+f7VFEW3P
Fsq8og8MChk7A45Yv6ev7LdiYJpG9M3LL4y0qiaHFZ0830YanlhEMDcuP/iWSvMA
hV9lH7Wytoyc5T/LiX2Gan2hfDRHwK63g4zubm+16gRafOSZB9sD92XONYrbtGP8
zUtTsXl7Ha9hhJujiRQXcO0/o8fRcOYqDdO2QXr6x4b7YmsVdHDMHVI0VZHRG+UX
M4dadkbLFPGrKkj/QcrkSrdPyGqZG4RKmAnykoqtD2CIteKRGsDkexjtNexVR8pL
kF86RZOZBee7Ed6LuqbMa6hjGnycVfm0L1f2VdCc759z6w==
-----END CERTIFICATE-----