This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/CQTXAg4uTXvVTudN5hFeeXkNvkQ.roa
File:                     CQTXAg4uTXvVTudN5hFeeXkNvkQ.roa (raw, json)
Hash identifier:          MvXWyNfB+L1JsnBDH+iw0vhodg+qR3E3YtxwCLlLcLM=
Subject key identifier:   09:04:D7:02:0E:2E:4D:7B:D5:4E:E7:4D:E6:11:5E:79:79:0D:BE:44
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       019B7CEE51F780CA63A57D641C4D0AF9E521
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/CQTXAg4uTXvVTudN5hFeeXkNvkQ.roa
Signing time:             Fri 02 Jan 2026 04:19:11 +0000
ROA not before:           Fri 02 Jan 2026 04:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43260
IP address blocks:        2a0f:6580:108::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:51:f7:80:ca:63:a5:7d:64:1c:4d:0a:f9:e5:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 04:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0904d7020e2e4d7bd54ee74de6115e79790dbe44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bf:f6:4b:5c:66:8f:24:e8:5e:b0:c5:11:91:
                    f3:97:b4:fa:92:e5:8b:3a:0c:b6:d3:76:f9:4b:01:
                    a4:2d:4c:ac:ea:e8:9b:e9:a0:5c:5e:9e:18:04:66:
                    57:fe:60:a8:f7:7f:f9:3d:e4:83:43:a7:e8:dc:4b:
                    53:2b:ef:aa:bb:e6:f9:dd:c6:2b:8d:a3:f8:5b:a4:
                    60:19:fe:e6:9a:17:e4:e1:f0:27:7f:7d:04:b2:1a:
                    5e:2f:cd:37:85:0a:d6:d8:b7:20:c4:fa:5b:b8:88:
                    b6:6d:11:ba:6f:77:36:50:bd:aa:17:db:4e:b3:e1:
                    37:f7:02:90:c4:10:7b:e6:67:f1:19:8e:32:08:c7:
                    ca:81:8d:4c:48:e5:79:c8:b3:c9:ba:57:c6:a9:e1:
                    3f:62:a1:d9:6a:9d:ff:91:46:8c:03:d6:60:8b:06:
                    a0:9b:1c:1e:34:88:7c:0b:d7:3f:56:7e:3d:99:40:
                    12:36:33:02:f6:6a:50:73:97:54:d8:3e:84:5a:56:
                    7b:7f:e7:b0:30:a3:3b:80:d8:83:15:c4:c6:4b:58:
                    29:98:c1:f5:48:77:94:01:d4:5b:2a:23:9e:87:92:
                    b0:43:12:67:95:9b:c0:f7:2b:44:5d:cb:33:eb:e2:
                    13:4a:0f:be:3b:b0:c2:6e:49:56:e5:33:9b:86:ce:
                    e6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:04:D7:02:0E:2E:4D:7B:D5:4E:E7:4D:E6:11:5E:79:79:0D:BE:44
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/CQTXAg4uTXvVTudN5hFeeXkNvkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:0a:17:26:56:f5:6d:b3:69:a1:b0:3b:d4:19:54:d8:0b:5d:
         b3:62:9e:a1:e5:43:f6:10:f8:61:21:11:f5:fe:3b:83:6a:69:
         5d:9d:e7:e2:8d:84:28:b2:93:8e:07:50:36:a9:71:1f:8a:59:
         2d:bd:43:cc:b7:95:13:74:1e:3c:04:08:7b:ac:13:14:cb:a1:
         45:a7:02:00:b3:9e:62:65:72:da:24:68:9e:4a:dc:aa:f9:61:
         9f:2e:f4:2b:d4:84:69:a1:32:56:1b:fe:0e:8b:e1:4d:21:66:
         89:3d:1e:ba:3f:b7:92:72:fc:4b:79:37:13:ad:51:46:e6:75:
         c9:13:ce:35:e6:a2:ef:39:9b:bd:6c:f6:a8:eb:c3:03:8e:5e:
         7c:f4:02:0f:e4:a9:30:1d:a7:13:fe:4e:84:9d:34:f5:de:d5:
         95:fd:0b:f6:dd:bb:a9:3e:e5:ec:45:f3:0d:9f:f2:64:94:bc:
         96:50:d2:ca:0b:b7:49:a1:8c:6e:cc:49:a6:25:49:2c:4e:03:
         1f:0c:61:4d:bc:78:71:77:aa:09:ab:d9:78:e5:cd:36:da:57:
         d6:34:fd:00:7f:f5:88:2b:a7:c7:66:74:68:75:cd:4f:df:8f:
         ae:89:bf:e2:0f:e6:39:7e:fe:fa:2b:74:82:5c:fe:2a:3c:c6:
         21:23:62:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87lH3gMpjpX1kHE0K+eUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjYwMTAyMDQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTA0ZDcwMjBlMmU0ZDdiZDU0ZWU3NGRlNjExNWU3OTc5MGRiZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0L/2S1xmjyToXrDFEZHzl7T6kuWL
Ogy203b5SwGkLUys6uib6aBcXp4YBGZX/mCo93/5PeSDQ6fo3EtTK++qu+b53cYr
jaP4W6RgGf7mmhfk4fAnf30EshpeL803hQrW2LcgxPpbuIi2bRG6b3c2UL2qF9tO
s+E39wKQxBB75mfxGY4yCMfKgY1MSOV5yLPJulfGqeE/YqHZap3/kUaMA9Zgiwag
mxweNIh8C9c/Vn49mUASNjMC9mpQc5dU2D6EWlZ7f+ewMKM7gNiDFcTGS1gpmMH1
SHeUAdRbKiOeh5KwQxJnlZvA9ytEXcsz6+ITSg++O7DCbklW5TObhs7mqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAkE1wIOLk171U7nTeYRXnl5Db5EMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvQ1FUWEFnNHVUWHZWVHVkTjVoRmVlWGtOdmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCTChcmVvVts2mhsDvUGVTYC12zYp6h5UP2EPhh
IRH1/juDamldnefijYQospOOB1A2qXEfilktvUPMt5UTdB48BAh7rBMUy6FFpwIA
s55iZXLaJGieStyq+WGfLvQr1IRpoTJWG/4Oi+FNIWaJPR66P7eScvxLeTcTrVFG
5nXJE8415qLvOZu9bPao68MDjl589AIP5KkwHacT/k6EnTT13tWV/Qv23bupPuXs
RfMNn/JklLyWUNLKC7dJoYxuzEmmJUksTgMfDGFNvHhxd6oJq9l45c022lfWNP0A
f/WIK6fHZnRodc1P34+uib/iD+Y5fv76K3SCXP4qPMYhI2Ib
-----END CERTIFICATE-----