This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/WFKY5S3JEQ7Bnr9_U-2Ry0udwLQ.roa
File:                     WFKY5S3JEQ7Bnr9_U-2Ry0udwLQ.roa (raw, json)
Hash identifier:          fSBLesAAtR+VxH91LhsUX54ddGl+GGLe6PyGSsyj77Q=
Subject key identifier:   58:52:98:E5:2D:C9:11:0E:C1:9E:BF:7F:53:ED:91:CB:4B:9D:C0:B4
Certificate issuer:       /CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
Certificate serial:       019B7AC7904FCE0458F203DC00D548F9E8D8
Authority key identifier: F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/WFKY5S3JEQ7Bnr9_U-2Ry0udwLQ.roa
Signing time:             Thu 01 Jan 2026 18:17:37 +0000
ROA not before:           Thu 01 Jan 2026 18:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        2a03:6947:600::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:90:4f:ce:04:58:f2:03:dc:00:d5:48:f9:e8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
        Validity
            Not Before: Jan  1 18:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=585298e52dc9110ec19ebf7f53ed91cb4b9dc0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:11:3d:24:26:4f:06:db:25:80:01:73:f3:c5:
                    be:8a:b4:8a:2c:e2:6c:1f:c0:56:58:dc:c1:46:16:
                    cb:97:1c:60:f6:ec:56:fa:58:4a:e9:6a:88:4c:a8:
                    f9:bf:ab:ae:ae:f9:33:d2:37:15:ce:43:ad:40:4d:
                    d9:f5:bf:51:13:09:95:5a:36:6a:7b:99:e8:a8:66:
                    28:be:bd:2a:fb:89:f0:0c:f0:ab:0b:9a:58:6a:32:
                    41:f0:6b:fa:de:a5:14:19:c7:d4:6d:c0:8a:c8:03:
                    cc:7c:9f:42:74:fe:03:87:64:7e:4f:b1:6e:0f:30:
                    d6:97:5a:b7:ba:71:38:ec:2c:24:99:b2:c6:70:38:
                    cd:5f:18:71:0b:38:f6:19:1c:db:4a:79:ae:6c:2b:
                    33:52:9e:17:1e:5c:9d:0e:0f:8c:1e:1c:0b:7e:37:
                    5f:de:07:e3:77:db:ac:7b:33:2d:13:10:a6:74:da:
                    01:de:2f:48:aa:29:fe:97:91:d0:8b:05:00:71:6c:
                    33:8d:c8:bf:04:bd:1d:2e:22:0b:54:c2:34:0f:c8:
                    0f:39:97:5f:c4:87:99:cb:e0:0d:78:e6:e5:bf:24:
                    7e:46:88:8b:e3:d4:3c:1c:e4:8a:c6:9b:b2:dd:0f:
                    38:76:de:d0:61:cc:21:5d:ab:69:95:e3:56:5a:ef:
                    b0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:52:98:E5:2D:C9:11:0E:C1:9E:BF:7F:53:ED:91:CB:4B:9D:C0:B4
            X509v3 Authority Key Identifier:
                keyid:F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/WFKY5S3JEQ7Bnr9_U-2Ry0udwLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6947:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         57:4a:07:ce:27:94:73:ac:23:b8:0f:3d:3e:3b:cd:49:04:cf:
         03:be:80:3d:60:c2:c8:d2:0c:61:ab:f2:32:85:e2:3c:45:11:
         f0:0f:d6:a4:b6:27:e9:ad:91:d0:ed:78:2f:61:78:47:82:01:
         f5:d7:67:aa:7e:8c:b3:b9:12:31:5c:8e:52:c0:9f:61:f2:5c:
         1d:42:9e:a6:69:12:97:a7:5b:bf:31:b7:ac:4e:64:a4:cb:ec:
         5b:1f:f5:d2:97:af:e6:39:cd:68:de:cd:33:60:c2:8f:19:1f:
         da:1b:24:ca:c5:7d:1d:18:ad:60:61:7a:51:d0:d6:4c:67:7c:
         d9:67:3c:f7:2e:a9:f9:d4:93:d2:80:7a:24:60:c9:75:f3:3a:
         c4:6a:b6:2e:0c:b2:de:7f:0b:35:42:da:42:64:29:94:dc:1c:
         f5:6d:0d:71:1e:3c:4f:07:1b:b1:0d:ee:e3:dd:e1:03:de:d9:
         fb:64:4c:0f:eb:78:b3:b6:31:85:a3:59:3f:23:db:c5:b9:17:
         b1:e3:38:a2:21:45:6b:ba:9b:70:6e:91:9f:b8:f8:81:ba:25:
         b4:66:04:68:8f:78:73:1a:ff:c4:21:f4:63:7a:89:5c:79:69:
         ee:ef:83:18:83:d4:e7:18:89:46:77:56:71:9b:7a:56:7a:12:
         70:54:dc:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt6x5BPzgRY8gPcANVI+ejYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjkwNzgxZGJiZWJkYjhlYzQyYmFmNjY0ODgwNTllYTU4
NjZhYWMwHhcNMjYwMTAxMTgxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUyOThlNTJkYzkxMTBlYzE5ZWJmN2Y1M2VkOTFjYjRiOWRjMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8hE9JCZPBtslgAFz88W+irSKLOJs
H8BWWNzBRhbLlxxg9uxW+lhK6WqITKj5v6uurvkz0jcVzkOtQE3Z9b9REwmVWjZq
e5noqGYovr0q+4nwDPCrC5pYajJB8Gv63qUUGcfUbcCKyAPMfJ9CdP4Dh2R+T7Fu
DzDWl1q3unE47CwkmbLGcDjNXxhxCzj2GRzbSnmubCszUp4XHlydDg+MHhwLfjdf
3gfjd9usezMtExCmdNoB3i9Iqin+l5HQiwUAcWwzjci/BL0dLiILVMI0D8gPOZdf
xIeZy+ANeOblvyR+RoiL49Q8HOSKxpuy3Q84dt7QYcwhXatpleNWWu+wZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFhSmOUtyREOwZ6/f1PtkctLncC0MB8GA1UdIwQY
MBaAFPO5B4Hbvr247EK69mSIBZ6lhmqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAt
M2VmNWViN2M4NTk4LzEvV0ZLWTVTM0pFUTdCbnI5X1UtMlJ5MHVkd0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAtM2VmNWViN2M4NTk4
LzEvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgNpRwYw
DQYJKoZIhvcNAQELBQADggEBAFdKB84nlHOsI7gPPT47zUkEzwO+gD1gwsjSDGGr
8jKF4jxFEfAP1qS2J+mtkdDteC9heEeCAfXXZ6p+jLO5EjFcjlLAn2HyXB1CnqZp
EpenW78xt6xOZKTL7Fsf9dKXr+Y5zWjezTNgwo8ZH9obJMrFfR0YrWBhelHQ1kxn
fNlnPPcuqfnUk9KAeiRgyXXzOsRqti4Mst5/CzVC2kJkKZTcHPVtDXEePE8HG7EN
7uPd4QPe2ftkTA/reLO2MYWjWT8j28W5F7HjOKIhRWu6m3BukZ+4+IG6JbRmBGiP
eHMa/8Qh9GN6iVx5ae7vgxiD1OcYiUZ3VnGbelZ6EnBU3Mw=
-----END CERTIFICATE-----