This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1We3sM1PJzJjh431T2RewyKy7qc.roa
File:                     1We3sM1PJzJjh431T2RewyKy7qc.roa (raw, json)
Hash identifier:          TwjuUkz+WwHOXiQ9h/horDxuIN/qowEGiYayrZl3rRs=
Subject key identifier:   D5:67:B7:B0:CD:4F:27:32:63:87:8D:F5:4F:64:5E:C3:22:B2:EE:A7
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       019B7F13F65329ED9FAEFC8745C3F9976229
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1We3sM1PJzJjh431T2RewyKy7qc.roa
Signing time:             Fri 02 Jan 2026 14:19:33 +0000
ROA not before:           Fri 02 Jan 2026 14:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50544
IP address blocks:        2a02:2698:3000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:f6:53:29:ed:9f:ae:fc:87:45:c3:f9:97:62:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 14:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d567b7b0cd4f273263878df54f645ec322b2eea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:53:2b:59:4f:49:3f:4e:05:d2:8a:05:34:d8:
                    7d:d5:58:1c:39:f4:40:c5:67:31:da:f4:d8:11:a2:
                    02:6a:f5:eb:2c:31:45:00:17:d6:09:61:69:80:ad:
                    57:53:bd:30:46:5b:49:16:e1:07:23:59:77:f0:ea:
                    c8:fa:d7:2d:1c:3f:b0:81:ef:86:65:63:9b:94:6b:
                    42:87:d3:f4:c3:50:45:35:40:b7:ec:2b:62:25:de:
                    1b:e2:6b:0d:bb:8c:f0:01:c1:25:55:0b:9b:d8:db:
                    06:45:56:66:1b:2b:d7:e2:c0:2a:c3:8b:2a:a3:a7:
                    ed:74:bf:b5:2c:a1:fc:b1:6a:ef:3a:69:f9:9d:00:
                    0e:81:1f:c5:59:b0:98:0a:00:da:90:24:e6:f7:14:
                    57:bd:7e:d9:40:4b:98:bc:42:6c:cd:88:ac:e4:50:
                    b4:74:6b:c1:6e:63:22:26:3e:c0:35:ca:b6:b1:35:
                    65:72:ab:7b:cc:4b:98:ff:96:14:b0:99:d4:eb:ec:
                    4e:d3:7b:14:3b:1b:74:65:f6:5e:d6:7e:91:7a:ba:
                    7f:b8:00:06:d3:01:47:38:11:c2:fe:3f:08:ad:8e:
                    40:49:4f:8f:28:65:f2:6c:57:82:93:8c:d1:95:c5:
                    75:9b:16:cd:3b:9c:49:92:03:87:49:c3:40:8f:97:
                    85:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:67:B7:B0:CD:4F:27:32:63:87:8D:F5:4F:64:5E:C3:22:B2:EE:A7
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1We3sM1PJzJjh431T2RewyKy7qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:3000::/38

    Signature Algorithm: sha256WithRSAEncryption
         4d:f5:8a:e1:3f:9b:91:35:a9:58:3f:35:3d:b1:d6:5d:cd:b6:
         7d:6b:8e:06:71:7d:10:69:65:d7:83:98:3a:b3:2e:72:3d:d3:
         fe:7d:d1:66:21:46:d0:0e:89:01:e0:14:67:7b:1f:78:bf:ec:
         02:c5:54:61:ff:1b:f0:e6:a1:36:cf:fe:d3:4b:4e:cf:f4:9e:
         f7:44:c9:e5:09:1e:64:5b:e5:55:d7:1e:30:04:c7:3d:66:1e:
         99:ac:15:34:eb:46:23:f8:3a:e4:8f:6b:bb:df:84:c2:59:7d:
         21:6b:e7:14:bf:cc:89:bd:b8:2a:9a:27:17:ff:15:60:3a:1d:
         77:f8:cd:13:2c:5e:7e:08:f8:cd:21:b9:4b:f1:77:8a:fc:a9:
         ad:87:36:f1:a9:af:b0:2a:f9:d8:03:5a:8e:86:8b:70:77:99:
         71:f0:53:fa:83:88:03:e8:9c:4d:d1:ad:30:a9:d0:82:d3:94:
         4b:8e:3b:b7:24:97:0c:2b:e0:0a:d2:35:c8:92:a1:37:3c:99:
         9a:12:c4:4f:0f:b8:87:6e:0c:24:9f:41:d1:72:76:20:cd:6e:
         86:cf:7d:05:09:75:0e:be:5f:7f:ff:03:48:2e:52:51:ed:df:
         9f:9c:25:69:29:59:65:a6:e6:94:6b:0e:56:53:bf:9d:8e:43:
         a2:b0:21:c2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/E/ZTKe2frvyHRcP5l2IpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjYwMTAyMTQxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTY3YjdiMGNkNGYyNzMyNjM4NzhkZjU0ZjY0NWVjMzIyYjJlZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1MrWU9JP04F0ooFNNh91VgcOfRA
xWcx2vTYEaICavXrLDFFABfWCWFpgK1XU70wRltJFuEHI1l38OrI+tctHD+wge+G
ZWOblGtCh9P0w1BFNUC37CtiJd4b4msNu4zwAcElVQub2NsGRVZmGyvX4sAqw4sq
o6ftdL+1LKH8sWrvOmn5nQAOgR/FWbCYCgDakCTm9xRXvX7ZQEuYvEJszYis5FC0
dGvBbmMiJj7ANcq2sTVlcqt7zEuY/5YUsJnU6+xO03sUOxt0ZfZe1n6Rerp/uAAG
0wFHOBHC/j8IrY5ASU+PKGXybFeCk4zRlcV1mxbNO5xJkgOHScNAj5eFYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNVnt7DNTycyY4eN9U9kXsMisu6nMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvMVdlM3NNMVBKekpqaDQzMVQyUmV3eUt5N3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmDAw
DQYJKoZIhvcNAQELBQADggEBAE31iuE/m5E1qVg/NT2x1l3Ntn1rjgZxfRBpZdeD
mDqzLnI90/590WYhRtAOiQHgFGd7H3i/7ALFVGH/G/DmoTbP/tNLTs/0nvdEyeUJ
HmRb5VXXHjAExz1mHpmsFTTrRiP4OuSPa7vfhMJZfSFr5xS/zIm9uCqaJxf/FWA6
HXf4zRMsXn4I+M0huUvxd4r8qa2HNvGpr7Aq+dgDWo6Gi3B3mXHwU/qDiAPonE3R
rTCp0ILTlEuOO7cklwwr4ArSNciSoTc8mZoSxE8PuIduDCSfQdFydiDNbobPfQUJ
dQ6+X3//A0guUlHt35+cJWkpWWWm5pRrDlZTv52OQ6KwIcI=
-----END CERTIFICATE-----