This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1xAY6nf6bhffY1bramdmANJZguM.roa
File:                     1xAY6nf6bhffY1bramdmANJZguM.roa (raw, json)
Hash identifier:          InOt9rXki+in0THMVeBakB6EoQ9+ZbMyIjr4bHquWqY=
Subject key identifier:   D7:10:18:EA:77:FA:6E:17:DF:63:56:EB:6A:67:66:00:D2:59:82:E3
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       019B7F13FC799947D6932129776B2A61B350
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1xAY6nf6bhffY1bramdmANJZguM.roa
Signing time:             Fri 02 Jan 2026 14:19:34 +0000
ROA not before:           Fri 02 Jan 2026 14:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57044
IP address blocks:        2a02:2698:800::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:fc:79:99:47:d6:93:21:29:77:6b:2a:61:b3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 14:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d71018ea77fa6e17df6356eb6a676600d25982e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:73:c6:2d:94:b4:2f:42:56:cf:7d:e6:1f:a6:
                    cf:d5:1d:1a:e4:b0:70:a8:f8:79:d9:83:63:ae:52:
                    9f:33:5d:d5:5b:1b:7a:80:d2:10:30:44:03:14:ec:
                    dd:fb:99:be:d6:6d:ba:ea:e7:53:91:f9:5e:39:c6:
                    45:e1:f8:3f:1e:8d:4c:e7:c2:f3:a7:a0:84:08:a3:
                    f0:11:9a:a5:40:20:57:be:05:87:e8:ac:4e:dc:78:
                    90:f9:a2:3e:79:d7:de:37:44:64:27:db:f2:b0:cb:
                    ef:05:f7:45:f5:53:a0:05:30:92:6c:0d:fe:02:c8:
                    57:b9:a3:bd:c7:30:a9:e4:45:65:f5:3e:e3:10:63:
                    29:4d:67:ca:27:2d:df:95:14:50:8f:ad:9c:e1:a4:
                    f2:e4:26:0f:e3:3b:66:2b:90:4c:d9:f3:3c:22:a4:
                    fc:bf:7b:93:78:41:2b:bb:30:5d:89:9e:6b:d4:e3:
                    7e:f7:00:2d:48:f2:4a:66:3f:33:50:46:79:a7:3f:
                    7d:0e:a4:88:ad:00:d9:0a:ae:aa:33:31:66:a6:14:
                    f0:18:08:88:0c:63:37:95:68:85:9e:ac:af:c0:9b:
                    7a:51:73:c4:f9:f3:b0:50:31:3b:bf:6d:f9:13:57:
                    bf:3b:6e:03:9c:49:e2:fd:6b:1f:e2:e4:ee:52:f9:
                    71:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:10:18:EA:77:FA:6E:17:DF:63:56:EB:6A:67:66:00:D2:59:82:E3
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/1xAY6nf6bhffY1bramdmANJZguM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         ab:1f:fb:c7:a0:cc:f6:f7:81:da:6d:cf:28:65:b3:67:6a:1e:
         ce:d1:1c:24:38:c9:67:5f:b6:66:d6:37:2a:a5:bf:bc:72:ba:
         74:45:45:c8:1f:f3:b3:78:7f:4e:eb:01:2c:7a:e4:01:27:31:
         09:5b:2f:35:6f:03:89:ed:55:5f:b1:24:ba:fc:a6:0e:a4:55:
         a7:bc:7c:4b:5b:53:94:d3:e9:46:40:3a:7f:32:80:11:61:51:
         26:ae:ac:25:79:64:81:a2:3c:c3:85:1e:a5:9f:64:8d:75:51:
         34:f3:c9:49:9c:75:60:67:da:13:39:dc:93:2a:73:58:95:31:
         e7:8d:81:51:93:e8:3c:90:b7:b6:bd:b0:38:46:10:1b:1f:1f:
         cb:89:02:7d:fa:77:8f:96:87:c1:b6:08:5f:89:fa:40:17:45:
         41:42:47:dc:bd:0d:f2:9f:c5:5b:6c:9f:7c:6b:76:2a:05:d1:
         fc:c3:f2:82:73:2c:bd:76:15:f5:d5:3a:81:4b:b0:54:4f:6b:
         da:40:1c:b8:52:30:9b:17:e9:09:77:74:1b:27:34:c3:c5:33:
         1b:ec:0d:d6:b3:db:d1:9b:19:36:03:4c:93:88:fe:39:6b:e3:
         5a:52:bc:4f:74:b5:a3:ca:08:33:25:b0:16:4b:cc:e9:94:25:
         f1:16:15:a5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/E/x5mUfWkyEpd2sqYbNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjYwMTAyMTQxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzEwMThlYTc3ZmE2ZTE3ZGY2MzU2ZWI2YTY3NjYwMGQyNTk4MmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonPGLZS0L0JWz33mH6bP1R0a5LBw
qPh52YNjrlKfM13VWxt6gNIQMEQDFOzd+5m+1m266udTkfleOcZF4fg/Ho1M58Lz
p6CECKPwEZqlQCBXvgWH6KxO3HiQ+aI+edfeN0RkJ9vysMvvBfdF9VOgBTCSbA3+
AshXuaO9xzCp5EVl9T7jEGMpTWfKJy3flRRQj62c4aTy5CYP4ztmK5BM2fM8IqT8
v3uTeEEruzBdiZ5r1ON+9wAtSPJKZj8zUEZ5pz99DqSIrQDZCq6qMzFmphTwGAiI
DGM3lWiFnqyvwJt6UXPE+fOwUDE7v235E1e/O24DnEni/Wsf4uTuUvlx6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNcQGOp3+m4X32NW62pnZgDSWYLjMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvMXhBWTZuZjZiaGZmWTFicmFtZG1BTkpaZ3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmAgw
DQYJKoZIhvcNAQELBQADggEBAKsf+8egzPb3gdptzyhls2dqHs7RHCQ4yWdftmbW
Nyqlv7xyunRFRcgf87N4f07rASx65AEnMQlbLzVvA4ntVV+xJLr8pg6kVae8fEtb
U5TT6UZAOn8ygBFhUSaurCV5ZIGiPMOFHqWfZI11UTTzyUmcdWBn2hM53JMqc1iV
MeeNgVGT6DyQt7a9sDhGEBsfH8uJAn36d4+Wh8G2CF+J+kAXRUFCR9y9DfKfxVts
n3xrdioF0fzD8oJzLL12FfXVOoFLsFRPa9pAHLhSMJsX6Ql3dBsnNMPFMxvsDdaz
29GbGTYDTJOI/jlr41pSvE90taPKCDMlsBZLzOmUJfEWFaU=
-----END CERTIFICATE-----
Generated at Thu Feb 5 05:55:07 2026 by rpki-client