This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/IB4kpRXfN9uF936LivmcILxsHKY.roa
File:                     IB4kpRXfN9uF936LivmcILxsHKY.roa (raw, json)
Hash identifier:          5mZKCslxXERs71x3zlgmnZzQrGQsC9EfZx9YdIERIG0=
Subject key identifier:   20:1E:24:A5:15:DF:37:DB:85:F7:7E:8B:8A:F9:9C:20:BC:6C:1C:A6
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       019B7F13F0034232A894C5935EEC77339E74
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/IB4kpRXfN9uF936LivmcILxsHKY.roa
Signing time:             Fri 02 Jan 2026 14:19:31 +0000
ROA not before:           Fri 02 Jan 2026 14:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42682
IP address blocks:        2a02:2698:4c00::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:f0:03:42:32:a8:94:c5:93:5e:ec:77:33:9e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 14:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=201e24a515df37db85f77e8b8af99c20bc6c1ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c6:b9:82:9a:4b:07:3d:86:d4:af:f5:6e:c9:
                    72:f0:01:4c:fd:7f:dd:a9:70:ce:9d:c6:85:7c:51:
                    8b:2d:13:48:03:ec:db:20:53:6c:43:b7:8e:f4:de:
                    e4:7d:47:6b:a6:ed:3e:90:01:2d:b3:ee:14:fc:43:
                    46:36:d5:f0:c7:18:0e:98:cc:18:9d:3c:f1:cf:dc:
                    2a:4d:50:a0:1d:8a:44:db:dc:f2:da:9c:28:47:5f:
                    65:39:ec:f4:a5:54:81:1e:4a:c8:cc:ff:7f:fc:bb:
                    34:ef:34:ef:63:31:be:69:7a:4c:47:c8:30:eb:d8:
                    dd:6c:b7:8b:76:52:e3:44:c0:b3:0d:c3:ea:5c:87:
                    a4:da:e4:79:2f:97:64:0a:22:70:9a:f1:c7:32:8b:
                    0d:71:a0:10:32:c3:eb:6d:21:ae:72:9d:8f:6d:fc:
                    b6:0b:d2:bb:65:b8:cf:72:41:0b:95:2d:3c:06:b2:
                    ac:0d:7d:e4:03:a0:a7:ce:ef:c8:ec:54:5c:ad:1e:
                    12:a4:27:93:cc:ce:b4:64:34:df:81:0f:eb:4a:fa:
                    75:2b:b1:41:a3:11:df:cd:1e:3e:70:5e:03:82:46:
                    0f:88:aa:6b:86:cc:46:4b:b6:3d:8b:de:0c:0d:8b:
                    bc:2c:bb:fa:64:a4:c3:ec:ee:4b:2e:13:50:a5:a3:
                    b0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1E:24:A5:15:DF:37:DB:85:F7:7E:8B:8A:F9:9C:20:BC:6C:1C:A6
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/IB4kpRXfN9uF936LivmcILxsHKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:4c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         97:5d:b8:00:d6:84:76:9a:24:83:0a:f1:49:20:db:02:31:ed:
         c1:7a:82:4a:a1:2c:13:69:96:2c:19:cc:ac:56:a8:5d:53:8b:
         35:e7:68:b1:57:4e:d6:20:3a:79:f5:f9:86:70:0d:06:3f:95:
         65:43:e0:d4:af:61:64:ec:b4:d8:21:d8:b9:8f:00:e4:cb:91:
         10:47:fd:22:6b:7d:84:a7:77:08:92:96:e1:df:09:0a:0b:db:
         bb:a1:c1:2f:8c:9c:88:1f:b0:bc:b0:0e:00:8b:bb:46:db:b2:
         e6:86:42:01:a2:82:10:6a:55:78:66:35:58:ae:17:eb:9e:53:
         52:b0:ca:6d:14:34:6f:1f:59:4a:d3:7c:b1:69:a0:2d:89:35:
         48:36:6d:02:41:a6:92:0b:1e:f8:48:fa:29:3a:3e:c2:39:41:
         08:65:c0:8a:ca:d4:7f:71:9b:12:fd:0f:75:c4:4c:27:ef:82:
         b4:bc:86:11:04:b4:59:2b:84:29:4f:eb:a2:e6:f1:3e:73:ed:
         c9:50:80:85:7e:2d:4c:ee:7a:f1:55:32:8c:1b:9f:8e:51:5b:
         f5:55:d0:56:d4:d5:08:91:07:aa:a3:67:f8:6e:18:73:8b:1b:
         32:34:bc:80:fc:f5:44:cb:fe:49:ee:24:80:35:f2:04:f6:d8:
         cf:92:f5:79
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/E/ADQjKolMWTXux3M550MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjYwMTAyMTQxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFlMjRhNTE1ZGYzN2RiODVmNzdlOGI4YWY5OWMyMGJjNmMxY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoca5gppLBz2G1K/1bsly8AFM/X/d
qXDOncaFfFGLLRNIA+zbIFNsQ7eO9N7kfUdrpu0+kAEts+4U/ENGNtXwxxgOmMwY
nTzxz9wqTVCgHYpE29zy2pwoR19lOez0pVSBHkrIzP9//Ls07zTvYzG+aXpMR8gw
69jdbLeLdlLjRMCzDcPqXIek2uR5L5dkCiJwmvHHMosNcaAQMsPrbSGucp2Pbfy2
C9K7ZbjPckELlS08BrKsDX3kA6Cnzu/I7FRcrR4SpCeTzM60ZDTfgQ/rSvp1K7FB
oxHfzR4+cF4DgkYPiKprhsxGS7Y9i94MDYu8LLv6ZKTD7O5LLhNQpaOwnQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCAeJKUV3zfbhfd+i4r5nCC8bBymMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvSUI0a3BSWGZOOXVGOTM2TGl2bWNJTHhzSEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmEww
DQYJKoZIhvcNAQELBQADggEBAJdduADWhHaaJIMK8Ukg2wIx7cF6gkqhLBNpliwZ
zKxWqF1TizXnaLFXTtYgOnn1+YZwDQY/lWVD4NSvYWTstNgh2LmPAOTLkRBH/SJr
fYSndwiSluHfCQoL27uhwS+MnIgfsLywDgCLu0bbsuaGQgGighBqVXhmNViuF+ue
U1Kwym0UNG8fWUrTfLFpoC2JNUg2bQJBppILHvhI+ik6PsI5QQhlwIrK1H9xmxL9
D3XETCfvgrS8hhEEtFkrhClP66Lm8T5z7clQgIV+LUzuevFVMowbn45RW/VV0FbU
1QiRB6qjZ/huGHOLGzI0vID89UTL/knuJIA18gT22M+S9Xk=
-----END CERTIFICATE-----