This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/D9YtUV3bPSUspl7Gxkw-W8Osm50.roa
File:                     D9YtUV3bPSUspl7Gxkw-W8Osm50.roa (raw, json)
Hash identifier:          M5+QAZAvaLNPl5QFDV1MZAm5+mgv6HaDZ7X3gTc8DfU=
Subject key identifier:   0F:D6:2D:51:5D:DB:3D:25:2C:A6:5E:C6:C6:4C:3E:5B:C3:AC:9B:9D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82D387AFCF5E7DC9FD38010811B367
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/D9YtUV3bPSUspl7Gxkw-W8Osm50.roa
Signing time:             Fri 02 Jan 2026 16:20:38 +0000
ROA not before:           Fri 02 Jan 2026 16:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210632
IP address blocks:        2a0b:b87:ff13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:d3:87:af:cf:5e:7d:c9:fd:38:01:08:11:b3:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fd62d515ddb3d252ca65ec6c64c3e5bc3ac9b9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bd:85:f4:39:3b:b2:e7:4d:3e:e2:d7:34:ec:
                    2f:e2:7c:d5:67:dd:1a:ad:ea:3f:eb:78:fb:93:97:
                    e0:e8:94:64:e5:21:a2:84:78:36:e9:48:19:d0:85:
                    09:26:b4:ff:94:e6:5c:35:69:ce:13:8d:51:c8:cd:
                    99:90:8a:38:ca:8c:52:82:5d:28:5d:75:5f:b1:ee:
                    ef:d2:9b:4f:ac:8e:a9:ac:31:34:c0:10:ff:e6:38:
                    7d:6c:75:af:2a:8d:ef:cb:ac:b7:d3:9b:c8:80:45:
                    65:62:21:a6:ac:8c:4c:01:52:f4:2d:a7:25:ab:a3:
                    d1:96:fa:e4:6f:3b:f1:01:55:29:9a:f2:55:74:5c:
                    0c:2c:f0:64:b8:32:c3:d8:29:40:d9:83:d4:28:7a:
                    7c:8c:9f:2e:15:5c:5f:3f:4b:6c:38:6c:ef:5e:05:
                    97:79:fc:88:68:80:1f:36:b4:1a:3a:a0:8f:c3:4c:
                    56:a1:8e:83:7e:76:3d:5b:bf:39:27:78:57:a0:47:
                    79:68:38:ad:2a:af:38:71:e5:4f:8d:83:f5:04:18:
                    4c:73:f1:35:c2:7d:fe:27:6d:e6:b0:47:c0:86:3b:
                    44:6e:94:3d:94:60:98:8a:d7:a7:f5:be:e0:10:7d:
                    1b:ab:84:f7:98:92:4d:5a:f2:b0:07:7e:8f:5d:ce:
                    48:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:D6:2D:51:5D:DB:3D:25:2C:A6:5E:C6:C6:4C:3E:5B:C3:AC:9B:9D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/D9YtUV3bPSUspl7Gxkw-W8Osm50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff13::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:b9:61:97:15:f2:ce:32:a2:ed:de:42:fb:eb:c7:b4:72:0e:
         fc:02:74:e8:2a:37:31:b1:b3:09:65:cb:cc:23:28:c4:ca:12:
         8d:c1:52:8e:00:ef:b8:a2:df:48:c9:78:39:06:7c:7e:a8:19:
         6b:ac:97:45:c9:25:17:62:0f:79:1f:3e:fb:22:cc:18:36:e8:
         12:61:ab:47:a9:b7:b4:54:95:b9:5a:d2:61:ca:b5:10:5b:26:
         2f:37:2a:0c:04:69:6b:c0:06:fe:0e:ec:fa:36:93:53:eb:d5:
         8f:c9:22:c0:e1:3c:02:4e:37:fa:37:94:31:13:9a:30:1a:3d:
         9f:bf:de:00:ff:f6:28:c0:ec:7b:e1:e2:0b:b3:9a:70:36:4d:
         07:2f:a9:56:f4:d5:a4:02:c2:0c:c9:f9:e7:d3:a2:1d:a9:54:
         57:33:a0:e4:18:6f:76:9c:58:a3:2b:86:32:0c:28:b1:67:83:
         41:40:97:3b:f7:3d:f7:ee:93:59:42:12:a7:c8:c6:75:ef:08:
         4d:d2:2f:b7:06:51:0d:e7:b1:36:a7:b9:a6:7d:a4:09:44:84:
         d6:b3:da:9e:78:a0:fa:b9:24:2e:3f:e6:cb:9f:d6:63:6c:ba:
         93:fc:ff:c8:9f:50:24:5e:b7:d5:7b:30:86:90:58:76:2f:e8:
         9d:69:fd:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/gtOHr89efcn9OAEIEbNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmQ2MmQ1MTVkZGIzZDI1MmNhNjVlYzZjNjRjM2U1YmMzYWM5YjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo72F9Dk7sudNPuLXNOwv4nzVZ90a
reo/63j7k5fg6JRk5SGihHg26UgZ0IUJJrT/lOZcNWnOE41RyM2ZkIo4yoxSgl0o
XXVfse7v0ptPrI6prDE0wBD/5jh9bHWvKo3vy6y305vIgEVlYiGmrIxMAVL0Lacl
q6PRlvrkbzvxAVUpmvJVdFwMLPBkuDLD2ClA2YPUKHp8jJ8uFVxfP0tsOGzvXgWX
efyIaIAfNrQaOqCPw0xWoY6DfnY9W785J3hXoEd5aDitKq84ceVPjYP1BBhMc/E1
wn3+J23msEfAhjtEbpQ9lGCYiten9b7gEH0bq4T3mJJNWvKwB36PXc5IQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/WLVFd2z0lLKZexsZMPlvDrJudMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvRDlZdFVWM2JQU1VzcGw3R3hrdy1XOE9zbTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8T
MA0GCSqGSIb3DQEBCwUAA4IBAQCruWGXFfLOMqLt3kL768e0cg78AnToKjcxsbMJ
ZcvMIyjEyhKNwVKOAO+4ot9IyXg5Bnx+qBlrrJdFySUXYg95Hz77IswYNugSYatH
qbe0VJW5WtJhyrUQWyYvNyoMBGlrwAb+Duz6NpNT69WPySLA4TwCTjf6N5QxE5ow
Gj2fv94A//YowOx74eILs5pwNk0HL6lW9NWkAsIMyfnn06IdqVRXM6DkGG92nFij
K4YyDCixZ4NBQJc79z337pNZQhKnyMZ17whN0i+3BlEN57E2p7mmfaQJRITWs9qe
eKD6uSQuP+bLn9ZjbLqT/P/In1AkXrfVezCGkFh2L+idaf0I
-----END CERTIFICATE-----