This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/OUe9Gs1ZfjOio8GPiClkO1rK7Co.roa
File:                     OUe9Gs1ZfjOio8GPiClkO1rK7Co.roa (raw, json)
Hash identifier:          9zzu21yZwWAMdvzRS8JS72fLpBxbfgfEMRdYkP6CTaA=
Subject key identifier:   39:47:BD:1A:CD:59:7E:33:A2:A3:C1:8F:88:29:64:3B:5A:CA:EC:2A
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       019B7AC958E9FA2C1A04EFB4080A2E79AC1A
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/OUe9Gs1ZfjOio8GPiClkO1rK7Co.roa
Signing time:             Thu 01 Jan 2026 18:19:34 +0000
ROA not before:           Thu 01 Jan 2026 18:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        2a09:c280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:58:e9:fa:2c:1a:04:ef:b4:08:0a:2e:79:ac:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Jan  1 18:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3947bd1acd597e33a2a3c18f8829643b5acaec2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:99:98:0b:46:5a:bb:ad:43:67:07:dc:6a:51:
                    bd:3e:68:bc:51:ea:8d:01:e3:f6:c4:e3:80:9b:e8:
                    52:9c:30:c1:d9:62:a8:9c:0c:0b:ea:ac:16:2f:fa:
                    12:85:34:3f:8c:75:12:e4:9c:10:a6:00:b6:b4:4d:
                    03:a5:90:75:9b:84:cc:78:2b:0d:96:a2:41:25:2c:
                    27:52:55:1a:cd:0b:60:de:d5:f5:fc:07:97:d7:30:
                    b0:bd:88:61:fe:ba:f1:38:22:ed:1e:36:d4:98:87:
                    cd:ff:af:f7:3c:08:64:8b:34:64:8c:5b:29:c4:d3:
                    ed:81:80:55:8c:e1:c1:b8:57:7f:a0:5b:d4:62:02:
                    dd:e1:91:fb:7f:c0:7d:86:72:7d:b1:d4:42:0c:15:
                    d5:3f:1b:01:47:e3:a0:c3:27:bf:12:63:f4:ef:ce:
                    d7:71:d6:cd:50:81:6a:45:11:3d:9a:7b:18:a1:b4:
                    7c:45:c7:77:3d:bb:e4:1c:b4:00:1b:86:31:bb:43:
                    1f:8e:c4:49:c7:e6:a4:21:89:39:22:3d:7c:f8:06:
                    22:a3:f1:a7:76:07:94:70:e4:5e:62:0c:5a:14:53:
                    fe:1c:e5:8f:81:c4:e2:c2:63:c0:4e:4e:e4:41:43:
                    3f:f0:0e:0a:bb:95:6b:fb:9a:b5:a4:a1:62:ee:b5:
                    44:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:47:BD:1A:CD:59:7E:33:A2:A3:C1:8F:88:29:64:3B:5A:CA:EC:2A
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/OUe9Gs1ZfjOio8GPiClkO1rK7Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c280::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:50:d0:fc:50:b7:18:02:15:53:6f:bd:90:89:50:34:f2:7d:
         ff:97:22:7a:92:9a:0d:29:0a:88:64:ab:35:2b:59:ea:f5:58:
         ba:46:34:ec:c1:2b:07:fa:8c:40:8c:da:2f:1c:df:28:36:fd:
         2e:2d:bf:97:bb:83:15:56:75:6c:05:10:e3:0a:37:a2:b0:cb:
         41:af:a2:a0:e3:1d:41:e2:cc:fb:a6:7f:cc:af:37:dd:79:72:
         20:98:a1:23:73:21:21:62:b8:c9:5f:1e:84:a8:4d:b6:b6:b9:
         d5:98:75:e1:1c:29:98:b1:6a:be:a0:e4:15:ca:5a:8a:37:15:
         58:13:a1:e4:d4:fa:1e:c8:50:d7:9e:b8:fd:39:e6:d0:71:a6:
         cb:ba:23:4c:24:17:13:51:0c:28:a0:d4:9d:53:c1:4c:ba:7b:
         67:22:eb:a1:25:df:e8:d3:d2:2e:8a:f4:a6:72:5b:3a:09:25:
         b3:eb:b5:7e:fa:ac:16:67:aa:ad:3a:cf:b6:f5:2e:51:c7:23:
         09:a4:da:1d:91:71:70:7c:dc:0e:29:66:fc:b7:63:4d:b4:30:
         b4:73:3c:44:f2:9f:71:7a:d5:be:72:02:eb:2c:48:d2:65:1e:
         30:ff:a3:1d:a0:34:ac:56:4b:07:e9:e5:8d:9f:d3:02:85:ac:
         5b:e4:bf:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6yVjp+iwaBO+0CAoueawaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjYwMTAxMTgxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ3YmQxYWNkNTk3ZTMzYTJhM2MxOGY4ODI5NjQzYjVhY2FlYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5mYC0Zau61DZwfcalG9Pmi8UeqN
AeP2xOOAm+hSnDDB2WKonAwL6qwWL/oShTQ/jHUS5JwQpgC2tE0DpZB1m4TMeCsN
lqJBJSwnUlUazQtg3tX1/AeX1zCwvYhh/rrxOCLtHjbUmIfN/6/3PAhkizRkjFsp
xNPtgYBVjOHBuFd/oFvUYgLd4ZH7f8B9hnJ9sdRCDBXVPxsBR+Ogwye/EmP0787X
cdbNUIFqRRE9mnsYobR8Rcd3PbvkHLQAG4Yxu0MfjsRJx+akIYk5Ij18+AYio/Gn
dgeUcOReYgxaFFP+HOWPgcTiwmPATk7kQUM/8A4Ku5Vr+5q1pKFi7rVE9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDlHvRrNWX4zoqPBj4gpZDtayuwqMB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvT1VlOUdzMVpmak9pbzhHUGlDbGtPMXJLN0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnCgDAN
BgkqhkiG9w0BAQsFAAOCAQEAaVDQ/FC3GAIVU2+9kIlQNPJ9/5ciepKaDSkKiGSr
NStZ6vVYukY07MErB/qMQIzaLxzfKDb9Li2/l7uDFVZ1bAUQ4wo3orDLQa+ioOMd
QeLM+6Z/zK833XlyIJihI3MhIWK4yV8ehKhNtra51Zh14RwpmLFqvqDkFcpaijcV
WBOh5NT6HshQ1564/Tnm0HGmy7ojTCQXE1EMKKDUnVPBTLp7ZyLroSXf6NPSLor0
pnJbOgkls+u1fvqsFmeqrTrPtvUuUccjCaTaHZFxcHzcDilm/LdjTbQwtHM8RPKf
cXrVvnIC6yxI0mUeMP+jHaA0rFZLB+nljZ/TAoWsW+S/DA==
-----END CERTIFICATE-----