This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gPHVWaeKPuEaFASQpgPrARmdxD8.roa
File:                     gPHVWaeKPuEaFASQpgPrARmdxD8.roa (raw, json)
Hash identifier:          +vqro98N/pK4eYrxS4F0/SyXskx3EWjlAyarn4vrWYY=
Subject key identifier:   80:F1:D5:59:A7:8A:3E:E1:1A:14:04:90:A6:03:EB:01:19:9D:C4:3F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019B7EA75DB1940F9BF37F17A5AEA4D8D57B
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gPHVWaeKPuEaFASQpgPrARmdxD8.roa
Signing time:             Fri 02 Jan 2026 12:20:56 +0000
ROA not before:           Fri 02 Jan 2026 12:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209709
IP address blocks:        2a10:b41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 Jan 2026 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:5d:b1:94:0f:9b:f3:7f:17:a5:ae:a4:d8:d5:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  2 12:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80f1d559a78a3ee11a140490a603eb01199dc43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:40:88:79:b2:66:e5:ab:e1:a4:e8:55:4d:1d:
                    d3:3e:0a:d0:1e:d6:5c:07:92:b2:05:9d:92:b0:46:
                    59:bc:45:f1:58:76:1c:45:d4:40:b0:5d:8e:93:4f:
                    bb:bb:36:0f:22:e6:64:40:db:6a:6d:10:dd:bc:70:
                    8e:4d:89:8f:81:03:66:5b:ab:bf:50:12:58:c6:97:
                    25:17:f6:be:dc:73:c3:c5:18:3b:60:06:df:af:89:
                    6f:d4:4e:63:f1:ed:49:9f:85:1b:38:60:15:3b:40:
                    7c:67:6f:dd:b8:19:bc:52:60:c9:db:72:50:43:3a:
                    8e:b6:ff:98:a7:4d:2f:f8:8c:b3:f1:33:dc:76:5a:
                    fa:7a:2a:b9:c8:d8:4e:eb:58:1e:f8:02:3e:ec:6f:
                    0c:03:a7:ff:ad:2e:cc:f4:c7:83:da:ec:01:30:9b:
                    6f:6f:44:13:41:bf:26:c0:7f:54:b1:b4:b8:69:2c:
                    df:6e:70:3b:e3:9d:2d:a7:d1:df:4a:ff:63:f5:c3:
                    7c:ad:35:9d:d1:0c:a3:79:33:69:29:91:a4:5e:7b:
                    e2:7a:dc:db:47:d7:50:f2:a7:db:e7:57:18:95:09:
                    ad:9c:f7:da:06:67:3b:73:02:46:8d:c2:f0:f0:7f:
                    6a:e1:10:d7:14:7a:cf:86:b4:b7:85:96:6b:81:96:
                    41:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F1:D5:59:A7:8A:3E:E1:1A:14:04:90:A6:03:EB:01:19:9D:C4:3F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gPHVWaeKPuEaFASQpgPrARmdxD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b41::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:85:c2:88:aa:2a:3a:f5:56:e6:2b:f9:d3:39:7b:c1:49:97:
         8f:a4:f5:d1:65:1a:34:56:ce:5f:77:79:26:2d:f5:9a:cb:57:
         88:fc:54:f7:05:4c:3a:9c:ba:d2:6d:84:09:68:e7:c8:e1:1a:
         7d:16:e8:aa:75:be:fb:03:c2:07:4f:0e:5a:af:b8:42:03:d5:
         de:20:b3:7a:35:76:8a:72:63:09:e4:a8:00:0b:64:a1:3c:0d:
         ce:05:45:0c:35:af:5b:fb:c5:61:82:61:5a:71:8a:cb:43:05:
         90:2f:12:7c:4f:15:e8:1d:59:cc:df:87:d7:8d:29:34:02:e6:
         9c:d2:9e:19:dd:bf:92:ed:22:03:06:86:80:4c:cd:b1:2b:38:
         fe:b1:9b:91:f3:77:19:6b:97:79:f6:67:f9:1d:d4:47:f2:3e:
         66:be:10:44:7c:8e:a3:de:84:db:4d:8b:80:86:77:cc:b6:c5:
         82:70:27:6c:cc:1c:cd:ef:2a:65:e4:cf:3c:fd:90:aa:9f:af:
         e3:73:d1:2a:b8:93:c8:47:cb:30:64:57:2b:c7:51:7a:d2:ab:
         9c:18:7f:5c:40:91:df:de:c2:ea:8f:66:c9:b2:22:92:b3:b5:
         78:be:0a:b8:6f:db:36:f4:54:66:32:82:79:50:63:99:39:fd:
         e4:a0:1c:c8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+p12xlA+b838Xpa6k2NV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMTAyMTIyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGYxZDU1OWE3OGEzZWUxMWExNDA0OTBhNjAzZWIwMTE5OWRjNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUCIebJm5avhpOhVTR3TPgrQHtZc
B5KyBZ2SsEZZvEXxWHYcRdRAsF2Ok0+7uzYPIuZkQNtqbRDdvHCOTYmPgQNmW6u/
UBJYxpclF/a+3HPDxRg7YAbfr4lv1E5j8e1Jn4UbOGAVO0B8Z2/duBm8UmDJ23JQ
QzqOtv+Yp00v+Iyz8TPcdlr6eiq5yNhO61ge+AI+7G8MA6f/rS7M9MeD2uwBMJtv
b0QTQb8mwH9UsbS4aSzfbnA7450tp9HfSv9j9cN8rTWd0QyjeTNpKZGkXnvietzb
R9dQ8qfb51cYlQmtnPfaBmc7cwJGjcLw8H9q4RDXFHrPhrS3hZZrgZZBQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIDx1Vmnij7hGhQEkKYD6wEZncQ/MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZ1BIVldhZUtQdUVhRkFTUXBnUHJBUm1keEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhALQTAN
BgkqhkiG9w0BAQsFAAOCAQEAt4XCiKoqOvVW5iv50zl7wUmXj6T10WUaNFbOX3d5
Ji31mstXiPxU9wVMOpy60m2ECWjnyOEafRboqnW++wPCB08OWq+4QgPV3iCzejV2
inJjCeSoAAtkoTwNzgVFDDWvW/vFYYJhWnGKy0MFkC8SfE8V6B1ZzN+H140pNALm
nNKeGd2/ku0iAwaGgEzNsSs4/rGbkfN3GWuXefZn+R3UR/I+Zr4QRHyOo96E202L
gIZ3zLbFgnAnbMwcze8qZeTPPP2Qqp+v43PRKriTyEfLMGRXK8dRetKrnBh/XECR
397C6o9mybIikrO1eL4KuG/bNvRUZjKCeVBjmTn95KAcyA==
-----END CERTIFICATE-----