This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DfQSPmYelNb0NF30t1iTQWlUs5o.roa
File:                     DfQSPmYelNb0NF30t1iTQWlUs5o.roa (raw, json)
Hash identifier:          QnQiSZ4dExtUn1E1FxF2JPdUhkzoCuIvrEqj49xiXjQ=
Subject key identifier:   0D:F4:12:3E:66:1E:94:D6:F4:34:5D:F4:B7:58:93:41:69:54:B3:9A
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019B7F841FE7F522332CB0513F5C8EE134CC
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DfQSPmYelNb0NF30t1iTQWlUs5o.roa
Signing time:             Fri 02 Jan 2026 16:22:03 +0000
ROA not before:           Fri 02 Jan 2026 16:22:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398788
IP address blocks:        2a01:488:bb12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 Jan 2026 08:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:1f:e7:f5:22:33:2c:b0:51:3f:5c:8e:e1:34:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 16:22:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0df4123e661e94d6f4345df4b75893416954b39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5c:cc:46:69:40:f1:c9:70:22:88:a6:0e:30:
                    3e:fa:9c:b3:4e:44:68:ad:a6:43:68:64:ea:1b:0d:
                    a2:fc:86:21:15:de:04:c1:b7:5f:13:8d:4b:8e:7d:
                    28:ef:8e:61:e9:d0:14:04:7f:48:ff:e6:0b:1c:28:
                    8c:73:bf:af:e9:5b:ee:62:c2:00:30:88:a6:a3:d6:
                    5a:f0:c2:a0:53:21:fa:c8:a7:d5:45:6d:d8:ea:26:
                    8f:a4:ae:86:6b:23:5a:9c:9b:f3:3e:b7:f6:44:e3:
                    ca:95:e6:71:b6:12:29:4c:b3:f8:8f:0f:f7:82:46:
                    1c:10:7e:e7:c2:15:ac:ec:c1:95:67:b8:aa:7a:74:
                    e9:c2:32:52:2b:cf:f9:6d:71:c3:e2:0f:7b:d6:ae:
                    a8:49:2d:44:76:30:2e:9a:9a:3c:a9:8d:ba:f7:60:
                    bb:ef:d1:db:f6:4f:c5:70:54:cf:2b:6e:08:e1:82:
                    d7:54:42:58:dc:65:ab:ec:66:5f:12:83:51:54:bd:
                    0d:d5:cf:58:7e:67:87:f4:63:eb:39:fd:81:b9:d7:
                    0b:b2:84:74:a3:c6:af:6b:15:ba:04:0d:9e:95:3e:
                    14:35:be:b4:45:e4:52:08:47:6d:d2:f0:8a:f7:81:
                    2d:97:6a:91:95:94:02:8d:d6:8e:bb:a1:e5:36:ee:
                    37:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F4:12:3E:66:1E:94:D6:F4:34:5D:F4:B7:58:93:41:69:54:B3:9A
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DfQSPmYelNb0NF30t1iTQWlUs5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb12::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8a:87:ae:97:90:1e:c1:46:4c:62:0c:df:e3:ee:ae:03:f8:
         70:46:0b:42:16:f2:ba:c6:36:61:1e:3f:f1:14:d3:39:c8:55:
         91:36:96:c7:00:88:11:fd:11:2d:d3:ca:f4:56:2c:db:63:a9:
         5b:bc:aa:4a:5b:4c:91:56:e0:9e:0b:31:3c:65:aa:9e:7f:d2:
         df:68:79:43:f4:d2:ab:28:c9:fb:6b:16:99:51:77:32:a8:80:
         1b:52:86:96:e3:dd:85:f7:a8:e7:b0:ab:42:71:98:c0:2e:8e:
         60:31:31:0c:2c:ef:06:bd:56:30:c0:6a:40:91:9c:e9:32:f3:
         5c:a3:38:c3:e4:51:4a:42:98:3a:a5:25:2b:58:ee:98:46:74:
         5a:16:77:d7:98:ac:8e:6f:3b:ec:31:e5:a6:b2:8a:c0:00:6f:
         8f:29:33:07:59:b5:1c:b8:69:4e:de:a8:30:7f:a9:2c:5d:af:
         2a:cf:3a:42:72:c4:9f:e2:3a:af:27:ad:4b:81:0e:c5:14:da:
         c8:e9:6f:07:a7:e1:07:d2:c7:a1:03:fd:a3:21:c5:7c:ca:91:
         d7:8c:73:3e:21:75:60:2b:e4:0b:05:72:85:2a:2c:ac:23:c9:
         9b:ba:71:76:95:89:52:a5:85:66:95:8c:42:06:9b:ae:96:73:
         a1:e9:6c:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hB/n9SIzLLBRP1yO4TTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMTAyMTYyMjAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGY0MTIzZTY2MWU5NGQ2ZjQzNDVkZjRiNzU4OTM0MTY5NTRiMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVzMRmlA8clwIoimDjA++pyzTkRo
raZDaGTqGw2i/IYhFd4EwbdfE41Ljn0o745h6dAUBH9I/+YLHCiMc7+v6VvuYsIA
MIimo9Za8MKgUyH6yKfVRW3Y6iaPpK6GayNanJvzPrf2ROPKleZxthIpTLP4jw/3
gkYcEH7nwhWs7MGVZ7iqenTpwjJSK8/5bXHD4g971q6oSS1EdjAumpo8qY2692C7
79Hb9k/FcFTPK24I4YLXVEJY3GWr7GZfEoNRVL0N1c9YfmeH9GPrOf2BudcLsoR0
o8avaxW6BA2elT4UNb60ReRSCEdt0vCK94Etl2qRlZQCjdaOu6HlNu43owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA30Ej5mHpTW9DRd9LdYk0FpVLOaMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvRGZRU1BtWWVsTmIwTkYzMHQxaVRRV2xVczVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsS
MA0GCSqGSIb3DQEBCwUAA4IBAQAuioeul5AewUZMYgzf4+6uA/hwRgtCFvK6xjZh
Hj/xFNM5yFWRNpbHAIgR/REt08r0VizbY6lbvKpKW0yRVuCeCzE8Zaqef9LfaHlD
9NKrKMn7axaZUXcyqIAbUoaW492F96jnsKtCcZjALo5gMTEMLO8GvVYwwGpAkZzp
MvNcozjD5FFKQpg6pSUrWO6YRnRaFnfXmKyObzvsMeWmsorAAG+PKTMHWbUcuGlO
3qgwf6ksXa8qzzpCcsSf4jqvJ61LgQ7FFNrI6W8Hp+EH0sehA/2jIcV8ypHXjHM+
IXVgK+QLBXKFKiysI8mbunF2lYlSpYVmlYxCBpuulnOh6WxX
-----END CERTIFICATE-----