This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7xz9ZtbXj7qhOrWl1asjKBlzz1o.roa
File:                     7xz9ZtbXj7qhOrWl1asjKBlzz1o.roa (raw, json)
Hash identifier:          al7m3r3hlQECrtwI9lRqdu9jwLTy7M0zSKzMUXGbBvQ=
Subject key identifier:   EF:1C:FD:66:D6:D7:8F:BA:A1:3A:B5:A5:D5:AB:23:28:19:73:CF:5A
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA5636151A49D45CE6D3FF61D2E010A
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7xz9ZtbXj7qhOrWl1asjKBlzz1o.roa
Signing time:             Fri 02 Jan 2026 12:18:46 +0000
ROA not before:           Fri 02 Jan 2026 12:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215140
IP address blocks:        2a10:4646:440::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 31 Jan 2026 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:63:61:51:a4:9d:45:ce:6d:3f:f6:1d:2e:01:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef1cfd66d6d78fbaa13ab5a5d5ab23281973cf5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2a:fb:73:1e:c2:6c:5b:e2:aa:e5:e5:06:cc:
                    62:1b:28:b6:33:44:94:53:a2:90:39:8a:10:71:5a:
                    31:c4:df:bd:e6:de:14:8c:93:9a:9e:5a:07:c0:9b:
                    ac:f9:a9:96:2d:4f:dd:20:0f:58:88:a5:87:2a:89:
                    1d:18:a9:4d:a4:47:71:83:83:a1:35:a4:52:d5:d6:
                    2e:3e:fa:e2:ae:07:b0:68:1a:bb:d0:7c:b5:c1:44:
                    ea:08:e2:15:b0:81:c2:5d:44:0c:0f:17:2a:6d:4f:
                    73:84:6e:92:20:e3:f7:5a:1c:40:a0:b1:f0:7d:94:
                    88:e5:7c:c2:5b:4c:25:1b:8d:63:f8:14:fc:40:28:
                    70:a1:9c:ad:de:83:77:47:be:72:ee:23:a5:28:dd:
                    46:5f:4c:d0:95:a0:fd:2f:8b:d0:0a:f1:e7:3a:54:
                    a9:5c:46:d2:17:e7:5c:ef:45:17:ea:44:36:7e:f0:
                    37:05:1f:f2:02:84:15:9a:f1:5d:54:83:5f:c7:0a:
                    a3:45:cb:b1:57:a8:13:7d:5e:ef:ca:18:2c:65:20:
                    b6:99:46:60:24:1f:53:67:29:a1:44:bf:ef:5c:a9:
                    a6:86:35:a3:32:4c:c4:f4:0c:4e:7c:8b:3c:2f:e9:
                    2b:e3:c7:f6:1f:c2:1a:92:43:f4:58:57:35:9f:41:
                    92:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1C:FD:66:D6:D7:8F:BA:A1:3A:B5:A5:D5:AB:23:28:19:73:CF:5A
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7xz9ZtbXj7qhOrWl1asjKBlzz1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:440::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:3c:f8:73:03:4a:ce:8f:f0:a3:64:0f:e8:84:72:6a:bb:a3:
         eb:ef:9b:c7:ce:e7:bc:05:22:1d:26:3a:cc:25:e6:58:0c:05:
         5e:7b:f9:8e:64:45:3b:37:28:aa:af:e0:40:8e:de:72:00:14:
         23:6d:00:5b:17:d6:31:69:34:e6:34:52:08:05:cc:3a:c7:9b:
         81:ab:86:61:eb:de:cd:d9:0f:db:5c:4b:7a:40:83:e7:50:be:
         f8:b3:82:1b:c3:b2:af:c7:08:9d:15:3d:0e:18:40:98:5f:f2:
         e5:33:99:94:56:64:86:ee:49:58:2f:9d:0e:c6:af:99:62:26:
         f9:bf:ac:d3:bd:a8:b6:d7:96:b3:a9:0d:6b:0f:fd:47:d0:d4:
         c8:bb:05:ef:db:58:1e:70:d5:19:dd:b2:a1:8c:20:5f:3b:99:
         b8:03:c4:37:7c:36:9c:b3:2b:d7:22:39:54:7e:63:b3:19:d3:
         ff:a0:01:b4:5d:cd:72:95:31:85:b6:ee:50:f3:73:29:df:db:
         60:44:a4:db:42:55:ae:19:33:e7:e9:69:62:72:b5:50:a7:8a:
         e4:22:2b:d8:6d:61:cf:33:1c:19:59:26:8d:55:c7:34:0d:a9:
         1a:df:73:82:d0:c8:41:e3:51:27:b0:3b:1d:d9:8a:ff:2a:14:
         e9:6d:07:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pWNhUaSdRc5tP/YdLgEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjFjZmQ2NmQ2ZDc4ZmJhYTEzYWI1YTVkNWFiMjMyODE5NzNjZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwir7cx7CbFviquXlBsxiGyi2M0SU
U6KQOYoQcVoxxN+95t4UjJOanloHwJus+amWLU/dIA9YiKWHKokdGKlNpEdxg4Oh
NaRS1dYuPvrirgewaBq70Hy1wUTqCOIVsIHCXUQMDxcqbU9zhG6SIOP3WhxAoLHw
fZSI5XzCW0wlG41j+BT8QChwoZyt3oN3R75y7iOlKN1GX0zQlaD9L4vQCvHnOlSp
XEbSF+dc70UX6kQ2fvA3BR/yAoQVmvFdVINfxwqjRcuxV6gTfV7vyhgsZSC2mUZg
JB9TZymhRL/vXKmmhjWjMkzE9AxOfIs8L+kr48f2H8IakkP0WFc1n0GSRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO8c/WbW14+6oTq1pdWrIygZc89aMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvN3h6OVp0YlhqN3FoT3JXbDFhc2pLQmx6ejFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgRA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4PPhzA0rOj/CjZA/ohHJqu6Pr75vHzue8BSId
JjrMJeZYDAVee/mOZEU7Nyiqr+BAjt5yABQjbQBbF9YxaTTmNFIIBcw6x5uBq4Zh
697N2Q/bXEt6QIPnUL74s4Ibw7KvxwidFT0OGECYX/LlM5mUVmSG7klYL50Oxq+Z
Yib5v6zTvai215azqQ1rD/1H0NTIuwXv21gecNUZ3bKhjCBfO5m4A8Q3fDacsyvX
IjlUfmOzGdP/oAG0Xc1ylTGFtu5Q83Mp39tgRKTbQlWuGTPn6WlicrVQp4rkIivY
bWHPMxwZWSaNVcc0Daka33OC0MhB41EnsDsd2Yr/KhTpbQfH
-----END CERTIFICATE-----