This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OwtGWChxCNtRyJj6ElbibxId-aQ.roa
File:                     OwtGWChxCNtRyJj6ElbibxId-aQ.roa (raw, json)
Hash identifier:          ka/36kkAkjg2s/fwE4e37YvaQAs87ErAmYuEuoZciXg=
Subject key identifier:   3B:0B:46:58:28:71:08:DB:51:C8:98:FA:12:56:E2:6F:12:1D:F9:A4
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA55676064C2CD53ADBF5E527A51C75
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OwtGWChxCNtRyJj6ElbibxId-aQ.roa
Signing time:             Fri 02 Jan 2026 12:18:43 +0000
ROA not before:           Fri 02 Jan 2026 12:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198474
IP address blocks:        2a10:4646:340::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 31 Jan 2026 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:56:76:06:4c:2c:d5:3a:db:f5:e5:27:a5:1c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b0b4658287108db51c898fa1256e26f121df9a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9b:ff:3d:63:de:6c:e9:ca:03:5b:39:62:f7:
                    9b:5f:c6:e4:31:97:09:2d:0f:39:c0:44:25:df:4c:
                    b0:5f:7b:1a:22:30:cc:4a:03:2f:87:ed:02:7a:88:
                    95:42:02:e5:84:e9:53:5e:2b:0e:84:a6:38:e9:cc:
                    03:1b:9b:c0:d5:8b:65:e5:cc:cc:a9:60:b7:55:53:
                    2e:19:e6:64:c8:2a:5f:f0:bd:f3:3c:fb:6a:b2:4d:
                    b7:26:ce:f2:cd:e6:2c:a3:ac:86:22:4b:64:24:72:
                    c6:44:0d:29:d6:8d:82:72:d9:5f:28:79:5e:17:d8:
                    c1:6e:d6:00:23:41:2e:07:c0:96:fc:11:e1:05:60:
                    a4:59:cc:8f:40:d7:f3:0c:99:57:cc:4c:cb:a4:5e:
                    8c:4d:5e:4a:98:21:59:b1:ee:37:96:a0:3f:43:32:
                    85:f1:00:2d:63:b0:3d:36:e7:ba:85:f9:dd:b5:37:
                    7c:f2:ee:25:94:74:be:87:6b:e6:6a:56:87:ad:49:
                    81:99:ff:ba:28:f8:2c:a7:a8:f8:1a:10:b6:34:aa:
                    16:6c:4d:c9:d1:fb:19:e2:5c:07:96:76:4d:27:a8:
                    be:76:cd:8c:e2:ff:af:ed:26:0d:75:1d:8b:65:78:
                    d7:3e:2f:9c:d3:62:bb:22:19:6a:81:56:c6:4d:45:
                    63:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0B:46:58:28:71:08:DB:51:C8:98:FA:12:56:E2:6F:12:1D:F9:A4
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OwtGWChxCNtRyJj6ElbibxId-aQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:340::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:9c:9f:56:90:b3:2e:4d:42:b1:16:a6:34:24:69:c3:f6:4f:
         62:33:e4:13:94:63:2b:e1:0e:af:69:0e:6f:69:e4:b1:57:79:
         ea:be:06:c6:14:e1:9b:d0:14:e9:5f:3c:3a:ab:43:b6:e9:b5:
         92:8b:7b:c4:21:2d:5b:47:77:c3:34:e4:9b:02:fd:99:f5:9a:
         ee:4b:05:87:25:b3:f4:67:ea:bd:a2:fc:51:d9:a8:7b:81:7c:
         4c:11:30:4c:7d:4a:aa:99:fd:b1:be:23:58:9c:83:de:b8:64:
         4f:45:fb:d0:63:cb:db:b8:3e:4d:bf:5c:43:b6:32:03:86:8b:
         5b:9c:67:b6:15:83:5c:50:4a:b2:8e:1f:5a:23:c5:f9:02:e7:
         30:4a:8c:84:3b:28:a6:de:1d:c8:a9:25:d2:d8:f4:d8:f0:a7:
         33:27:7b:99:8a:17:d7:49:8e:86:12:4c:12:99:37:bd:fe:92:
         aa:8a:3f:03:2c:56:0e:40:d9:bb:83:62:09:46:65:71:05:c9:
         dd:6a:d5:47:16:e5:69:94:39:85:cf:87:5f:41:9d:79:65:80:
         40:f6:6c:e7:d0:d4:a2:25:ab:f5:2a:64:18:f9:63:57:62:1d:
         5f:96:e0:26:33:f7:d8:e8:c7:12:07:54:c2:18:82:7e:15:ca:
         29:2a:83:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pVZ2Bkws1Trb9eUnpRx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBiNDY1ODI4NzEwOGRiNTFjODk4ZmExMjU2ZTI2ZjEyMWRmOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Jv/PWPebOnKA1s5YvebX8bkMZcJ
LQ85wEQl30ywX3saIjDMSgMvh+0CeoiVQgLlhOlTXisOhKY46cwDG5vA1Ytl5czM
qWC3VVMuGeZkyCpf8L3zPPtqsk23Js7yzeYso6yGIktkJHLGRA0p1o2CctlfKHle
F9jBbtYAI0EuB8CW/BHhBWCkWcyPQNfzDJlXzEzLpF6MTV5KmCFZse43lqA/QzKF
8QAtY7A9Nue6hfndtTd88u4llHS+h2vmalaHrUmBmf+6KPgsp6j4GhC2NKoWbE3J
0fsZ4lwHlnZNJ6i+ds2M4v+v7SYNdR2LZXjXPi+c02K7IhlqgVbGTUVjIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDsLRlgocQjbUciY+hJW4m8SHfmkMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvT3d0R1dDaHhDTnRSeUpqNkVsYmlieElkLWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgNA
MA0GCSqGSIb3DQEBCwUAA4IBAQBYnJ9WkLMuTUKxFqY0JGnD9k9iM+QTlGMr4Q6v
aQ5vaeSxV3nqvgbGFOGb0BTpXzw6q0O26bWSi3vEIS1bR3fDNOSbAv2Z9ZruSwWH
JbP0Z+q9ovxR2ah7gXxMETBMfUqqmf2xviNYnIPeuGRPRfvQY8vbuD5Nv1xDtjID
hotbnGe2FYNcUEqyjh9aI8X5AucwSoyEOyim3h3IqSXS2PTY8KczJ3uZihfXSY6G
EkwSmTe9/pKqij8DLFYOQNm7g2IJRmVxBcndatVHFuVplDmFz4dfQZ15ZYBA9mzn
0NSiJav1KmQY+WNXYh1fluAmM/fY6McSB1TCGIJ+FcopKoOY
-----END CERTIFICATE-----