This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/PCm2Il224mWbxHMgp2-whFWp5Y8.roa
File:                     PCm2Il224mWbxHMgp2-whFWp5Y8.roa (raw, json)
Hash identifier:          li5I0uPh7E9cKNVsRWXspiiKnjbCYQjxIQb8POSntgc=
Subject key identifier:   3C:29:B6:22:5D:B6:E2:65:9B:C4:73:20:A7:6F:B0:84:55:A9:E5:8F
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA554335E643BADB809B0A97C53F55B
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/PCm2Il224mWbxHMgp2-whFWp5Y8.roa
Signing time:             Fri 02 Jan 2026 12:18:42 +0000
ROA not before:           Fri 02 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60668
IP address blocks:        2a10:4646:2c0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 31 Jan 2026 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:54:33:5e:64:3b:ad:b8:09:b0:a9:7c:53:f5:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c29b6225db6e2659bc47320a76fb08455a9e58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e7:cc:14:0f:d9:ad:c4:d3:56:1b:c2:5f:46:
                    bc:14:ed:bb:c8:9c:59:b7:22:cf:71:29:ae:75:e4:
                    f8:37:4d:3c:dd:17:05:8d:a2:1e:55:a8:22:b4:9a:
                    bc:80:85:2a:ad:24:e4:b8:d6:59:37:b5:8a:cf:2a:
                    18:b5:25:a8:c4:9e:70:b7:eb:f5:b0:f6:68:df:1c:
                    75:a7:28:a7:ad:e1:d2:35:63:82:09:bf:0d:cb:89:
                    ef:e2:4d:cb:74:3a:32:39:64:30:ad:4c:f4:98:f5:
                    b8:01:73:b8:83:87:d6:cb:bb:a6:b2:ba:96:c2:b5:
                    32:6b:0b:21:38:3d:55:6e:fd:9b:23:40:3c:f3:6b:
                    a8:c4:5f:c4:0e:30:5f:ae:a5:54:23:eb:03:8e:46:
                    70:ef:07:ca:37:eb:cb:4f:df:90:97:31:ed:0f:7d:
                    31:60:10:71:d1:4c:2b:70:2f:4f:33:81:1c:e6:06:
                    72:79:44:2d:57:47:f4:e8:0a:57:4a:50:31:8a:44:
                    e8:77:93:23:2c:87:78:b5:fb:1d:be:2b:0d:1c:83:
                    23:97:c1:73:bb:e4:73:64:b3:e2:57:2b:c1:15:c6:
                    a8:36:c7:5a:83:4e:d9:2e:03:86:a2:69:2c:13:cd:
                    31:53:31:ae:e1:01:ed:91:74:ea:d8:81:0c:e0:a7:
                    36:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:29:B6:22:5D:B6:E2:65:9B:C4:73:20:A7:6F:B0:84:55:A9:E5:8F
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/PCm2Il224mWbxHMgp2-whFWp5Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:4e:3f:21:a9:c4:c4:66:2d:a5:67:ad:c6:f8:4b:05:19:db:
         30:7d:9a:f0:c7:b0:e5:0d:38:ef:fe:9d:c9:bc:e8:35:26:1c:
         87:94:47:ff:12:61:f0:ec:f0:a1:4c:c1:d9:a4:c6:cb:87:3c:
         38:20:87:aa:a8:cf:86:db:f7:57:d6:c6:8c:2d:27:07:dd:eb:
         ac:95:2d:cf:4c:3e:6f:5c:89:31:b2:6a:ec:5f:84:27:82:d2:
         39:5f:37:f3:5f:76:8e:81:bf:8e:95:91:53:f3:75:44:d8:91:
         6f:20:12:2d:af:4a:c5:7d:e0:1b:a9:25:2a:1a:f7:f9:e9:d7:
         8c:c8:32:a4:61:6e:78:0f:6a:9e:19:e6:68:a7:8b:3e:5a:06:
         00:83:34:d5:23:ee:12:60:a1:cb:3c:45:f7:4d:d7:42:fa:dc:
         83:55:a6:e8:1b:d2:50:70:77:bc:74:4d:65:28:bf:3f:1d:a1:
         de:e7:88:eb:a7:e0:df:da:bd:e3:31:62:0d:1d:91:e3:55:ae:
         0b:13:15:2a:7e:1b:1a:26:3f:22:34:ef:90:eb:5b:26:fd:a2:
         6f:c6:97:a6:40:da:dd:ea:17:67:fd:bd:10:a9:a2:ab:a1:5f:
         c4:cc:7c:40:ac:2c:5a:51:67:1a:11:c6:77:19:0e:f7:27:c7:
         7d:76:6e:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pVQzXmQ7rbgJsKl8U/VbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI5YjYyMjVkYjZlMjY1OWJjNDczMjBhNzZmYjA4NDU1YTllNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkefMFA/ZrcTTVhvCX0a8FO27yJxZ
tyLPcSmudeT4N0083RcFjaIeVagitJq8gIUqrSTkuNZZN7WKzyoYtSWoxJ5wt+v1
sPZo3xx1pyinreHSNWOCCb8Ny4nv4k3LdDoyOWQwrUz0mPW4AXO4g4fWy7umsrqW
wrUyawshOD1Vbv2bI0A882uoxF/EDjBfrqVUI+sDjkZw7wfKN+vLT9+QlzHtD30x
YBBx0UwrcC9PM4Ec5gZyeUQtV0f06ApXSlAxikTod5MjLId4tfsdvisNHIMjl8Fz
u+RzZLPiVyvBFcaoNsdag07ZLgOGomksE80xUzGu4QHtkXTq2IEM4Kc22QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDwptiJdtuJlm8RzIKdvsIRVqeWPMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvUENtMklsMjI0bVdieEhNZ3AyLXdoRldwNVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgLA
MA0GCSqGSIb3DQEBCwUAA4IBAQCGTj8hqcTEZi2lZ63G+EsFGdswfZrwx7DlDTjv
/p3JvOg1JhyHlEf/EmHw7PChTMHZpMbLhzw4IIeqqM+G2/dX1saMLScH3euslS3P
TD5vXIkxsmrsX4QngtI5XzfzX3aOgb+OlZFT83VE2JFvIBItr0rFfeAbqSUqGvf5
6deMyDKkYW54D2qeGeZop4s+WgYAgzTVI+4SYKHLPEX3TddC+tyDVaboG9JQcHe8
dE1lKL8/HaHe54jrp+Df2r3jMWINHZHjVa4LExUqfhsaJj8iNO+Q61sm/aJvxpem
QNrd6hdn/b0QqaKroV/EzHxArCxaUWcaEcZ3GQ73J8d9dm7j
-----END CERTIFICATE-----