This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TDJgGMkZLrZ81GbvZCeAhhBMKFY.roa
File:                     TDJgGMkZLrZ81GbvZCeAhhBMKFY.roa (raw, json)
Hash identifier:          6e5HzejThUKP+KfqmBRD2KB/4LGOct53fiIiefsSVx0=
Subject key identifier:   4C:32:60:18:C9:19:2E:B6:7C:D4:66:EF:64:27:80:86:10:4C:28:56
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA553ADF49EA5995BB2DCCE1A61E46C
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TDJgGMkZLrZ81GbvZCeAhhBMKFY.roa
Signing time:             Fri 02 Jan 2026 12:18:42 +0000
ROA not before:           Fri 02 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52073
IP address blocks:        2a10:4646:120::/44 maxlen: 48
                          2a10:4646:120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:53:ad:f4:9e:a5:99:5b:b2:dc:ce:1a:61:e4:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c326018c9192eb67cd466ef64278086104c2856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7f:2b:05:16:3d:b5:19:d7:e1:5a:1a:8d:7c:
                    b4:83:24:3d:a1:2c:f6:e0:65:6b:4c:86:8a:af:0a:
                    94:d3:94:6f:b4:4d:48:42:25:6e:ea:4f:5d:f9:1d:
                    6e:cc:24:60:9d:d6:f2:e5:e3:76:c0:1c:2d:88:a9:
                    a8:9d:ac:fd:79:a7:12:75:7e:d9:3c:fa:d8:37:c7:
                    cd:bc:e4:ea:a5:0e:c7:49:70:fd:02:3f:80:ff:c1:
                    bd:c1:4c:e3:0e:00:bf:1f:4b:df:cc:74:40:a7:1b:
                    e3:aa:fe:66:30:f2:b4:48:fa:1f:65:63:32:7a:e0:
                    9b:d6:52:a2:2c:c2:4b:cf:2b:fd:7e:8c:fc:83:ff:
                    6b:c6:37:ab:a9:c1:8f:ee:90:be:61:e0:2c:f8:bb:
                    02:b9:22:07:09:c9:c1:23:8f:56:75:77:29:1d:46:
                    ce:53:cc:bf:eb:df:56:cf:79:16:5d:c0:b6:8c:6b:
                    8b:db:5b:9a:8b:12:f3:ea:2c:ec:ab:b2:70:e6:5c:
                    09:a2:fa:1e:c1:bf:85:00:80:c6:bf:7d:a6:46:de:
                    5c:a4:e1:8c:e4:b3:96:9a:e7:90:06:f8:71:b1:83:
                    79:55:46:b4:70:28:1e:16:b6:00:ca:08:86:4a:c9:
                    23:2f:80:92:7d:3c:9d:61:6d:17:bb:17:3f:d4:a8:
                    9b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:32:60:18:C9:19:2E:B6:7C:D4:66:EF:64:27:80:86:10:4C:28:56
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TDJgGMkZLrZ81GbvZCeAhhBMKFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:c2:3b:b5:aa:bb:02:61:49:b9:f9:b1:1e:ae:52:40:3e:8d:
         bd:b2:08:52:1e:bd:dd:a4:a9:3e:48:21:45:ed:23:28:c3:a3:
         7d:0e:57:1d:07:a8:06:83:f5:98:1a:b9:5d:e9:e3:0d:59:9b:
         0a:1d:8a:e6:62:0e:22:18:e0:29:04:19:8c:5e:f1:39:3f:f5:
         b7:63:ed:3f:1a:7f:b2:a1:54:49:56:16:c1:38:b6:de:2a:58:
         31:7e:61:d0:aa:7c:04:aa:6b:68:9c:b5:dc:0a:b9:4d:0e:be:
         7b:01:1f:e7:9a:1e:fa:d8:35:ea:45:29:37:15:20:c3:81:f8:
         b2:56:d0:df:ee:bf:e9:c0:eb:59:fd:3a:6e:85:e2:ac:98:fc:
         fa:ad:b6:a8:8f:68:ff:9e:0f:50:43:1c:cb:c7:26:f0:42:2f:
         c9:99:cc:81:a1:92:15:f5:19:de:27:a7:cb:d0:00:8a:26:99:
         1c:e0:7d:18:d2:d0:fb:91:aa:23:f1:3b:04:15:c2:f0:c1:2a:
         1f:3a:d1:cf:11:4c:66:38:ae:77:6e:e9:bd:bb:bf:1e:f3:5b:
         54:42:1b:9b:62:c7:1e:0d:39:af:24:d9:a9:97:d5:19:0e:8e:
         55:c0:30:ec:62:1c:79:08:01:38:80:8f:b1:29:c5:2f:df:89:
         c6:0e:b3:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pVOt9J6lmVuy3M4aYeRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMyNjAxOGM5MTkyZWI2N2NkNDY2ZWY2NDI3ODA4NjEwNGMyODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn8rBRY9tRnX4VoajXy0gyQ9oSz2
4GVrTIaKrwqU05RvtE1IQiVu6k9d+R1uzCRgndby5eN2wBwtiKmonaz9eacSdX7Z
PPrYN8fNvOTqpQ7HSXD9Aj+A/8G9wUzjDgC/H0vfzHRApxvjqv5mMPK0SPofZWMy
euCb1lKiLMJLzyv9foz8g/9rxjerqcGP7pC+YeAs+LsCuSIHCcnBI49WdXcpHUbO
U8y/699Wz3kWXcC2jGuL21uaixLz6izsq7Jw5lwJovoewb+FAIDGv32mRt5cpOGM
5LOWmueQBvhxsYN5VUa0cCgeFrYAygiGSskjL4CSfTydYW0Xuxc/1KibywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEwyYBjJGS62fNRm72QngIYQTChWMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvVERKZ0dNa1pMclo4MUdidlpDZUFoaEJNS0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAfwju1qrsCYUm5+bEerlJAPo29sghSHr3dpKk+
SCFF7SMow6N9DlcdB6gGg/WYGrld6eMNWZsKHYrmYg4iGOApBBmMXvE5P/W3Y+0/
Gn+yoVRJVhbBOLbeKlgxfmHQqnwEqmtonLXcCrlNDr57AR/nmh762DXqRSk3FSDD
gfiyVtDf7r/pwOtZ/TpuheKsmPz6rbaoj2j/ng9QQxzLxybwQi/JmcyBoZIV9Rne
J6fL0ACKJpkc4H0Y0tD7kaoj8TsEFcLwwSofOtHPEUxmOK53bum9u78e81tUQhub
YsceDTmvJNmpl9UZDo5VwDDsYhx5CAE4gI+xKcUv34nGDrOB
-----END CERTIFICATE-----