This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W_BCOjmAdkWfODZ7bvZ_1VEo820.roa
File:                     W_BCOjmAdkWfODZ7bvZ_1VEo820.roa (raw, json)
Hash identifier:          aAqSVSwbC6esRzER14YmpKx6m+Lo1g184jMJRY9Bonc=
Subject key identifier:   5B:F0:42:3A:39:80:76:45:9F:38:36:7B:6E:F6:7F:D5:51:28:F3:6D
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA56040F1B6709B49F7CFCB48E8CFE7
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W_BCOjmAdkWfODZ7bvZ_1VEo820.roa
Signing time:             Fri 02 Jan 2026 12:18:45 +0000
ROA not before:           Fri 02 Jan 2026 12:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212124
IP address blocks:        2a10:4646:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 31 Jan 2026 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:60:40:f1:b6:70:9b:49:f7:cf:cb:48:e8:cf:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bf0423a398076459f38367b6ef67fd55128f36d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:30:0f:50:c1:bb:a0:40:84:df:fd:6a:7a:
                    2e:7a:b7:1f:19:e9:5d:a1:76:38:e6:98:75:cc:76:
                    ca:be:de:77:07:ed:cc:e5:59:c0:65:9f:17:b3:fc:
                    a7:e8:61:3c:51:72:7f:0b:bc:a2:cc:0a:3d:6a:50:
                    e5:8c:81:c9:75:23:2b:b6:72:a1:c8:d4:37:c1:64:
                    6b:a8:8a:69:82:ea:69:fa:df:77:5c:ae:a0:2f:fa:
                    d8:da:67:f6:70:56:c4:e9:50:0e:eb:8b:b0:a5:b2:
                    2b:1b:f0:a8:ff:83:1f:d2:a1:4d:9c:2f:20:3f:6f:
                    be:04:c8:19:34:64:85:c7:01:f2:9d:c7:1d:56:5b:
                    c6:e0:73:1d:af:ad:d6:45:9a:e1:78:3c:fc:10:1d:
                    b1:ae:ec:8a:05:bf:bd:5a:49:b0:26:02:aa:fa:52:
                    1a:31:51:a5:86:74:4f:56:96:9c:e0:19:d1:b9:74:
                    88:09:b1:a2:a7:c1:46:6a:be:62:ab:82:95:0a:b1:
                    c5:0f:22:84:a6:36:f1:df:a2:5c:a5:e3:2f:5e:8b:
                    18:c3:a0:df:15:5a:8e:b8:2f:ce:bf:b2:e2:e1:cf:
                    33:89:cf:dc:e5:cc:b4:b3:a7:e7:31:c4:76:36:a5:
                    ce:7f:53:b3:5a:56:e0:30:ef:6c:2b:af:4b:ba:dc:
                    61:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F0:42:3A:39:80:76:45:9F:38:36:7B:6E:F6:7F:D5:51:28:F3:6D
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W_BCOjmAdkWfODZ7bvZ_1VEo820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:88:53:5d:6b:fb:d5:5f:94:f1:83:e8:0f:c3:96:e5:32:f5:
         aa:3f:dc:f3:62:d7:0a:aa:32:37:fd:8b:a8:4d:2a:45:56:47:
         51:ea:90:9a:8b:c7:fd:d2:b1:0a:16:32:b2:7f:86:49:6b:37:
         07:42:25:27:11:3d:75:58:1a:ce:b4:72:27:e3:a0:00:71:14:
         04:bd:7b:54:30:10:ca:b2:70:bd:87:8a:b3:84:40:3c:db:af:
         1a:fa:73:df:f8:98:80:ef:2f:a0:86:e9:0f:a3:d1:da:45:38:
         ab:2f:61:94:07:a4:9b:04:a0:f9:c6:6f:1c:61:fb:25:6e:d1:
         21:45:57:bd:47:a2:8d:67:1f:f4:f7:35:74:4f:d5:c4:94:32:
         4b:37:d7:f6:b9:24:13:86:02:27:c6:b6:3d:d1:95:5d:34:c3:
         d6:b9:11:d5:48:de:6a:90:d7:74:6d:69:0b:86:f8:a7:ee:4e:
         87:64:9a:20:ad:1a:e4:85:a3:29:0e:08:86:0a:6f:78:9e:d9:
         d2:bb:84:e5:ae:41:21:28:3c:fd:2f:22:57:be:da:4b:7e:f6:
         ba:f9:0c:4d:63:9d:b9:fe:6f:be:ac:37:f7:5c:11:3f:75:8c:
         94:df:0a:71:f7:e2:5d:50:0d:00:67:9f:4e:0c:4c:8b:21:e6:
         04:8b:f5:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pWBA8bZwm0n3z8tI6M/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmYwNDIzYTM5ODA3NjQ1OWYzODM2N2I2ZWY2N2ZkNTUxMjhmMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnkwD1DBu6BAhN/9anouercfGeld
oXY45ph1zHbKvt53B+3M5VnAZZ8Xs/yn6GE8UXJ/C7yizAo9alDljIHJdSMrtnKh
yNQ3wWRrqIppgupp+t93XK6gL/rY2mf2cFbE6VAO64uwpbIrG/Co/4Mf0qFNnC8g
P2++BMgZNGSFxwHynccdVlvG4HMdr63WRZrheDz8EB2xruyKBb+9WkmwJgKq+lIa
MVGlhnRPVpac4BnRuXSICbGip8FGar5iq4KVCrHFDyKEpjbx36JcpeMvXosYw6Df
FVqOuC/Ov7Li4c8zic/c5cy0s6fnMcR2NqXOf1OzWlbgMO9sK69Lutxh7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFvwQjo5gHZFnzg2e272f9VRKPNtMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvV19CQ09qbUFka1dmT0RaN2J2Wl8xVkVvODIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAjiFNda/vVX5Txg+gPw5blMvWqP9zzYtcKqjI3
/YuoTSpFVkdR6pCai8f90rEKFjKyf4ZJazcHQiUnET11WBrOtHIn46AAcRQEvXtU
MBDKsnC9h4qzhEA8268a+nPf+JiA7y+ghukPo9HaRTirL2GUB6SbBKD5xm8cYfsl
btEhRVe9R6KNZx/09zV0T9XElDJLN9f2uSQThgInxrY90ZVdNMPWuRHVSN5qkNd0
bWkLhvin7k6HZJogrRrkhaMpDgiGCm94ntnSu4TlrkEhKDz9LyJXvtpLfva6+QxN
Y525/m++rDf3XBE/dYyU3wpx9+JdUA0AZ59ODEyLIeYEi/UX
-----END CERTIFICATE-----