This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/xJPb4f4rCehz8TLUSv0N6n8_MiE.roa
File:                     xJPb4f4rCehz8TLUSv0N6n8_MiE.roa (raw, json)
Hash identifier:          MEW0AHLyPDoZAygBiCZTzYIaCJijNL4VVMa21hRooaY=
Subject key identifier:   C4:93:DB:E1:FE:2B:09:E8:73:F1:32:D4:4A:FD:0D:EA:7F:3F:32:21
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019B7C12BA58F7FF84F81EDDAB63C488066C
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/xJPb4f4rCehz8TLUSv0N6n8_MiE.roa
Signing time:             Fri 02 Jan 2026 00:19:20 +0000
ROA not before:           Fri 02 Jan 2026 00:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203686
IP address blocks:        2a0a:280:3100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:ba:58:f7:ff:84:f8:1e:dd:ab:63:c4:88:06:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 00:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c493dbe1fe2b09e873f132d44afd0dea7f3f3221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:96:9e:ca:dd:ca:15:f8:98:8e:56:13:20:f9:
                    4e:4d:78:79:e5:48:f3:08:8b:87:3a:c0:e9:1c:b6:
                    f1:79:0e:82:1e:62:64:45:6d:14:cd:8e:17:e4:a3:
                    23:d7:9a:44:c0:53:8b:6f:57:e7:5b:02:73:d1:fa:
                    a8:7c:08:a0:ab:fb:4b:69:2d:c9:8a:e9:fd:2e:6e:
                    b4:9d:e4:68:78:05:e5:ae:e3:94:20:64:f2:2e:c9:
                    e2:09:e7:10:1f:d6:3c:0f:b1:69:61:93:bd:3f:cc:
                    77:ab:62:94:df:38:92:ff:bc:00:d5:61:3d:ad:30:
                    47:17:3c:36:3f:39:38:b3:4c:40:17:12:e4:fd:f0:
                    57:ff:90:f7:32:ff:6c:df:7c:fc:c3:84:31:01:6f:
                    92:a4:0c:0d:7c:c1:08:9b:e2:4c:42:46:e0:91:cf:
                    24:bc:92:c6:4c:71:73:f4:ba:e6:7b:30:28:bb:97:
                    43:13:6c:88:2a:0a:a4:62:3e:6a:15:2e:d1:36:d9:
                    13:aa:04:e2:9c:d2:56:e7:d9:15:ba:9b:32:a9:de:
                    f9:c0:cd:31:c1:b5:40:ba:02:74:0e:a1:d3:86:fb:
                    95:b8:fd:3e:dd:3a:bc:53:01:5e:28:d0:ca:ee:05:
                    7d:98:02:9d:b6:88:cf:0e:26:63:23:cc:a1:c9:47:
                    9c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:93:DB:E1:FE:2B:09:E8:73:F1:32:D4:4A:FD:0D:EA:7F:3F:32:21
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/xJPb4f4rCehz8TLUSv0N6n8_MiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3100::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:89:46:b2:49:5c:4f:26:18:5c:b9:6d:3b:02:f2:8c:3d:fe:
         53:1b:65:ed:ec:a1:8f:8d:f6:ce:88:9b:95:11:d7:2e:b2:f7:
         57:05:7e:02:8f:32:1d:16:22:35:21:ea:74:5b:2a:7f:ef:4f:
         01:18:10:bc:cd:f5:eb:9a:32:ba:32:c9:b8:ec:8a:a4:9e:40:
         a0:38:f2:5b:82:8f:9e:c6:d7:b8:40:1f:63:c0:0c:bf:43:d5:
         7a:75:1a:97:9a:ac:00:e2:c5:7e:4a:d4:10:a1:31:e2:45:d8:
         8a:36:d8:e1:de:6b:dd:68:65:70:53:08:34:1b:06:ec:8d:52:
         07:31:08:ce:ee:a6:af:97:ee:61:16:f4:43:e0:da:89:ef:1e:
         28:8e:98:cc:a9:d8:66:39:d0:73:e8:b8:c3:80:38:45:d0:fe:
         1c:c9:57:b6:b4:67:c7:21:62:ab:dc:dc:d2:fa:4c:d2:c7:79:
         f5:af:78:a0:26:97:da:6d:d2:ec:40:96:3b:2e:ef:7b:af:7c:
         7d:a1:ee:1b:7b:d9:1d:11:1c:1d:8f:59:1b:24:6f:47:f8:f9:
         d9:ba:c6:d3:72:77:5e:7e:3f:6e:91:b1:83:30:d1:4a:09:f4:
         0c:16:ee:47:78:1c:62:fa:a2:6c:8e:ee:85:1e:b2:6c:6f:af:
         3a:76:17:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8ErpY9/+E+B7dq2PEiAZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjYwMTAyMDAxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDkzZGJlMWZlMmIwOWU4NzNmMTMyZDQ0YWZkMGRlYTdmM2YzMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5aeyt3KFfiYjlYTIPlOTXh55Ujz
CIuHOsDpHLbxeQ6CHmJkRW0UzY4X5KMj15pEwFOLb1fnWwJz0fqofAigq/tLaS3J
iun9Lm60neRoeAXlruOUIGTyLsniCecQH9Y8D7FpYZO9P8x3q2KU3ziS/7wA1WE9
rTBHFzw2Pzk4s0xAFxLk/fBX/5D3Mv9s33z8w4QxAW+SpAwNfMEIm+JMQkbgkc8k
vJLGTHFz9LrmezAou5dDE2yIKgqkYj5qFS7RNtkTqgTinNJW59kVupsyqd75wM0x
wbVAugJ0DqHThvuVuP0+3Tq8UwFeKNDK7gV9mAKdtojPDiZjI8yhyUecRwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMST2+H+Kwnoc/Ey1Er9Dep/PzIhMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEveEpQYjRmNHJDZWh6OFRMVVN2ME42bjhfTWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDEw
DQYJKoZIhvcNAQELBQADggEBAKmJRrJJXE8mGFy5bTsC8ow9/lMbZe3soY+N9s6I
m5UR1y6y91cFfgKPMh0WIjUh6nRbKn/vTwEYELzN9euaMroyybjsiqSeQKA48luC
j57G17hAH2PADL9D1Xp1GpearADixX5K1BChMeJF2Io22OHea91oZXBTCDQbBuyN
UgcxCM7upq+X7mEW9EPg2onvHiiOmMyp2GY50HPouMOAOEXQ/hzJV7a0Z8chYqvc
3NL6TNLHefWveKAml9pt0uxAljsu73uvfH2h7ht72R0RHB2PWRskb0f4+dm6xtNy
d15+P26RsYMw0UoJ9AwW7kd4HGL6omyO7oUesmxvrzp2Fz8=
-----END CERTIFICATE-----