This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0SHmfRCOFUhB4GNFh89O22tsYsY.roa
File:                     0SHmfRCOFUhB4GNFh89O22tsYsY.roa (raw, json)
Hash identifier:          gQJZFDDHZ4kxo6pYsX6jOrwqxk+feIcbYm/wO9qgDY8=
Subject key identifier:   D1:21:E6:7D:10:8E:15:48:41:E0:63:45:87:CF:4E:DB:6B:6C:62:C6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E393318205AD495A6F8ACBEF729C09B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0SHmfRCOFUhB4GNFh89O22tsYsY.roa
Signing time:             Fri 02 Jan 2026 10:20:36 +0000
ROA not before:           Fri 02 Jan 2026 10:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202532
IP address blocks:        2a0c:b641:660::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:33:18:20:5a:d4:95:a6:f8:ac:be:f7:29:c0:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d121e67d108e154841e0634587cf4edb6b6c62c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2b:c7:db:55:34:cf:5f:93:62:49:22:a5:ef:
                    a3:ef:b6:75:4b:b8:d9:37:a0:65:17:e7:26:5b:22:
                    15:c0:71:86:3b:95:1a:01:c5:5a:fb:06:c1:ae:1e:
                    11:9f:de:81:51:9c:22:9b:64:22:d0:b6:b9:01:79:
                    73:92:ac:4a:ea:20:47:d0:1a:84:66:0b:e2:e9:17:
                    ff:c6:38:e6:38:0e:ec:04:05:39:7d:dd:0d:3c:a5:
                    24:41:a0:87:77:b8:ed:5b:94:32:d1:b5:13:4e:0f:
                    ab:22:4f:8f:12:f5:b7:aa:a0:aa:3f:ee:3c:95:7b:
                    b2:e0:28:36:3e:8f:16:fe:cc:5e:b7:c4:5d:fd:31:
                    be:fc:0e:2b:3d:74:1c:8d:5f:ca:4f:ce:d4:d1:b1:
                    e5:42:b9:f9:f0:1e:9b:d2:8c:46:2e:7a:9d:75:1f:
                    8a:fc:1e:33:9e:43:a0:8f:c2:8d:bc:1a:e3:f3:da:
                    20:4b:6c:fe:58:db:15:90:fc:4e:45:bd:42:51:35:
                    a8:9e:a3:06:13:87:04:95:8a:cc:15:b2:5c:8e:43:
                    2a:80:6a:b8:d7:32:95:7b:8d:b7:03:1b:cf:5c:9d:
                    5c:11:eb:59:64:07:86:4f:f5:75:bd:a2:93:ff:38:
                    73:6d:07:c1:d3:40:ec:cd:67:d5:bc:eb:2e:29:2f:
                    be:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:21:E6:7D:10:8E:15:48:41:E0:63:45:87:CF:4E:DB:6B:6C:62:C6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0SHmfRCOFUhB4GNFh89O22tsYsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:660::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:16:a2:df:37:fd:0d:6d:56:75:7e:fa:74:18:8b:ad:35:d7:
         97:21:c9:17:e5:cb:93:a1:65:2d:68:3b:31:66:16:62:73:61:
         83:db:bd:03:a8:83:3e:96:78:be:92:b4:31:21:15:39:c1:b3:
         4a:e8:5d:0c:4d:b7:81:a2:e0:51:db:5e:e0:c5:45:9c:96:2f:
         02:77:25:78:d2:a5:a6:c8:dd:23:cc:69:29:09:ce:72:96:e1:
         bd:2c:7d:9a:35:21:37:b0:b6:0e:be:ae:cc:1b:c2:f8:48:7c:
         d7:de:78:ff:c7:01:6b:dd:04:4b:3c:2a:4e:39:55:57:a4:ae:
         6f:a5:6f:d2:21:71:57:7b:1a:e7:ef:93:3f:3f:77:ae:b1:f2:
         86:5a:4e:3f:f6:83:72:fe:62:42:28:ba:b2:83:91:63:fa:db:
         49:66:9a:21:38:6e:82:c4:e8:72:cf:23:df:31:12:bc:5f:9f:
         92:d8:d8:b7:40:38:10:8c:5c:5e:8f:c5:69:8c:7b:1c:b7:34:
         30:51:ff:23:5e:94:e6:a9:3a:b5:6f:06:b5:4f:61:fc:a6:2e:
         af:cc:a7:a5:dc:90:a9:8e:c0:ac:8a:5d:68:90:ac:fb:a2:79:
         d7:33:59:05:87:7d:0c:e3:4a:8f:c7:1a:d4:d8:5c:41:cf:78:
         84:1d:c7:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OTMYIFrUlab4rL73KcCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIxZTY3ZDEwOGUxNTQ4NDFlMDYzNDU4N2NmNGVkYjZiNmM2MmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSvH21U0z1+TYkkipe+j77Z1S7jZ
N6BlF+cmWyIVwHGGO5UaAcVa+wbBrh4Rn96BUZwim2Qi0La5AXlzkqxK6iBH0BqE
Zgvi6Rf/xjjmOA7sBAU5fd0NPKUkQaCHd7jtW5Qy0bUTTg+rIk+PEvW3qqCqP+48
lXuy4Cg2Po8W/sxet8Rd/TG+/A4rPXQcjV/KT87U0bHlQrn58B6b0oxGLnqddR+K
/B4znkOgj8KNvBrj89ogS2z+WNsVkPxORb1CUTWonqMGE4cElYrMFbJcjkMqgGq4
1zKVe423AxvPXJ1cEetZZAeGT/V1vaKT/zhzbQfB00DszWfVvOsuKS++MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNEh5n0QjhVIQeBjRYfPTttrbGLGMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMFNIbWZSQ09GVWhCNEdORmg4OU8yMnRzWXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZg
MA0GCSqGSIb3DQEBCwUAA4IBAQBsFqLfN/0NbVZ1fvp0GIutNdeXIckX5cuToWUt
aDsxZhZic2GD270DqIM+lni+krQxIRU5wbNK6F0MTbeBouBR217gxUWcli8CdyV4
0qWmyN0jzGkpCc5yluG9LH2aNSE3sLYOvq7MG8L4SHzX3nj/xwFr3QRLPCpOOVVX
pK5vpW/SIXFXexrn75M/P3eusfKGWk4/9oNy/mJCKLqyg5Fj+ttJZpohOG6CxOhy
zyPfMRK8X5+S2Ni3QDgQjFxej8VpjHsctzQwUf8jXpTmqTq1bwa1T2H8pi6vzKel
3JCpjsCsil1okKz7onnXM1kFh30M40qPxxrU2FxBz3iEHcfD
-----END CERTIFICATE-----