This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6nbtl_E7IZOlevY5qxr7VTNKksk.roa
File:                     6nbtl_E7IZOlevY5qxr7VTNKksk.roa (raw, json)
Hash identifier:          3qaiwsexkwEGjhPV6oLhKRZOa9CHyJiA3sSmB8OaK5c=
Subject key identifier:   EA:76:ED:97:F1:3B:21:93:A5:7A:F6:39:AB:1A:FB:55:33:4A:92:C9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E39656BE681D6AA2913C5E483295346
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6nbtl_E7IZOlevY5qxr7VTNKksk.roa
Signing time:             Fri 02 Jan 2026 10:20:49 +0000
ROA not before:           Fri 02 Jan 2026 10:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213738
IP address blocks:        2a0c:b641:70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:65:6b:e6:81:d6:aa:29:13:c5:e4:83:29:53:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea76ed97f13b2193a57af639ab1afb55334a92c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:26:17:24:f9:f5:10:b5:63:71:61:b7:3c:
                    76:a1:51:cf:68:12:56:7a:fe:11:f4:bb:0c:fa:07:
                    54:69:35:a2:00:3d:3c:bc:51:6a:44:53:ce:fa:81:
                    dd:c7:b7:6b:87:dd:f2:ec:69:2c:e2:21:a6:d7:f4:
                    f5:9c:a3:da:b9:24:12:8b:9c:1c:7a:06:29:c9:2e:
                    f1:f7:eb:d8:d2:17:9c:eb:86:0c:7c:33:36:b7:c0:
                    59:1b:bd:38:66:35:a9:13:81:53:ce:95:7b:9f:02:
                    e1:7a:c5:c6:e8:8e:7e:7e:f2:c7:7f:ec:c1:53:9f:
                    ed:7c:00:b1:1a:6e:35:46:8d:47:5d:43:22:6a:36:
                    ba:d0:56:a3:bc:f9:61:96:86:42:d2:20:b7:78:1d:
                    d7:52:82:7c:09:e6:33:5c:34:65:8b:61:bc:fd:e8:
                    e9:4b:b6:8d:cd:00:1b:d0:65:e9:da:f0:44:63:b0:
                    4e:5b:d0:7c:87:0c:57:31:6a:87:c4:67:62:87:8a:
                    27:34:bc:14:ed:ab:82:f1:44:8e:d6:95:d0:e3:95:
                    2f:68:79:5b:ec:10:f5:d9:e7:9b:f7:80:41:29:2d:
                    e6:55:c2:7a:8d:6d:02:59:6d:9e:44:68:55:44:62:
                    4f:be:66:1d:72:7f:44:fc:36:1c:92:ba:33:f0:55:
                    ed:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:76:ED:97:F1:3B:21:93:A5:7A:F6:39:AB:1A:FB:55:33:4A:92:C9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6nbtl_E7IZOlevY5qxr7VTNKksk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:c7:1e:ab:76:32:f3:c8:9e:a3:2f:5e:ab:d0:1d:57:f2:dd:
         f0:89:fc:bb:51:1d:a9:54:ef:86:82:2c:d1:8e:70:52:a1:28:
         ac:17:ac:e7:a1:3f:2a:21:c1:b7:44:ad:fa:b7:06:ba:9c:ba:
         80:79:66:1d:89:4d:fc:59:c3:f0:35:62:61:94:3b:98:ca:38:
         7b:a5:e1:30:d1:e2:d2:66:92:6a:49:8d:6a:4a:f2:11:65:24:
         8e:a1:d9:18:00:87:09:ef:21:d8:22:7a:32:98:7b:0d:a0:e5:
         a3:c4:b6:e7:a5:19:38:53:cb:ed:2e:18:86:ef:52:a4:8c:95:
         fa:0b:80:54:8c:98:8f:71:31:4a:67:06:09:82:b1:ac:94:ed:
         ee:ff:58:63:f1:8c:f5:06:4c:91:70:55:d8:16:64:f7:d5:6c:
         29:14:1e:0e:b3:ec:d9:35:40:c3:98:8f:f2:24:76:a0:c5:fd:
         dc:e1:2b:36:3c:cd:f1:d7:04:fb:d5:bf:cc:0b:00:25:92:0a:
         f0:19:95:6b:fb:a5:11:62:47:ab:05:95:c7:61:ea:3a:e2:6e:
         47:20:19:58:24:eb:d1:e5:d4:dd:e8:d2:1a:c5:95:f9:40:da:
         0e:40:cb:70:ca:c4:ff:3f:85:d5:7e:ac:dd:f6:1d:f4:9a:54:
         a3:9e:db:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OWVr5oHWqikTxeSDKVNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTc2ZWQ5N2YxM2IyMTkzYTU3YWY2MzlhYjFhZmI1NTMzNGE5MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu4mFyT59RC1Y3Fhtzx2oVHPaBJW
ev4R9LsM+gdUaTWiAD08vFFqRFPO+oHdx7drh93y7Gks4iGm1/T1nKPauSQSi5wc
egYpyS7x9+vY0hec64YMfDM2t8BZG704ZjWpE4FTzpV7nwLhesXG6I5+fvLHf+zB
U5/tfACxGm41Ro1HXUMiaja60FajvPlhloZC0iC3eB3XUoJ8CeYzXDRli2G8/ejp
S7aNzQAb0GXp2vBEY7BOW9B8hwxXMWqHxGdih4onNLwU7auC8USO1pXQ45UvaHlb
7BD12eeb94BBKS3mVcJ6jW0CWW2eRGhVRGJPvmYdcn9E/DYckroz8FXtxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOp27ZfxOyGTpXr2Oasa+1UzSpLJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNm5idGxfRTdJWk9sZXZZNXF4cjdWVE5La3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQBw
MA0GCSqGSIb3DQEBCwUAA4IBAQCXxx6rdjLzyJ6jL16r0B1X8t3wify7UR2pVO+G
gizRjnBSoSisF6znoT8qIcG3RK36twa6nLqAeWYdiU38WcPwNWJhlDuYyjh7peEw
0eLSZpJqSY1qSvIRZSSOodkYAIcJ7yHYInoymHsNoOWjxLbnpRk4U8vtLhiG71Kk
jJX6C4BUjJiPcTFKZwYJgrGslO3u/1hj8Yz1BkyRcFXYFmT31WwpFB4Os+zZNUDD
mI/yJHagxf3c4Ss2PM3x1wT71b/MCwAlkgrwGZVr+6URYkerBZXHYeo64m5HIBlY
JOvR5dTd6NIaxZX5QNoOQMtwysT/P4XVfqzd9h30mlSjntuL
-----END CERTIFICATE-----