This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IDpTWU0WRIOLA71Y3Vso2cUe87Q.roa
File:                     IDpTWU0WRIOLA71Y3Vso2cUe87Q.roa (raw, json)
Hash identifier:          OLgQuteQpCT9kGLIB6TAmBru+wm9bRMbkMSD/ue4I7U=
Subject key identifier:   20:3A:53:59:4D:16:44:83:8B:03:BD:58:DD:5B:28:D9:C5:1E:F3:B4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E395C32235DFB6F8D7E138F22135556
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IDpTWU0WRIOLA71Y3Vso2cUe87Q.roa
Signing time:             Fri 02 Jan 2026 10:20:46 +0000
ROA not before:           Fri 02 Jan 2026 10:20:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213015
IP address blocks:        2a0c:b641:5b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:5c:32:23:5d:fb:6f:8d:7e:13:8f:22:13:55:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=203a53594d1644838b03bd58dd5b28d9c51ef3b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0b:b0:e5:60:85:f5:67:6e:45:8f:d3:53:55:
                    5f:ed:2c:54:ab:5f:27:9e:cd:16:d0:e1:7d:09:38:
                    83:7d:8a:cf:8d:f3:3b:1e:cd:3e:a6:24:5a:1f:af:
                    3c:73:37:c7:66:1f:30:a9:7e:e3:36:74:ca:0a:05:
                    61:68:3e:e7:ab:31:4b:0f:56:fd:26:dd:9a:82:6f:
                    52:18:66:cb:eb:19:4a:7f:48:a4:46:12:da:c3:1b:
                    72:51:f8:1c:ba:a0:29:7f:f2:15:05:9f:1e:7b:8d:
                    4a:25:5a:ef:52:fb:3f:5b:b5:9e:94:9f:e4:db:81:
                    90:21:62:1b:e9:11:ce:58:d8:49:a3:5a:76:d9:25:
                    7b:3f:77:01:a5:69:2d:98:2c:d7:45:5d:fa:0b:7e:
                    59:42:89:e2:ca:d3:d3:81:90:e3:e4:a2:8f:3f:3d:
                    90:ba:77:84:50:e2:d7:09:80:38:d4:7d:66:a2:14:
                    2e:6a:33:70:9d:4e:8e:2a:07:05:6f:4b:34:e4:34:
                    d2:67:d3:be:65:dd:57:b3:36:79:e2:8b:a6:c3:aa:
                    23:d2:f0:5a:02:c8:3b:2b:d4:a5:89:1c:e1:54:b6:
                    2c:4b:2c:66:8c:03:f8:66:0c:25:7f:fa:82:a4:89:
                    08:d6:2a:25:58:3b:0e:bb:d7:c6:67:84:75:fa:cf:
                    d7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3A:53:59:4D:16:44:83:8B:03:BD:58:DD:5B:28:D9:C5:1E:F3:B4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IDpTWU0WRIOLA71Y3Vso2cUe87Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:6c:36:ab:56:40:58:96:3d:e6:f8:40:2b:24:46:31:18:63:
         53:ec:de:f7:ab:52:2c:74:d2:81:bf:f7:24:37:dc:65:28:80:
         8b:e9:2b:fa:77:fe:e6:38:d7:87:b5:a9:f5:a9:7c:d1:ac:1f:
         59:ca:32:4c:18:eb:0a:08:4c:95:cc:6d:37:ed:48:03:be:ec:
         1d:55:37:3b:db:90:96:6a:df:4e:64:79:88:d0:9a:6b:7a:bf:
         92:9e:1f:4f:4c:d0:36:11:ce:1a:c6:35:56:47:fb:8f:91:3e:
         d3:00:36:da:cb:33:47:e2:fe:9d:60:3a:fa:40:da:24:4e:44:
         9a:37:6c:52:09:27:a1:6a:2d:12:ce:61:35:41:58:40:88:0d:
         d0:c4:20:e7:32:6c:8e:2d:b8:04:9c:18:c9:41:63:f6:53:96:
         5c:da:ee:2b:db:65:79:30:19:33:fa:79:d4:a1:a3:86:63:9d:
         ac:75:1b:2f:a5:7c:3c:11:75:f4:1b:fd:0f:6f:17:5c:39:95:
         ee:35:05:39:60:26:1b:bf:67:76:0d:2f:2b:ca:92:7c:e1:a8:
         62:0b:34:e4:9f:33:0d:37:8d:22:4c:28:1b:14:e8:2e:fc:04:
         e3:31:61:da:ca:57:6a:71:71:f7:66:8f:54:31:2f:3b:51:16:
         65:a1:33:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OVwyI137b41+E48iE1VWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDNhNTM1OTRkMTY0NDgzOGIwM2JkNThkZDViMjhkOWM1MWVmM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnguw5WCF9WduRY/TU1Vf7SxUq18n
ns0W0OF9CTiDfYrPjfM7Hs0+piRaH688czfHZh8wqX7jNnTKCgVhaD7nqzFLD1b9
Jt2agm9SGGbL6xlKf0ikRhLawxtyUfgcuqApf/IVBZ8ee41KJVrvUvs/W7WelJ/k
24GQIWIb6RHOWNhJo1p22SV7P3cBpWktmCzXRV36C35ZQoniytPTgZDj5KKPPz2Q
uneEUOLXCYA41H1mohQuajNwnU6OKgcFb0s05DTSZ9O+Zd1XszZ54oumw6oj0vBa
Asg7K9SliRzhVLYsSyxmjAP4Zgwlf/qCpIkI1iolWDsOu9fGZ4R1+s/X8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCA6U1lNFkSDiwO9WN1bKNnFHvO0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSURwVFdVMFdSSU9MQTcxWTNWc28yY1VlODdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBtbDarVkBYlj3m+EArJEYxGGNT7N73q1IsdNKB
v/ckN9xlKICL6Sv6d/7mONeHtan1qXzRrB9ZyjJMGOsKCEyVzG037UgDvuwdVTc7
25CWat9OZHmI0Jprer+Snh9PTNA2Ec4axjVWR/uPkT7TADbayzNH4v6dYDr6QNok
TkSaN2xSCSehai0SzmE1QVhAiA3QxCDnMmyOLbgEnBjJQWP2U5Zc2u4r22V5MBkz
+nnUoaOGY52sdRsvpXw8EXX0G/0PbxdcOZXuNQU5YCYbv2d2DS8rypJ84ahiCzTk
nzMNN40iTCgbFOgu/ATjMWHayldqcXH3Zo9UMS87URZloTNR
-----END CERTIFICATE-----