This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QlVCoNds05HJK8lt7oM6VPgybK0.roa
File:                     QlVCoNds05HJK8lt7oM6VPgybK0.roa (raw, json)
Hash identifier:          CNIH159BmZaeceK/gb6T4h2aFU1Nax4IReEjW/x3R1o=
Subject key identifier:   42:55:42:A0:D7:6C:D3:91:C9:2B:C9:6D:EE:83:3A:54:F8:32:6C:AD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E396CBDF71B734D07BE4F2FD88700BE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QlVCoNds05HJK8lt7oM6VPgybK0.roa
Signing time:             Fri 02 Jan 2026 10:20:51 +0000
ROA not before:           Fri 02 Jan 2026 10:20:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214961
IP address blocks:        2a0c:b641:c50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:6c:bd:f7:1b:73:4d:07:be:4f:2f:d8:87:00:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=425542a0d76cd391c92bc96dee833a54f8326cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:22:52:8b:2f:30:fd:c0:94:eb:ca:75:be:ae:
                    87:21:e7:25:56:d9:7a:10:a8:3a:ca:84:f5:da:c6:
                    71:f7:eb:b6:94:a1:70:3b:95:fa:40:da:e5:82:3c:
                    f0:11:5e:67:fa:50:30:ae:17:75:58:4a:8c:b8:5f:
                    2a:fa:4c:ec:9a:d1:c3:64:67:53:79:58:fc:60:ee:
                    0f:64:dd:59:16:37:00:fc:bd:72:e7:34:7f:ba:0c:
                    91:c1:67:05:f6:29:ab:60:59:d6:b1:ef:26:ca:95:
                    bb:d7:f5:9e:00:58:a9:9b:1a:59:2b:cc:01:f5:b4:
                    c7:60:ba:20:e0:7b:12:94:c9:f4:ce:07:de:e4:08:
                    71:79:73:82:bb:ce:84:c5:cd:26:60:96:fd:f3:81:
                    e9:fd:1d:7a:09:ab:c3:15:38:8f:b0:fe:8a:18:32:
                    6d:e0:94:a0:8a:37:ab:db:ce:69:8b:f7:69:04:57:
                    95:14:8d:ff:5a:ca:72:67:c8:f3:3d:21:9d:73:72:
                    91:8e:58:23:e3:6e:2b:57:c3:04:31:b4:28:56:69:
                    32:09:dd:82:eb:38:61:3c:51:cc:03:19:09:2b:5e:
                    a7:93:7f:eb:cb:0f:91:0d:2d:7e:8c:d1:a4:ce:07:
                    5a:89:62:02:67:99:3a:74:26:73:73:71:75:18:9d:
                    56:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:55:42:A0:D7:6C:D3:91:C9:2B:C9:6D:EE:83:3A:54:F8:32:6C:AD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QlVCoNds05HJK8lt7oM6VPgybK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c50::/44

    Signature Algorithm: sha256WithRSAEncryption
         52:3b:d0:bd:26:14:72:61:40:57:de:7e:c5:5b:f1:73:4d:fa:
         5c:05:e0:e3:a9:74:9e:d5:3e:97:6b:13:11:d0:97:4b:31:ec:
         98:52:4a:51:59:d9:ce:2b:c5:b7:8f:fe:ce:47:da:52:1a:dd:
         81:78:e9:8d:3a:d0:4d:38:9a:89:98:21:55:ca:8a:cf:54:58:
         64:e1:1d:cf:09:c6:e8:26:cf:95:b0:f2:04:1e:4b:35:bb:d1:
         0c:ff:36:3e:f5:33:dd:54:af:1f:eb:26:3f:92:83:32:95:c6:
         79:c0:c4:6f:e5:16:23:ca:ce:ea:b4:98:ff:cb:79:0a:01:3e:
         9b:b6:36:cc:04:44:0e:8c:41:d2:d8:5d:ad:0e:d3:cf:a3:b0:
         a7:22:dc:86:06:67:1e:52:95:23:92:61:86:88:2c:b3:43:fd:
         cb:f6:fb:63:81:85:ac:3a:b8:e4:ce:3c:7f:cb:fa:fe:34:93:
         f6:7f:75:31:de:bc:4b:f7:d2:1d:63:dc:ad:33:be:d8:70:4b:
         bf:bc:a9:9d:ba:83:e5:00:7b:a2:0b:cf:69:7c:d3:5b:4d:2d:
         a5:5f:45:07:25:96:3d:4b:6f:40:ea:83:54:08:0d:85:60:b0:
         a4:5a:17:31:c3:0a:c0:36:a6:4f:07:b3:73:59:e2:46:c2:00:
         0e:3e:5a:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OWy99xtzTQe+Ty/YhwC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjU1NDJhMGQ3NmNkMzkxYzkyYmM5NmRlZTgzM2E1NGY4MzI2Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCJSiy8w/cCU68p1vq6HIeclVtl6
EKg6yoT12sZx9+u2lKFwO5X6QNrlgjzwEV5n+lAwrhd1WEqMuF8q+kzsmtHDZGdT
eVj8YO4PZN1ZFjcA/L1y5zR/ugyRwWcF9imrYFnWse8mypW71/WeAFipmxpZK8wB
9bTHYLog4HsSlMn0zgfe5AhxeXOCu86Exc0mYJb984Hp/R16CavDFTiPsP6KGDJt
4JSgijer285pi/dpBFeVFI3/WspyZ8jzPSGdc3KRjlgj424rV8MEMbQoVmkyCd2C
6zhhPFHMAxkJK16nk3/ryw+RDS1+jNGkzgdaiWICZ5k6dCZzc3F1GJ1WAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEJVQqDXbNORySvJbe6DOlT4MmytMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUWxWQ29OZHMwNUhKSzhsdDdvTTZWUGd5YkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBSO9C9JhRyYUBX3n7FW/FzTfpcBeDjqXSe1T6X
axMR0JdLMeyYUkpRWdnOK8W3j/7OR9pSGt2BeOmNOtBNOJqJmCFVyorPVFhk4R3P
CcboJs+VsPIEHks1u9EM/zY+9TPdVK8f6yY/koMylcZ5wMRv5RYjys7qtJj/y3kK
AT6btjbMBEQOjEHS2F2tDtPPo7CnItyGBmceUpUjkmGGiCyzQ/3L9vtjgYWsOrjk
zjx/y/r+NJP2f3Ux3rxL99IdY9ytM77YcEu/vKmduoPlAHuiC89pfNNbTS2lX0UH
JZY9S29A6oNUCA2FYLCkWhcxwwrANqZPB7NzWeJGwgAOPlqu
-----END CERTIFICATE-----