This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/U5Bo23ke1EA4QRYVVB3hPRz0O6c.roa
File:                     U5Bo23ke1EA4QRYVVB3hPRz0O6c.roa (raw, json)
Hash identifier:          3wa9t0AWStYLOTBJV45EC15ZnSt1KLdwgnSco+FdAmY=
Subject key identifier:   53:90:68:DB:79:1E:D4:40:38:41:16:15:54:1D:E1:3D:1C:F4:3B:A7
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E3930F8C609D18F204DDE522F53D7FF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/U5Bo23ke1EA4QRYVVB3hPRz0O6c.roa
Signing time:             Fri 02 Jan 2026 10:20:35 +0000
ROA not before:           Fri 02 Jan 2026 10:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200202
IP address blocks:        2a0c:b641:940::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:30:f8:c6:09:d1:8f:20:4d:de:52:2f:53:d7:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=539068db791ed44038411615541de13d1cf43ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b7:64:4e:d8:89:86:c1:69:58:86:72:eb:ed:
                    4f:7c:e8:7a:e4:fe:c8:eb:86:6c:52:94:35:66:82:
                    c2:eb:2b:40:73:4f:d3:23:ac:85:d0:6b:f2:27:47:
                    db:42:c5:e4:f3:0f:66:b3:8e:8f:97:cc:37:fa:25:
                    f2:cb:e9:1f:fe:79:83:bb:08:8d:21:8d:39:aa:f7:
                    42:70:2e:f6:4c:b2:44:4c:b6:45:4a:6d:15:80:a5:
                    ab:e1:c9:22:4c:79:bb:58:12:1a:2f:80:fe:c0:7d:
                    5f:e4:91:c4:32:88:63:8a:73:17:21:a8:b5:a1:4a:
                    30:c5:78:8d:2e:32:9c:71:1a:23:62:f8:c2:fd:19:
                    ef:1f:4f:64:18:0c:bc:a0:bf:ef:c5:92:1c:22:30:
                    b3:91:6e:25:89:81:20:26:82:a7:20:7b:63:34:dd:
                    24:b8:2d:b8:7c:34:e0:71:da:4f:ef:ad:8a:8b:1f:
                    70:b7:5a:66:44:1a:3f:07:12:95:a8:2c:41:96:ac:
                    28:b4:46:c3:cf:5b:2b:6f:62:a5:ef:42:b7:cc:c2:
                    59:d8:cb:16:0a:64:0b:71:6b:d4:24:94:12:0f:91:
                    71:46:59:b1:38:e4:62:3d:a0:65:8d:f4:5e:53:ed:
                    56:9b:04:15:3f:ac:d0:4b:7a:0f:37:c1:0b:c6:77:
                    4b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:90:68:DB:79:1E:D4:40:38:41:16:15:54:1D:E1:3D:1C:F4:3B:A7
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/U5Bo23ke1EA4QRYVVB3hPRz0O6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:940::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:16:2d:64:d9:0a:bb:4f:63:b7:0f:05:e9:1c:e2:fc:aa:fe:
         39:e8:ef:d6:40:11:0e:63:78:2b:86:19:71:2b:03:f0:65:08:
         83:0b:db:ec:f6:5b:b8:cb:ed:54:ac:e8:63:fb:e6:19:ad:c1:
         45:30:3e:03:1b:38:98:27:41:02:96:36:f8:c9:6e:51:1b:45:
         ca:ff:1a:e3:44:b1:51:05:6e:4d:a3:de:cf:05:2e:29:ef:22:
         12:9a:b8:6d:82:da:cc:b9:6d:60:66:64:38:75:f4:3d:33:77:
         a2:7d:88:e9:27:6d:50:ff:2a:ef:02:ac:cb:ed:48:fc:93:91:
         7f:43:66:bb:68:4b:08:b6:1d:66:3c:7e:0f:0a:66:39:f3:23:
         b8:d7:59:5e:5e:59:d5:5e:89:08:25:ff:9c:5f:ca:7e:e1:72:
         42:ca:19:e2:e0:00:93:1b:02:df:fc:18:f1:19:8f:98:f6:65:
         af:25:c2:36:e0:ad:85:8d:aa:1b:fd:35:a0:51:55:04:fb:89:
         74:59:7d:49:10:13:bc:c0:4a:72:06:71:31:6b:29:c0:0f:fc:
         70:51:2f:81:54:65:e8:d8:10:c7:61:18:a9:1f:32:31:59:99:
         23:f2:61:3b:d0:59:7e:ad:7b:f3:2d:b2:67:0a:96:f4:e8:bf:
         40:04:71:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OTD4xgnRjyBN3lIvU9f/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzkwNjhkYjc5MWVkNDQwMzg0MTE2MTU1NDFkZTEzZDFjZjQzYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLdkTtiJhsFpWIZy6+1PfOh65P7I
64ZsUpQ1ZoLC6ytAc0/TI6yF0GvyJ0fbQsXk8w9ms46Pl8w3+iXyy+kf/nmDuwiN
IY05qvdCcC72TLJETLZFSm0VgKWr4ckiTHm7WBIaL4D+wH1f5JHEMohjinMXIai1
oUowxXiNLjKccRojYvjC/RnvH09kGAy8oL/vxZIcIjCzkW4liYEgJoKnIHtjNN0k
uC24fDTgcdpP762Kix9wt1pmRBo/BxKVqCxBlqwotEbDz1srb2Kl70K3zMJZ2MsW
CmQLcWvUJJQSD5FxRlmxOORiPaBljfReU+1WmwQVP6zQS3oPN8ELxndL1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFOQaNt5HtRAOEEWFVQd4T0c9DunMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVTVCbzIza2UxRUE0UVJZVlZCM2hQUnowTzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQlA
MA0GCSqGSIb3DQEBCwUAA4IBAQA0Fi1k2Qq7T2O3DwXpHOL8qv456O/WQBEOY3gr
hhlxKwPwZQiDC9vs9lu4y+1UrOhj++YZrcFFMD4DGziYJ0ECljb4yW5RG0XK/xrj
RLFRBW5No97PBS4p7yISmrhtgtrMuW1gZmQ4dfQ9M3eifYjpJ21Q/yrvAqzL7Uj8
k5F/Q2a7aEsIth1mPH4PCmY58yO411leXlnVXokIJf+cX8p+4XJCyhni4ACTGwLf
/BjxGY+Y9mWvJcI24K2Fjaob/TWgUVUE+4l0WX1JEBO8wEpyBnExaynAD/xwUS+B
VGXo2BDHYRipHzIxWZkj8mE70Fl+rXvzLbJnCpb06L9ABHE0
-----END CERTIFICATE-----