This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UdQOxlpJCr_oe1N0LASykVIgrfQ.roa
File:                     UdQOxlpJCr_oe1N0LASykVIgrfQ.roa (raw, json)
Hash identifier:          DMjaZWW2jL8JnXMJdvepI+vBIEfNSd5tqn4D2Ihx3sc=
Subject key identifier:   51:D4:0E:C6:5A:49:0A:BF:E8:7B:53:74:2C:04:B2:91:52:20:AD:F4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E396E7E39FE0AEB2414279376484E1D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UdQOxlpJCr_oe1N0LASykVIgrfQ.roa
Signing time:             Fri 02 Jan 2026 10:20:51 +0000
ROA not before:           Fri 02 Jan 2026 10:20:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215355
IP address blocks:        2a0c:b641:c00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:6e:7e:39:fe:0a:eb:24:14:27:93:76:48:4e:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51d40ec65a490abfe87b53742c04b2915220adf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:35:b3:ff:b3:3c:68:a3:94:d8:fd:0c:62:25:
                    35:72:65:98:2d:c6:e1:23:d7:b8:3e:20:43:9d:f3:
                    d6:23:de:70:84:96:8c:e2:60:ef:7a:1a:6f:2e:39:
                    1e:ea:e6:2a:e2:9a:44:34:aa:22:15:d3:c8:9a:62:
                    90:62:88:4d:1e:8e:8a:bc:31:ac:3b:70:b7:16:b3:
                    ef:db:93:11:7b:55:08:cf:b2:ba:d3:09:4e:f7:a8:
                    75:83:28:55:f5:5e:ad:40:e3:0b:3b:f0:13:e0:e4:
                    42:cf:ed:90:a9:2f:e8:53:be:5b:f4:a7:fc:7b:dc:
                    1d:f1:75:21:51:13:6b:52:ee:4e:ea:48:79:38:92:
                    f3:0f:47:65:89:a7:bf:7a:a0:1c:ff:1a:39:61:73:
                    92:c6:3a:8a:d4:b0:3a:5f:b9:95:50:8f:57:5d:96:
                    68:b2:29:29:d8:9b:ca:e1:ec:67:8b:9b:f0:72:1c:
                    39:f8:74:5f:79:5a:82:78:71:ea:65:ae:47:ab:dc:
                    7e:76:3d:ce:8f:55:a3:89:45:2f:ae:42:a6:25:3e:
                    79:c5:32:9a:69:1d:96:ab:78:04:95:03:76:25:30:
                    48:e1:2a:ff:dd:f9:a0:4b:a5:fc:8c:27:b6:56:58:
                    7d:c3:89:22:0d:67:e2:39:03:03:36:3e:41:5c:e2:
                    09:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D4:0E:C6:5A:49:0A:BF:E8:7B:53:74:2C:04:B2:91:52:20:AD:F4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UdQOxlpJCr_oe1N0LASykVIgrfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:3c:7d:81:5b:74:4b:42:1d:7a:7c:0f:82:29:87:74:d3:1d:
         72:ff:f3:ac:1b:f9:37:33:83:5f:0f:7f:29:d1:07:27:8d:89:
         cd:f1:d8:c3:db:2f:f2:42:1c:d8:dd:83:f7:8f:b3:bf:7b:c7:
         bb:9f:19:57:ad:f7:67:78:e1:f2:c8:15:b6:1c:0f:03:93:d3:
         6c:64:d9:a5:e3:a1:58:90:3a:c5:f2:57:34:50:e5:b8:c2:04:
         dd:ba:d4:d1:dc:c1:5c:6d:a9:80:8c:7e:ea:c3:81:00:14:5e:
         80:17:cc:57:42:f9:de:cf:69:c3:66:f9:95:9a:f1:9d:20:dc:
         9f:82:27:09:53:a2:3a:4d:b6:71:6d:3b:61:e9:f6:eb:b9:f4:
         f1:5a:27:25:59:b6:a0:1e:f3:7b:16:fc:3e:a9:fb:ed:1f:30:
         4a:b5:5f:63:46:98:5f:d2:33:5e:aa:3f:72:62:97:89:76:b6:
         a7:a4:53:ba:0f:41:09:8c:67:6b:75:2c:af:27:63:11:c8:45:
         0a:6a:6a:48:b9:ee:a2:6d:2c:39:cd:b9:91:36:cf:1a:bb:83:
         60:2b:32:eb:d2:65:78:b7:1e:25:39:ed:e9:bb:c6:43:06:ec:
         42:f9:b1:99:f7:38:88:c9:64:e1:e8:45:05:09:fd:12:41:4a:
         da:7c:8c:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OW5+Of4K6yQUJ5N2SE4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ0MGVjNjVhNDkwYWJmZTg3YjUzNzQyYzA0YjI5MTUyMjBhZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjWz/7M8aKOU2P0MYiU1cmWYLcbh
I9e4PiBDnfPWI95whJaM4mDvehpvLjke6uYq4ppENKoiFdPImmKQYohNHo6KvDGs
O3C3FrPv25MRe1UIz7K60wlO96h1gyhV9V6tQOMLO/AT4ORCz+2QqS/oU75b9Kf8
e9wd8XUhURNrUu5O6kh5OJLzD0dliae/eqAc/xo5YXOSxjqK1LA6X7mVUI9XXZZo
sikp2JvK4exni5vwchw5+HRfeVqCeHHqZa5Hq9x+dj3Oj1WjiUUvrkKmJT55xTKa
aR2Wq3gElQN2JTBI4Sr/3fmgS6X8jCe2Vlh9w4kiDWfiOQMDNj5BXOIJFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFHUDsZaSQq/6HtTdCwEspFSIK30MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVWRRT3hscEpDcl9vZTFOMExBU3lrVklncmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQwA
MA0GCSqGSIb3DQEBCwUAA4IBAQCBPH2BW3RLQh16fA+CKYd00x1y//OsG/k3M4Nf
D38p0QcnjYnN8djD2y/yQhzY3YP3j7O/e8e7nxlXrfdneOHyyBW2HA8Dk9NsZNml
46FYkDrF8lc0UOW4wgTdutTR3MFcbamAjH7qw4EAFF6AF8xXQvnez2nDZvmVmvGd
INyfgicJU6I6TbZxbTth6fbrufTxWiclWbagHvN7Fvw+qfvtHzBKtV9jRphf0jNe
qj9yYpeJdranpFO6D0EJjGdrdSyvJ2MRyEUKampIue6ibSw5zbmRNs8au4NgKzLr
0mV4tx4lOe3pu8ZDBuxC+bGZ9ziIyWTh6EUFCf0SQUrafIyb
-----END CERTIFICATE-----