This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UvYdMpnkTPIXVJ0Yw4dew00gAY0.roa
File:                     UvYdMpnkTPIXVJ0Yw4dew00gAY0.roa (raw, json)
Hash identifier:          VpZQUZpScknolb0g7/GjwF+7SDvB+JFsTdvLKXuT2B0=
Subject key identifier:   52:F6:1D:32:99:E4:4C:F2:17:54:9D:18:C3:87:5E:C3:4D:20:01:8D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E394F59D892F8933F477633C7C44DF1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UvYdMpnkTPIXVJ0Yw4dew00gAY0.roa
Signing time:             Fri 02 Jan 2026 10:20:43 +0000
ROA not before:           Fri 02 Jan 2026 10:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210469
IP address blocks:        2a0c:b641:580::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:4f:59:d8:92:f8:93:3f:47:76:33:c7:c4:4d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52f61d3299e44cf217549d18c3875ec34d20018d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:79:dc:e3:8a:2e:21:df:31:05:8b:e0:d6:bd:
                    f6:a4:ea:1f:c4:8d:59:95:46:37:a7:02:e0:7b:05:
                    1e:e8:fb:0e:eb:fe:c0:02:ba:42:7f:4a:ca:e7:f5:
                    19:6e:2c:b4:cf:67:f7:47:32:e7:6f:d5:bc:f3:3e:
                    a3:e5:d8:25:1b:07:65:4a:a3:74:9f:57:24:18:16:
                    f8:d4:24:86:90:7a:85:84:0b:c5:66:8a:69:45:cb:
                    11:73:49:59:7b:61:90:11:b2:48:4b:50:26:aa:0a:
                    43:0f:93:ff:89:50:b9:45:35:83:3d:d8:5d:16:b3:
                    9d:0d:78:10:20:08:a9:39:b8:58:38:8f:69:91:76:
                    c8:f8:c3:c4:c0:f8:6e:3b:7d:94:dc:1b:1e:c5:cb:
                    db:21:ec:b5:51:77:4f:3a:e8:04:5f:34:97:df:24:
                    71:94:2e:db:eb:01:f1:86:df:93:71:77:28:d4:b8:
                    b8:bf:df:5d:8b:91:1b:4a:9d:83:42:64:f8:f1:e2:
                    5f:0f:74:22:84:16:a4:de:5a:e3:b1:58:79:7c:39:
                    0d:40:3c:78:c4:bc:a6:0d:e6:53:22:fc:fb:b0:e7:
                    91:f8:10:ec:91:c5:ee:0f:dd:7d:28:51:8e:66:7d:
                    de:6c:38:de:ba:e4:83:3b:01:50:d4:51:28:63:f5:
                    fd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F6:1D:32:99:E4:4C:F2:17:54:9D:18:C3:87:5E:C3:4D:20:01:8D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UvYdMpnkTPIXVJ0Yw4dew00gAY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:580::/44

    Signature Algorithm: sha256WithRSAEncryption
         8c:5f:56:02:45:91:b0:1c:52:f3:6d:70:12:fc:5f:98:c7:c7:
         e1:4a:a1:fa:51:58:d5:e1:e4:15:54:50:90:2e:27:b9:7b:3f:
         cc:d6:55:ba:a1:f5:5f:9c:9b:2d:49:52:0d:e0:3b:21:a2:d8:
         2c:a7:50:70:31:a8:c7:ca:54:c2:f6:80:cc:28:7e:37:2a:13:
         e9:d4:40:f4:9f:4d:b3:03:81:b8:0d:c6:1c:e8:05:0a:5c:9f:
         e0:90:3a:d9:9e:bb:b2:c9:52:d1:e7:f6:1d:3d:0b:42:11:98:
         0b:fe:6b:66:bb:5f:42:8b:5e:63:9a:54:8e:5e:b4:97:13:4c:
         9b:6a:8c:96:21:14:7f:1a:30:8f:42:ee:db:5b:b5:81:36:e5:
         5c:05:5f:47:07:73:2a:57:a9:68:b4:f4:fb:11:ae:40:50:01:
         34:52:fc:ce:9c:44:1c:84:b3:4d:82:2c:c3:e3:1a:d3:a6:47:
         b2:2a:b7:57:44:6c:ae:27:c3:28:ad:d4:38:29:59:db:38:1d:
         41:df:58:0a:8e:7b:28:31:b7:c5:8a:b3:c3:5a:a8:06:b1:34:
         ec:36:ce:3a:df:e5:8a:06:ee:e3:aa:f5:3b:c9:55:eb:7e:67:
         b1:8f:40:77:d3:80:32:0d:a1:47:b6:09:74:1d:96:02:09:24:
         08:3c:4d:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OU9Z2JL4kz9HdjPHxE3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmY2MWQzMjk5ZTQ0Y2YyMTc1NDlkMThjMzg3NWVjMzRkMjAwMThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nnc44ouId8xBYvg1r32pOofxI1Z
lUY3pwLgewUe6PsO6/7AArpCf0rK5/UZbiy0z2f3RzLnb9W88z6j5dglGwdlSqN0
n1ckGBb41CSGkHqFhAvFZoppRcsRc0lZe2GQEbJIS1AmqgpDD5P/iVC5RTWDPdhd
FrOdDXgQIAipObhYOI9pkXbI+MPEwPhuO32U3BsexcvbIey1UXdPOugEXzSX3yRx
lC7b6wHxht+TcXco1Li4v99di5EbSp2DQmT48eJfD3QihBak3lrjsVh5fDkNQDx4
xLymDeZTIvz7sOeR+BDskcXuD919KFGOZn3ebDjeuuSDOwFQ1FEoY/X9UQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFL2HTKZ5EzyF1SdGMOHXsNNIAGNMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVXZZZE1wbmtUUElYVkowWXc0ZGV3MDBnQVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWA
MA0GCSqGSIb3DQEBCwUAA4IBAQCMX1YCRZGwHFLzbXAS/F+Yx8fhSqH6UVjV4eQV
VFCQLie5ez/M1lW6ofVfnJstSVIN4Dshotgsp1BwMajHylTC9oDMKH43KhPp1ED0
n02zA4G4DcYc6AUKXJ/gkDrZnruyyVLR5/YdPQtCEZgL/mtmu19Ci15jmlSOXrSX
E0ybaoyWIRR/GjCPQu7bW7WBNuVcBV9HB3MqV6lotPT7Ea5AUAE0UvzOnEQchLNN
gizD4xrTpkeyKrdXRGyuJ8MordQ4KVnbOB1B31gKjnsoMbfFirPDWqgGsTTsNs46
3+WKBu7jqvU7yVXrfmexj0B304AyDaFHtgl0HZYCCSQIPE1M
-----END CERTIFICATE-----