This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZuW5oaNLR-N0pDGVvc9qZoHXsQI.roa
File:                     ZuW5oaNLR-N0pDGVvc9qZoHXsQI.roa (raw, json)
Hash identifier:          psTmQeN9oyG9tFEf0Tlm/7nf9w34e6JGl6/H05hdUGw=
Subject key identifier:   66:E5:B9:A1:A3:4B:47:E3:74:A4:31:95:BD:CF:6A:66:81:D7:B1:02
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E393DD8E149D2FB198C431AF7F658A5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZuW5oaNLR-N0pDGVvc9qZoHXsQI.roa
Signing time:             Fri 02 Jan 2026 10:20:39 +0000
ROA not before:           Fri 02 Jan 2026 10:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207036
IP address blocks:        2a0c:b641:3d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:3d:d8:e1:49:d2:fb:19:8c:43:1a:f7:f6:58:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66e5b9a1a34b47e374a43195bdcf6a6681d7b102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d4:b5:71:53:ef:f0:70:0b:7c:78:eb:70:e2:
                    dc:56:37:73:bc:25:d1:bf:87:f5:16:4e:cd:92:fc:
                    a2:3e:c5:92:ac:6b:89:dc:68:2f:19:0e:66:f7:39:
                    2c:04:21:4a:7c:b0:64:30:17:c5:85:53:fb:06:20:
                    95:98:66:2e:60:78:31:91:47:50:b2:00:b3:b2:7c:
                    93:d0:28:ef:2d:4f:fc:74:8c:7d:21:ff:4e:b6:54:
                    41:82:55:ea:cb:c0:36:b0:bf:a4:8a:42:3d:b4:d6:
                    ee:8d:8f:71:e7:02:5a:38:6f:2a:5f:df:e6:46:80:
                    33:05:a2:47:a5:5e:42:db:4f:32:96:9f:a0:ce:51:
                    25:a1:26:77:04:45:d9:b0:90:b2:94:b7:5b:0b:2b:
                    58:84:3a:d1:bc:66:00:cd:95:f0:b0:e0:42:c4:92:
                    0e:b9:2d:2b:53:fd:82:f1:c0:3c:15:de:eb:a7:b8:
                    b0:29:bb:be:8f:f3:ea:42:18:8e:4c:fa:cd:b6:f8:
                    28:96:7b:ff:db:c3:5d:9a:f5:8f:e6:62:2e:4b:92:
                    8e:c8:e9:b1:58:56:eb:8c:97:8b:e9:d2:ba:ce:00:
                    d1:a4:e0:89:d8:31:f6:93:42:3f:74:e2:a9:92:61:
                    5b:23:9e:02:13:6d:0e:5b:29:bc:b8:ca:7d:3b:be:
                    4a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E5:B9:A1:A3:4B:47:E3:74:A4:31:95:BD:CF:6A:66:81:D7:B1:02
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZuW5oaNLR-N0pDGVvc9qZoHXsQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:20:63:a2:1f:9d:ee:70:1c:e1:59:df:05:7d:82:64:63:ed:
         21:8b:e7:67:e4:48:db:a7:39:9a:41:21:1b:0e:13:3c:39:98:
         d3:ca:26:f3:95:42:64:32:53:d2:4c:ed:93:e8:3b:67:c5:f5:
         81:1e:33:51:55:ed:b6:01:f8:23:e4:67:81:6c:57:66:5a:71:
         b1:c2:65:37:a3:0d:38:70:64:f8:89:a0:3d:a2:a6:fd:ca:c6:
         49:6d:b7:f7:7d:da:db:d3:d6:fd:54:f2:82:70:ac:dd:8e:fc:
         12:0b:6c:e3:03:f7:bd:e9:d6:aa:d5:7d:b4:33:62:9a:54:b9:
         eb:e0:53:36:29:2f:37:ca:82:0c:5f:8b:ae:8f:cf:9d:60:29:
         51:c7:7a:36:ed:db:d2:fa:d3:e4:b1:29:45:14:70:82:71:c3:
         00:c4:3d:22:44:e5:9c:10:ff:7d:b8:d3:00:01:71:3b:f1:fa:
         a2:79:19:bd:58:41:9c:70:cc:e9:40:f2:ed:28:bf:a4:bf:80:
         f7:68:c4:2d:00:a6:4d:28:12:b5:ef:f9:23:02:40:7d:9d:80:
         fd:a5:ad:f0:7f:be:72:d1:d2:34:1a:28:88:69:59:26:9b:4d:
         a0:f5:e6:3e:58:87:52:e9:51:92:69:42:ab:a7:d8:0e:f6:5a:
         a8:fe:ba:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OT3Y4UnS+xmMQxr39lilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmU1YjlhMWEzNGI0N2UzNzRhNDMxOTViZGNmNmE2NjgxZDdiMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztS1cVPv8HALfHjrcOLcVjdzvCXR
v4f1Fk7NkvyiPsWSrGuJ3GgvGQ5m9zksBCFKfLBkMBfFhVP7BiCVmGYuYHgxkUdQ
sgCzsnyT0CjvLU/8dIx9If9OtlRBglXqy8A2sL+kikI9tNbujY9x5wJaOG8qX9/m
RoAzBaJHpV5C208ylp+gzlEloSZ3BEXZsJCylLdbCytYhDrRvGYAzZXwsOBCxJIO
uS0rU/2C8cA8Fd7rp7iwKbu+j/PqQhiOTPrNtvgolnv/28NdmvWP5mIuS5KOyOmx
WFbrjJeL6dK6zgDRpOCJ2DH2k0I/dOKpkmFbI54CE20OWym8uMp9O75KKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGbluaGjS0fjdKQxlb3PamaB17ECMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWnVXNW9hTkxSLU4wcERHVnZjOXFab0hYc1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBrIGOiH53ucBzhWd8FfYJkY+0hi+dn5Ejbpzma
QSEbDhM8OZjTyibzlUJkMlPSTO2T6DtnxfWBHjNRVe22Afgj5GeBbFdmWnGxwmU3
ow04cGT4iaA9oqb9ysZJbbf3fdrb09b9VPKCcKzdjvwSC2zjA/e96daq1X20M2Ka
VLnr4FM2KS83yoIMX4uuj8+dYClRx3o27dvS+tPksSlFFHCCccMAxD0iROWcEP99
uNMAAXE78fqieRm9WEGccMzpQPLtKL+kv4D3aMQtAKZNKBK17/kjAkB9nYD9pa3w
f75y0dI0GiiIaVkmm02g9eY+WIdS6VGSaUKrp9gO9lqo/rpA
-----END CERTIFICATE-----