This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dR31O4rhSX7_ThgB1tR_cN4mxRc.roa
File:                     dR31O4rhSX7_ThgB1tR_cN4mxRc.roa (raw, json)
Hash identifier:          yy8wW8YHBPiAveMCa7QT+BkYkTviQtvE42YZtGWYDKI=
Subject key identifier:   75:1D:F5:3B:8A:E1:49:7E:FF:4E:18:01:D6:D4:7F:70:DE:26:C5:17
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E392BCB8E36F8115A17B96096EEAE93
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dR31O4rhSX7_ThgB1tR_cN4mxRc.roa
Signing time:             Fri 02 Jan 2026 10:20:34 +0000
ROA not before:           Fri 02 Jan 2026 10:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        2a0c:b641:330::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:2b:cb:8e:36:f8:11:5a:17:b9:60:96:ee:ae:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=751df53b8ae1497eff4e1801d6d47f70de26c517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a7:bf:d5:d7:ad:96:c4:b1:0f:75:c2:6e:e3:
                    29:09:b0:dc:c8:fb:69:0f:ab:35:d1:05:02:9d:81:
                    66:e9:e5:0c:3e:36:b1:0a:6d:2f:16:46:fc:fd:c2:
                    3d:e8:9e:37:c7:d1:91:7f:2e:06:f9:1b:19:23:f2:
                    a1:03:b7:9a:95:d5:f7:41:78:d1:a3:ec:af:0e:56:
                    09:62:cb:45:41:42:00:fd:b2:cc:4f:6a:d1:d1:be:
                    2a:39:29:08:0e:f9:de:a1:34:0f:22:d3:b9:a6:0f:
                    1a:86:8e:74:5c:1b:78:a3:6d:01:9b:e2:30:82:46:
                    fd:00:78:c8:d0:ae:45:f9:95:3e:fc:f2:e7:32:d6:
                    4a:ec:a2:73:39:e6:bf:5e:c0:25:32:4a:d3:87:f3:
                    54:11:ac:d2:89:4d:16:14:c2:c4:6a:f0:41:8f:d3:
                    99:ca:d0:1f:5b:82:c0:fe:d1:88:26:a7:0e:02:2d:
                    fb:45:e6:07:c7:8c:de:04:2c:d2:9b:73:65:8e:98:
                    84:f6:7d:2c:77:a7:03:23:67:a0:3d:08:55:8d:c7:
                    88:ef:4e:3e:c3:5c:3d:c0:d6:4b:38:65:d3:3d:22:
                    2a:29:1c:6f:bb:29:45:ca:6c:38:fc:7b:11:04:89:
                    69:2d:98:44:ba:c3:f6:62:1a:71:ac:48:d6:01:0e:
                    23:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:1D:F5:3B:8A:E1:49:7E:FF:4E:18:01:D6:D4:7F:70:DE:26:C5:17
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dR31O4rhSX7_ThgB1tR_cN4mxRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:330::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:6a:92:1c:cb:4a:d5:f6:f9:70:67:e4:d9:d9:8e:1c:68:dd:
         21:f8:d0:37:d8:3a:56:64:78:21:2e:bf:c6:1d:46:1b:16:2a:
         ce:07:17:7d:94:05:4f:99:85:d5:9b:49:39:7d:60:3e:85:20:
         41:ca:15:09:26:05:7a:76:2d:1c:db:0b:41:16:df:34:a0:1e:
         c6:15:e9:c4:34:64:57:cd:2e:44:ae:18:6e:e7:5c:ab:fe:c6:
         c5:35:40:4d:97:f0:25:e8:c8:eb:01:cc:a8:f8:6d:86:10:30:
         47:1e:fe:df:b5:d5:e5:22:b5:cd:0c:ab:c8:19:f9:fe:88:8e:
         26:fd:1d:91:66:9e:01:10:61:88:58:e3:97:b1:89:ed:5f:e0:
         76:0f:c3:0f:bb:01:b9:85:ee:b4:5c:d7:e5:00:a2:33:82:6b:
         29:cb:34:b1:da:68:4f:55:30:d0:b8:43:8c:f0:02:a8:4b:7f:
         a0:73:23:34:5f:18:37:ac:c3:9b:02:bc:1c:70:e3:a6:7e:4f:
         2c:aa:ed:7d:53:9a:97:fb:ab:bd:fc:89:1f:ed:f0:10:1a:26:
         0a:cd:7e:78:98:83:02:9e:2f:20:9e:b6:9f:72:e2:42:0c:f2:
         76:e9:39:d6:ba:ee:66:f5:79:1c:91:9b:e8:8f:a4:79:62:29:
         66:2c:33:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OSvLjjb4EVoXuWCW7q6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTFkZjUzYjhhZTE0OTdlZmY0ZTE4MDFkNmQ0N2Y3MGRlMjZjNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Ke/1detlsSxD3XCbuMpCbDcyPtp
D6s10QUCnYFm6eUMPjaxCm0vFkb8/cI96J43x9GRfy4G+RsZI/KhA7ealdX3QXjR
o+yvDlYJYstFQUIA/bLMT2rR0b4qOSkIDvneoTQPItO5pg8aho50XBt4o20Bm+Iw
gkb9AHjI0K5F+ZU+/PLnMtZK7KJzOea/XsAlMkrTh/NUEazSiU0WFMLEavBBj9OZ
ytAfW4LA/tGIJqcOAi37ReYHx4zeBCzSm3NljpiE9n0sd6cDI2egPQhVjceI704+
w1w9wNZLOGXTPSIqKRxvuylFymw4/HsRBIlpLZhEusP2YhpxrEjWAQ4j1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHUd9TuK4Ul+/04YAdbUf3DeJsUXMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZFIzMU80cmhTWDdfVGhnQjF0Ul9jTjRteFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMw
MA0GCSqGSIb3DQEBCwUAA4IBAQA2apIcy0rV9vlwZ+TZ2Y4caN0h+NA32DpWZHgh
Lr/GHUYbFirOBxd9lAVPmYXVm0k5fWA+hSBByhUJJgV6di0c2wtBFt80oB7GFenE
NGRXzS5Erhhu51yr/sbFNUBNl/Al6MjrAcyo+G2GEDBHHv7ftdXlIrXNDKvIGfn+
iI4m/R2RZp4BEGGIWOOXsYntX+B2D8MPuwG5he60XNflAKIzgmspyzSx2mhPVTDQ
uEOM8AKoS3+gcyM0Xxg3rMObArwccOOmfk8squ19U5qX+6u9/Ikf7fAQGiYKzX54
mIMCni8gnrafcuJCDPJ26TnWuu5m9XkckZvoj6R5YilmLDNZ
-----END CERTIFICATE-----