This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mHqlmajAWFnwJD24zQGPqzm6gjk.roa
File:                     mHqlmajAWFnwJD24zQGPqzm6gjk.roa (raw, json)
Hash identifier:          uprFQOaHovlZXWGbXk6zZnI33QSG9mofVb5lZMdcth4=
Subject key identifier:   98:7A:A5:99:A8:C0:58:59:F0:24:3D:B8:CD:01:8F:AB:39:BA:82:39
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E3946190EAE4F1A203C2E68DF0FBF82
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mHqlmajAWFnwJD24zQGPqzm6gjk.roa
Signing time:             Fri 02 Jan 2026 10:20:41 +0000
ROA not before:           Fri 02 Jan 2026 10:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209294
IP address blocks:        2a0c:b641:310::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:46:19:0e:ae:4f:1a:20:3c:2e:68:df:0f:bf:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=987aa599a8c05859f0243db8cd018fab39ba8239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:68:33:7c:91:ba:97:05:13:5a:94:d0:2e:16:
                    50:f5:7c:07:19:33:4a:70:df:fd:d5:78:1e:14:3d:
                    47:a5:9e:b8:2e:00:79:ba:6c:f9:2b:ca:7e:c7:f4:
                    50:92:93:80:88:9b:fa:35:96:62:23:b3:e6:c7:8e:
                    95:2e:35:a4:85:40:2b:85:5c:2c:86:64:b2:75:16:
                    55:57:a2:63:b0:19:e9:28:9c:4b:fb:8f:49:6b:ef:
                    36:4f:b2:4b:db:e4:09:39:c4:71:8d:72:13:ff:cd:
                    df:89:90:ac:65:21:78:e0:b1:ab:29:49:09:07:af:
                    66:2a:9d:9a:ab:db:a2:89:d2:51:16:00:f1:77:de:
                    77:4e:22:35:da:10:2b:57:f8:14:88:32:fd:3e:20:
                    e2:07:4a:29:8c:c8:28:5a:a7:88:3f:a5:a3:f3:e9:
                    61:64:dd:2b:4b:8f:e2:4a:5f:17:4c:67:5a:9f:ed:
                    bc:9f:6c:d9:41:54:8a:37:22:b0:49:01:69:d7:cf:
                    85:ec:c4:39:ae:1c:c6:7c:de:68:67:d0:2e:d1:f7:
                    42:79:24:67:a0:ad:f0:df:a6:43:21:36:01:68:8b:
                    35:fb:80:03:39:76:74:26:49:85:cb:5b:a3:da:4b:
                    84:da:71:fa:ba:10:f1:5f:cc:0f:9e:7a:43:87:66:
                    ef:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:7A:A5:99:A8:C0:58:59:F0:24:3D:B8:CD:01:8F:AB:39:BA:82:39
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mHqlmajAWFnwJD24zQGPqzm6gjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:310::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:46:46:9b:d5:25:8e:5f:0b:6c:ba:18:c3:70:06:d4:70:cb:
         79:f7:c8:cb:c1:e5:c4:a7:09:90:e9:78:f3:da:c0:c8:a2:1a:
         af:4a:b0:bc:ac:ca:18:9d:1a:0e:f3:0b:5a:fb:56:b6:5f:8e:
         6a:ae:11:4b:9e:14:4f:c3:69:0b:5a:78:d1:bf:aa:8f:b8:59:
         fa:de:c6:a5:28:16:24:97:c5:22:36:ab:6a:fa:80:2e:11:22:
         4f:a4:63:70:19:b0:e2:82:39:fc:19:df:92:9d:a3:34:88:88:
         6b:32:70:9c:e7:32:a1:4c:94:74:a3:2e:42:d1:a8:95:da:b8:
         ab:93:78:19:a4:5f:ed:e1:9f:a0:1f:01:47:b6:0d:44:41:55:
         d5:c4:d1:10:29:c1:96:cb:51:5c:b3:f5:d9:b2:a2:d5:16:83:
         53:68:a0:fe:64:5c:b7:7d:32:aa:9f:c5:f6:e4:a2:28:59:16:
         17:de:7a:cd:f6:94:d9:23:c2:cf:bb:7a:ed:e1:63:90:27:66:
         b3:d1:67:79:51:0f:73:b6:01:11:b0:c8:30:5f:1e:00:03:a9:
         7c:1f:50:5b:33:55:66:55:d5:58:af:da:81:bb:3d:7f:31:15:
         73:1a:97:e8:7d:91:f4:10:d3:c5:c9:b6:61:02:97:4c:0d:8d:
         ca:a1:e1:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OUYZDq5PGiA8LmjfD7+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODdhYTU5OWE4YzA1ODU5ZjAyNDNkYjhjZDAxOGZhYjM5YmE4MjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GgzfJG6lwUTWpTQLhZQ9XwHGTNK
cN/91XgeFD1HpZ64LgB5umz5K8p+x/RQkpOAiJv6NZZiI7Pmx46VLjWkhUArhVws
hmSydRZVV6JjsBnpKJxL+49Ja+82T7JL2+QJOcRxjXIT/83fiZCsZSF44LGrKUkJ
B69mKp2aq9uiidJRFgDxd953TiI12hArV/gUiDL9PiDiB0opjMgoWqeIP6Wj8+lh
ZN0rS4/iSl8XTGdan+28n2zZQVSKNyKwSQFp18+F7MQ5rhzGfN5oZ9Au0fdCeSRn
oK3w36ZDITYBaIs1+4ADOXZ0JkmFy1uj2kuE2nH6uhDxX8wPnnpDh2bv/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJh6pZmowFhZ8CQ9uM0Bj6s5uoI5MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbUhxbG1hakFXRm53SkQyNHpRR1Bxem02Z2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBBRkab1SWOXwtsuhjDcAbUcMt598jLweXEpwmQ
6Xjz2sDIohqvSrC8rMoYnRoO8wta+1a2X45qrhFLnhRPw2kLWnjRv6qPuFn63sal
KBYkl8UiNqtq+oAuESJPpGNwGbDigjn8Gd+SnaM0iIhrMnCc5zKhTJR0oy5C0aiV
2rirk3gZpF/t4Z+gHwFHtg1EQVXVxNEQKcGWy1Fcs/XZsqLVFoNTaKD+ZFy3fTKq
n8X25KIoWRYX3nrN9pTZI8LPu3rt4WOQJ2az0Wd5UQ9ztgERsMgwXx4AA6l8H1Bb
M1VmVdVYr9qBuz1/MRVzGpfofZH0ENPFybZhApdMDY3KoeFe
-----END CERTIFICATE-----