This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/msLOv9dlE8f2VmPSihwsRj8weDU.roa
File:                     msLOv9dlE8f2VmPSihwsRj8weDU.roa (raw, json)
Hash identifier:          cBMjt0dWd+eQOgRlgcQ42G8b6L6eap6VfWK7Sey3cFI=
Subject key identifier:   9A:C2:CE:BF:D7:65:13:C7:F6:56:63:D2:8A:1C:2C:46:3F:30:78:35
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E391D746856C8386BF44EB340003825
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/msLOv9dlE8f2VmPSihwsRj8weDU.roa
Signing time:             Fri 02 Jan 2026 10:20:30 +0000
ROA not before:           Fri 02 Jan 2026 10:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7489
IP address blocks:        2a0c:b642:1a07::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 15:03:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:1d:74:68:56:c8:38:6b:f4:4e:b3:40:00:38:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ac2cebfd76513c7f65663d28a1c2c463f307835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6e:12:e7:93:57:ac:1e:89:98:79:ca:59:9c:
                    61:1c:39:0b:0e:88:7a:56:41:cf:70:de:be:1d:fb:
                    8d:f5:bb:89:0a:06:fc:96:5b:98:98:83:ba:d9:c5:
                    5f:90:b5:cb:61:5b:9b:64:fa:be:25:5a:82:f9:54:
                    6b:f1:8c:c8:45:70:37:92:3b:ed:09:32:aa:61:1f:
                    c0:d7:0e:23:a4:cc:aa:b3:e6:ed:fa:e5:d6:3e:8f:
                    9e:97:e7:80:f8:13:8e:f2:fe:8a:cb:51:5a:af:0f:
                    fd:25:1e:ef:f5:04:e2:e1:aa:68:cf:76:5f:f9:96:
                    71:e8:87:81:74:7c:ad:46:97:34:81:45:67:6f:0c:
                    77:5d:f8:12:9d:36:be:1b:6f:c2:aa:4a:6e:93:17:
                    f3:34:38:43:ad:50:49:c1:4c:22:61:ff:30:ab:ab:
                    d3:63:de:f8:b7:39:86:e6:b0:bf:41:80:2d:5c:bc:
                    42:3c:82:44:2e:16:e9:84:d3:6c:2d:00:51:00:12:
                    b9:b5:8e:66:da:7d:da:08:bb:f3:2c:0f:ac:29:4b:
                    a9:1c:40:38:79:4e:a4:3b:de:12:ee:32:b1:af:be:
                    37:ca:1c:e1:0e:5b:7f:f2:8a:55:93:6e:e2:73:33:
                    0a:e7:c2:34:07:e9:58:2e:32:48:30:67:83:c9:b9:
                    2b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C2:CE:BF:D7:65:13:C7:F6:56:63:D2:8A:1C:2C:46:3F:30:78:35
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/msLOv9dlE8f2VmPSihwsRj8weDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a07::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:e8:0c:8c:dd:f6:6f:fb:22:4e:be:76:1f:af:ed:3e:ee:c8:
         20:8f:05:66:bb:f9:a8:45:b3:1d:4a:64:9b:75:3f:04:44:66:
         71:fe:01:7e:d3:de:8e:f0:37:3c:33:3f:47:ab:4b:9b:0b:44:
         09:70:e5:b6:57:ae:f6:34:e6:91:7e:c2:3f:6c:b5:96:f5:a2:
         bc:2a:6e:30:00:9f:9d:d6:4b:63:fb:c6:3a:f0:f4:31:08:b0:
         de:d4:d2:42:88:13:76:58:76:e2:b0:67:35:cf:96:42:c9:e6:
         f9:9d:72:68:54:bd:0c:27:90:3c:fc:82:d1:9c:ce:db:04:55:
         c9:4b:e3:93:7d:2c:2b:e6:0e:27:9b:b1:00:2c:9b:21:93:25:
         a7:92:9a:c0:7b:7b:b9:f0:c3:74:70:60:5d:04:14:e2:d6:52:
         14:6e:9a:84:56:d6:cb:19:aa:15:a2:2c:43:90:a3:08:7a:27:
         e4:b6:e7:d2:8a:42:0c:c6:47:1e:c1:49:ab:27:e7:a3:d9:9d:
         0f:3a:de:c3:38:a7:0d:22:7c:d3:a2:1d:d9:26:1a:5f:87:6b:
         40:44:2b:7b:31:28:bc:03:15:4a:96:16:a9:63:94:7f:72:39:
         ed:9c:e4:2c:a1:36:cc:41:8a:6e:1c:8f:71:e6:76:16:ea:5e:
         25:41:4e:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OR10aFbIOGv0TrNAADglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWMyY2ViZmQ3NjUxM2M3ZjY1NjYzZDI4YTFjMmM0NjNmMzA3ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw24S55NXrB6JmHnKWZxhHDkLDoh6
VkHPcN6+HfuN9buJCgb8lluYmIO62cVfkLXLYVubZPq+JVqC+VRr8YzIRXA3kjvt
CTKqYR/A1w4jpMyqs+bt+uXWPo+el+eA+BOO8v6Ky1Farw/9JR7v9QTi4apoz3Zf
+ZZx6IeBdHytRpc0gUVnbwx3XfgSnTa+G2/CqkpukxfzNDhDrVBJwUwiYf8wq6vT
Y974tzmG5rC/QYAtXLxCPIJELhbphNNsLQBRABK5tY5m2n3aCLvzLA+sKUupHEA4
eU6kO94S7jKxr743yhzhDlt/8opVk27iczMK58I0B+lYLjJIMGeDybkrIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJrCzr/XZRPH9lZj0oocLEY/MHg1MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbXNMT3Y5ZGxFOGYyVm1QU2lod3NSajh3ZURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoH
MA0GCSqGSIb3DQEBCwUAA4IBAQAh6AyM3fZv+yJOvnYfr+0+7sggjwVmu/moRbMd
SmSbdT8ERGZx/gF+096O8Dc8Mz9Hq0ubC0QJcOW2V672NOaRfsI/bLWW9aK8Km4w
AJ+d1ktj+8Y68PQxCLDe1NJCiBN2WHbisGc1z5ZCyeb5nXJoVL0MJ5A8/ILRnM7b
BFXJS+OTfSwr5g4nm7EALJshkyWnkprAe3u58MN0cGBdBBTi1lIUbpqEVtbLGaoV
oixDkKMIeifktufSikIMxkcewUmrJ+ej2Z0POt7DOKcNInzToh3ZJhpfh2tARCt7
MSi8AxVKlhapY5R/cjntnOQsoTbMQYpuHI9x5nYW6l4lQU6p
-----END CERTIFICATE-----