This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pO9-o0JHF9Ut0fVs_LOO1O9zSLo.roa
File:                     pO9-o0JHF9Ut0fVs_LOO1O9zSLo.roa (raw, json)
Hash identifier:          yA9noBZgYD7C8UZ63tltWSF+JxUzDMWe82OTqCAUIO0=
Subject key identifier:   A4:EF:7E:A3:42:47:17:D5:2D:D1:F5:6C:FC:B3:8E:D4:EF:73:48:BA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E395487D8C12CE487A30C422660FA5B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pO9-o0JHF9Ut0fVs_LOO1O9zSLo.roa
Signing time:             Fri 02 Jan 2026 10:20:44 +0000
ROA not before:           Fri 02 Jan 2026 10:20:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211305
IP address blocks:        2a0c:b641:320::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:54:87:d8:c1:2c:e4:87:a3:0c:42:26:60:fa:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4ef7ea3424717d52dd1f56cfcb38ed4ef7348ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:09:66:ad:7d:ad:6c:1e:35:4e:a4:d4:4e:22:
                    0c:d8:1c:31:4d:ae:35:81:b8:5b:6b:34:2d:01:9d:
                    9c:38:24:9a:f5:eb:b2:b4:b0:61:db:fa:e5:9f:28:
                    52:17:86:e7:ab:50:8f:5f:fc:b3:28:cf:15:f3:4c:
                    06:5d:cb:bf:43:0e:73:55:42:18:48:7f:1d:1b:a9:
                    01:28:88:a1:ac:55:39:5a:df:ea:9a:23:6f:8d:e3:
                    fd:12:0a:09:59:88:56:77:d4:67:b2:91:60:03:a0:
                    8c:5d:91:d5:03:3b:a1:66:37:07:8a:e1:b7:c0:1c:
                    c1:fb:34:4d:c9:c5:94:d3:40:be:11:84:24:f8:16:
                    dc:ae:36:87:c5:61:00:43:27:d7:cf:c8:2d:b1:a9:
                    9c:a3:25:b4:cd:e4:fc:5f:4e:a2:86:20:1d:7f:55:
                    da:36:a7:f3:59:8a:a2:13:cb:74:49:df:60:d5:67:
                    95:a2:68:f1:21:26:68:b3:01:20:aa:c7:e1:06:ab:
                    f2:f3:f3:01:c8:71:da:6c:ec:46:a3:c8:83:ed:58:
                    6c:b6:ab:e5:41:2d:7d:d4:f2:c8:48:ee:16:78:7f:
                    39:e5:f9:2a:d6:0e:5e:69:d8:43:51:1f:58:05:1d:
                    7e:a9:67:dd:7a:04:fe:4e:df:0e:e0:c0:20:47:01:
                    f8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EF:7E:A3:42:47:17:D5:2D:D1:F5:6C:FC:B3:8E:D4:EF:73:48:BA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pO9-o0JHF9Ut0fVs_LOO1O9zSLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:320::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:87:22:5e:69:67:a2:f5:43:4a:6f:18:b4:a6:74:84:fc:37:
         38:4b:2f:54:58:93:5d:6e:eb:48:d2:81:26:a9:57:78:42:45:
         43:4e:10:7e:06:b1:db:3e:c1:f2:cc:81:b3:0a:d3:da:18:08:
         cc:16:b7:4e:57:dd:71:fb:e5:30:8f:31:ae:63:94:2a:5a:9c:
         9f:27:ff:9b:02:c4:c2:64:a8:75:22:00:df:d1:e6:63:d7:e1:
         e4:71:eb:59:e3:b4:eb:35:bd:78:67:95:0c:36:bc:2f:69:ef:
         18:b2:26:4d:56:dd:c1:8a:b4:a9:ff:16:d9:85:60:cf:ec:5d:
         39:51:aa:8d:d1:3d:11:19:24:6c:3f:42:bd:e7:82:ce:0c:82:
         b6:43:e1:38:c3:d0:9a:33:b3:33:98:a1:9d:ff:6d:a3:44:d7:
         72:b0:4c:83:45:76:ae:dc:8a:d5:01:76:c6:90:28:30:aa:9e:
         cc:5e:f2:a9:58:d3:3d:ea:54:8f:1a:5e:04:38:91:23:0b:2d:
         27:0f:1b:59:c2:1b:68:39:bc:3c:37:1c:cf:be:c0:eb:19:42:
         11:0f:03:c2:b5:71:3d:54:42:34:a5:98:2c:78:86:81:61:29:
         91:7a:f9:b3:d0:4b:40:82:2c:31:44:c7:02:37:ee:b5:3b:4d:
         8e:12:83:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OVSH2MEs5IejDEImYPpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVmN2VhMzQyNDcxN2Q1MmRkMWY1NmNmY2IzOGVkNGVmNzM0OGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQlmrX2tbB41TqTUTiIM2BwxTa41
gbhbazQtAZ2cOCSa9euytLBh2/rlnyhSF4bnq1CPX/yzKM8V80wGXcu/Qw5zVUIY
SH8dG6kBKIihrFU5Wt/qmiNvjeP9EgoJWYhWd9RnspFgA6CMXZHVAzuhZjcHiuG3
wBzB+zRNycWU00C+EYQk+BbcrjaHxWEAQyfXz8gtsamcoyW0zeT8X06ihiAdf1Xa
NqfzWYqiE8t0Sd9g1WeVomjxISZoswEgqsfhBqvy8/MByHHabOxGo8iD7Vhstqvl
QS191PLISO4WeH855fkq1g5eadhDUR9YBR1+qWfdegT+Tt8O4MAgRwH4+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKTvfqNCRxfVLdH1bPyzjtTvc0i6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcE85LW8wSkhGOVV0MGZWc19MT08xTzl6U0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMg
MA0GCSqGSIb3DQEBCwUAA4IBAQANhyJeaWei9UNKbxi0pnSE/Dc4Sy9UWJNdbutI
0oEmqVd4QkVDThB+BrHbPsHyzIGzCtPaGAjMFrdOV91x++UwjzGuY5QqWpyfJ/+b
AsTCZKh1IgDf0eZj1+HkcetZ47TrNb14Z5UMNrwvae8YsiZNVt3BirSp/xbZhWDP
7F05UaqN0T0RGSRsP0K954LODIK2Q+E4w9CaM7MzmKGd/22jRNdysEyDRXau3IrV
AXbGkCgwqp7MXvKpWNM96lSPGl4EOJEjCy0nDxtZwhtoObw8NxzPvsDrGUIRDwPC
tXE9VEI0pZgseIaBYSmRevmz0EtAgiwxRMcCN+61O02OEoPZ
-----END CERTIFICATE-----