This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tlWg0W1z3LT4HLFu37xhTKoA_Ok.roa
File:                     tlWg0W1z3LT4HLFu37xhTKoA_Ok.roa (raw, json)
Hash identifier:          /ivv2SwrlBCCW+99LDhRjEBpYoEwqxi90BrG1u2DJi0=
Subject key identifier:   B6:55:A0:D1:6D:73:DC:B4:F8:1C:B1:6E:DF:BC:61:4C:AA:00:FC:E9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E3939F5E6AA9B9EF5C5A953401C4E2C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tlWg0W1z3LT4HLFu37xhTKoA_Ok.roa
Signing time:             Fri 02 Jan 2026 10:20:38 +0000
ROA not before:           Fri 02 Jan 2026 10:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205013
IP address blocks:        2a0c:b641:7b0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:39:f5:e6:aa:9b:9e:f5:c5:a9:53:40:1c:4e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b655a0d16d73dcb4f81cb16edfbc614caa00fce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fd:1e:5d:06:8d:0f:3d:cc:54:07:e3:cc:71:
                    bb:93:a2:27:9f:c4:74:60:db:c5:4d:83:44:73:50:
                    48:58:64:f1:7f:1c:15:a2:60:bf:c4:66:01:66:b7:
                    a1:7c:fe:f7:b2:ad:92:cc:02:f4:78:0f:65:b2:dd:
                    e5:5c:2f:ee:6d:67:03:e9:91:b8:60:f0:68:2b:fc:
                    e8:49:2e:f5:de:ae:b6:31:2a:ca:b5:fe:41:c2:eb:
                    c8:6d:09:b2:8f:76:54:c4:8c:39:5c:a7:4b:5d:e2:
                    c6:3b:2a:d8:09:38:e5:24:5f:ef:2c:b1:b2:aa:39:
                    9f:71:bc:18:57:c1:2c:4b:c4:01:d6:fa:8f:d7:9d:
                    c4:55:b9:90:6c:a6:4f:af:79:cd:cc:47:45:a1:20:
                    00:54:ba:bb:d9:73:4a:8b:a4:fa:5a:37:9b:7b:71:
                    e7:f4:a3:8a:33:9b:f5:5b:06:e8:36:26:fb:96:55:
                    0d:1f:67:87:96:95:b0:46:24:67:bb:71:6c:5b:7b:
                    42:18:8d:81:1a:7a:dc:6a:76:78:aa:9f:eb:09:ae:
                    c8:f7:e6:ee:95:0a:08:af:79:d1:6a:43:14:e5:10:
                    cb:35:e0:85:01:f6:a0:72:2f:4a:5a:60:cf:0b:8f:
                    a7:49:e8:76:08:63:f7:bb:46:fc:2f:9b:de:9b:46:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:55:A0:D1:6D:73:DC:B4:F8:1C:B1:6E:DF:BC:61:4C:AA:00:FC:E9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tlWg0W1z3LT4HLFu37xhTKoA_Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:14:c1:c6:61:0c:5c:c7:dd:e5:b3:ad:89:0c:16:d0:39:36:
         93:cf:f8:19:75:ef:c8:df:c8:e9:84:c8:4c:92:90:fc:e6:a2:
         a2:2f:51:f2:87:4e:b4:ec:7c:30:1f:01:67:d9:37:fd:41:37:
         fa:9f:48:0f:44:2a:10:3f:40:a9:e5:e5:f5:fd:92:6e:eb:3b:
         2d:11:8a:bb:58:7f:6f:45:4d:45:85:48:5f:4f:f9:6f:e9:f7:
         1a:95:ed:4c:43:01:93:71:7f:12:66:f4:62:4b:1a:3a:48:34:
         40:61:40:b4:1c:8f:2a:35:72:93:3d:fc:18:d8:b0:72:6a:50:
         af:9e:2e:77:92:8b:75:95:cd:d9:50:a7:5f:91:fa:f4:c5:26:
         53:f1:23:bc:60:21:14:17:26:2a:cc:fa:d1:7a:18:12:f7:64:
         6f:ad:da:bd:14:4d:d8:51:ea:72:ec:1d:b4:93:f9:89:72:35:
         51:1f:49:47:7f:0b:ab:66:b8:1e:8c:e5:98:76:c7:f0:a0:7c:
         1e:1d:4c:4d:a9:f2:bb:a0:7e:3b:1d:fb:85:b5:ab:ab:f6:af:
         cb:25:d0:78:aa:39:e5:63:1d:ab:4d:f8:dc:65:fa:b6:21:e8:
         94:d1:cb:ed:e9:66:97:e3:5e:4a:3d:8d:e3:65:46:55:47:4f:
         6b:04:e3:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OTn15qqbnvXFqVNAHE4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjU1YTBkMTZkNzNkY2I0ZjgxY2IxNmVkZmJjNjE0Y2FhMDBmY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1P0eXQaNDz3MVAfjzHG7k6Inn8R0
YNvFTYNEc1BIWGTxfxwVomC/xGYBZrehfP73sq2SzAL0eA9lst3lXC/ubWcD6ZG4
YPBoK/zoSS713q62MSrKtf5BwuvIbQmyj3ZUxIw5XKdLXeLGOyrYCTjlJF/vLLGy
qjmfcbwYV8EsS8QB1vqP153EVbmQbKZPr3nNzEdFoSAAVLq72XNKi6T6Wjebe3Hn
9KOKM5v1WwboNib7llUNH2eHlpWwRiRnu3FsW3tCGI2BGnrcanZ4qp/rCa7I9+bu
lQoIr3nRakMU5RDLNeCFAfagci9KWmDPC4+nSeh2CGP3u0b8L5vem0ZQywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLZVoNFtc9y0+Byxbt+8YUyqAPzpMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdGxXZzBXMXozTFQ0SExGdTM3eGhUS29BX09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQew
MA0GCSqGSIb3DQEBCwUAA4IBAQAtFMHGYQxcx93ls62JDBbQOTaTz/gZde/I38jp
hMhMkpD85qKiL1Hyh0607HwwHwFn2Tf9QTf6n0gPRCoQP0Cp5eX1/ZJu6zstEYq7
WH9vRU1FhUhfT/lv6fcale1MQwGTcX8SZvRiSxo6SDRAYUC0HI8qNXKTPfwY2LBy
alCvni53kot1lc3ZUKdfkfr0xSZT8SO8YCEUFyYqzPrRehgS92Rvrdq9FE3YUepy
7B20k/mJcjVRH0lHfwurZrgejOWYdsfwoHweHUxNqfK7oH47HfuFtaur9q/LJdB4
qjnlYx2rTfjcZfq2IeiU0cvt6WaX415KPY3jZUZVR09rBOOr
-----END CERTIFICATE-----