This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yKmxZNuGAp1JxuzlY41q-ekCFoM.roa
File:                     yKmxZNuGAp1JxuzlY41q-ekCFoM.roa (raw, json)
Hash identifier:          RevNfcSV4EzecN/EhgijjcG1F5+QfOz6tF5YBTAs3N0=
Subject key identifier:   C8:A9:B1:64:DB:86:02:9D:49:C6:EC:E5:63:8D:6A:F9:E9:02:16:83
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E3960C8085BADCBCA9DA5765342817B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yKmxZNuGAp1JxuzlY41q-ekCFoM.roa
Signing time:             Fri 02 Jan 2026 10:20:48 +0000
ROA not before:           Fri 02 Jan 2026 10:20:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213382
IP address blocks:        2a0c:b641:830::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:60:c8:08:5b:ad:cb:ca:9d:a5:76:53:42:81:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8a9b164db86029d49c6ece5638d6af9e9021683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:34:83:4b:19:73:02:62:e4:9a:1c:49:85:1c:
                    4d:a1:49:58:fb:54:7e:6f:1c:39:30:76:56:41:fd:
                    37:3f:6a:59:94:ad:5b:da:e5:1f:b9:38:a4:62:d3:
                    93:a7:64:ea:eb:75:f2:3f:a6:93:28:29:31:a0:b7:
                    d0:5f:32:3d:c3:5c:02:92:1f:c1:7a:5a:33:03:b8:
                    f3:f3:f0:c6:7f:dc:a3:05:a3:c5:20:1d:e5:06:89:
                    0b:b3:03:ac:7f:68:f0:6a:82:f1:ad:a4:1a:27:b0:
                    f5:49:3b:0d:56:d9:3a:8b:d6:1b:ad:44:45:2b:ca:
                    4f:ef:e8:19:d2:47:3f:01:68:ef:1b:89:3d:d5:27:
                    c4:19:f8:19:2b:4e:40:1a:92:da:d5:7c:e3:6d:9a:
                    db:ca:2f:ee:f1:98:c7:01:31:00:88:0e:e8:08:ed:
                    9f:50:9a:a2:48:17:23:9f:8f:c2:67:f1:e0:5c:33:
                    aa:47:e8:a7:c3:dd:ae:53:6c:cd:f8:0c:83:5e:71:
                    4a:ad:fb:22:c7:6a:3c:10:17:9f:82:22:2c:02:1d:
                    dc:a7:0e:09:5d:c1:7f:1a:ea:af:df:63:cf:d4:4c:
                    8f:6d:6f:6d:d9:4c:73:26:68:9f:88:59:ee:86:21:
                    83:cc:da:39:63:bd:96:ef:f3:81:b5:a9:56:47:8d:
                    0b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A9:B1:64:DB:86:02:9D:49:C6:EC:E5:63:8D:6A:F9:E9:02:16:83
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yKmxZNuGAp1JxuzlY41q-ekCFoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:830::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:0b:4c:3b:4a:78:46:40:46:95:2d:37:d7:69:48:bf:04:26:
         16:b1:ef:a1:f7:65:d5:89:42:50:f7:b2:81:b3:51:d4:59:05:
         cb:79:59:4c:60:4a:c3:c7:cb:c7:34:a8:dc:fd:fd:83:22:14:
         44:a7:12:0c:b3:37:7e:eb:17:53:8c:a5:63:d3:3c:3d:a9:4c:
         5e:b1:29:62:91:18:46:75:df:a9:67:cd:f6:fb:df:47:bd:91:
         a2:07:93:ee:90:49:96:b8:d5:ac:92:d5:a9:c0:83:33:87:f7:
         48:a2:58:27:b0:96:85:db:42:03:6e:40:57:26:b8:de:c5:35:
         a7:75:6d:e8:9b:8b:12:b2:f0:6e:c9:cc:6a:6c:93:a0:e1:8c:
         ab:e7:60:e0:7a:97:de:8b:a5:24:13:e5:0a:74:72:3c:38:f0:
         d6:64:3e:a5:78:95:11:7a:58:c2:3c:c2:ee:79:46:07:71:84:
         b7:f8:39:ed:aa:96:2c:37:4e:9b:d2:fc:9f:70:16:b2:66:09:
         28:b5:8a:51:c1:d4:eb:46:1b:a3:91:89:56:ba:d4:a5:29:44:
         56:83:ab:9e:ea:c2:a3:b5:19:71:8d:0c:f9:f7:18:f9:95:c7:
         84:a0:95:e6:98:f3:a4:8c:98:ef:e4:26:2a:b4:e8:33:6b:4a:
         eb:2d:58:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OWDICFuty8qdpXZTQoF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE5YjE2NGRiODYwMjlkNDljNmVjZTU2MzhkNmFmOWU5MDIxNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDSDSxlzAmLkmhxJhRxNoUlY+1R+
bxw5MHZWQf03P2pZlK1b2uUfuTikYtOTp2Tq63XyP6aTKCkxoLfQXzI9w1wCkh/B
elozA7jz8/DGf9yjBaPFIB3lBokLswOsf2jwaoLxraQaJ7D1STsNVtk6i9YbrURF
K8pP7+gZ0kc/AWjvG4k91SfEGfgZK05AGpLa1XzjbZrbyi/u8ZjHATEAiA7oCO2f
UJqiSBcjn4/CZ/HgXDOqR+inw92uU2zN+AyDXnFKrfsix2o8EBefgiIsAh3cpw4J
XcF/Guqv32PP1EyPbW9t2UxzJmifiFnuhiGDzNo5Y72W7/OBtalWR40L9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMipsWTbhgKdScbs5WONavnpAhaDMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveUtteFpOdUdBcDFKeHV6bFk0MXEtZWtDRm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQgw
MA0GCSqGSIb3DQEBCwUAA4IBAQCXC0w7SnhGQEaVLTfXaUi/BCYWse+h92XViUJQ
97KBs1HUWQXLeVlMYErDx8vHNKjc/f2DIhREpxIMszd+6xdTjKVj0zw9qUxesSli
kRhGdd+pZ832+99HvZGiB5PukEmWuNWsktWpwIMzh/dIolgnsJaF20IDbkBXJrje
xTWndW3om4sSsvBuycxqbJOg4Yyr52Dgepfei6UkE+UKdHI8OPDWZD6leJUReljC
PMLueUYHcYS3+DntqpYsN06b0vyfcBayZgkotYpRwdTrRhujkYlWutSlKURWg6ue
6sKjtRlxjQz59xj5lceEoJXmmPOkjJjv5CYqtOgza0rrLVgc
-----END CERTIFICATE-----