This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/JlHGBE70CjYUjMlPy-yN4dzG-cs.roa
File:                     JlHGBE70CjYUjMlPy-yN4dzG-cs.roa (raw, json)
Hash identifier:          eJeCGZHCYQ5pmVVEGiFVOguyq7hsvoBtUeukZnmh3W4=
Subject key identifier:   26:51:C6:04:4E:F4:0A:36:14:8C:C9:4F:CB:EC:8D:E1:DC:C6:F9:CB
Certificate issuer:       /CN=e9aab1446100a8fce03df19d755e06329ee24713
Certificate serial:       019B85BBC5E20E47ABBB61AA1E4DF5F430FE
Authority key identifier: E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/JlHGBE70CjYUjMlPy-yN4dzG-cs.roa
Signing time:             Sat 03 Jan 2026 21:20:34 +0000
ROA not before:           Sat 03 Jan 2026 21:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48618
IP address blocks:        2a00:1a28:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:85:bb:c5:e2:0e:47:ab:bb:61:aa:1e:4d:f5:f4:30:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9aab1446100a8fce03df19d755e06329ee24713
        Validity
            Not Before: Jan  3 21:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2651c6044ef40a36148cc94fcbec8de1dcc6f9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:16:6b:2c:08:f5:0c:7c:40:f8:46:0c:8b:ac:
                    2b:9d:bb:a2:25:df:4d:76:e8:97:5c:c1:50:69:1e:
                    e0:02:31:6c:4f:18:47:10:a4:d6:75:3f:0c:02:a1:
                    4a:2a:a3:f4:41:d9:05:71:60:4a:70:5d:e4:85:d3:
                    a6:3a:f9:97:8e:16:60:78:bb:f0:fb:83:2c:48:6a:
                    e7:63:b9:96:df:ae:d0:aa:af:fa:f2:6a:6e:af:1a:
                    a3:ce:ed:66:70:d0:0c:7e:1d:6c:82:c1:11:e9:98:
                    e9:4c:c5:e9:98:d2:bd:1f:79:2d:08:d9:29:ba:47:
                    aa:a3:a5:58:ff:48:d5:8e:29:23:75:cc:5e:40:50:
                    c2:41:fe:81:72:c2:77:2b:d1:74:c8:d8:31:57:98:
                    e3:a3:f8:b6:ac:b6:d2:19:28:ba:91:40:3c:be:27:
                    29:14:32:08:ab:47:b2:be:d9:2b:10:b2:49:3c:be:
                    bc:a6:4a:dd:e1:08:4a:b2:df:cf:31:d8:cc:77:1c:
                    20:ce:0f:3a:15:67:5f:51:4d:5b:03:87:ec:e0:2c:
                    c4:99:96:c3:32:6b:13:db:a4:4c:85:40:94:37:2b:
                    ba:dc:19:54:1a:09:91:97:3b:2b:7e:b0:de:53:e4:
                    1e:2b:ee:43:20:d8:d8:7f:00:6b:ec:b5:74:ab:1a:
                    ec:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:51:C6:04:4E:F4:0A:36:14:8C:C9:4F:CB:EC:8D:E1:DC:C6:F9:CB
            X509v3 Authority Key Identifier:
                keyid:E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/JlHGBE70CjYUjMlPy-yN4dzG-cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1a28:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:4d:d6:f6:af:3d:00:c4:f8:2d:a4:0e:20:e6:7f:07:3f:3f:
         1d:cd:10:7b:21:09:d6:29:c6:85:08:bb:da:bd:82:a4:8f:ef:
         77:4c:e7:bd:bf:77:b5:8c:b9:a0:0f:4c:ba:86:17:13:f7:d2:
         cd:2a:67:58:a0:a3:06:d8:4a:36:55:a2:d8:f4:00:9b:ea:ba:
         4b:6d:51:db:3f:f2:8d:dc:ef:92:b1:b8:0e:ce:76:ca:04:2d:
         40:2a:2c:2a:c2:75:23:4e:f6:86:54:f8:66:b7:5d:d0:f1:a1:
         f9:65:3b:13:65:8f:61:c9:f1:b1:ab:e1:5e:0a:c5:ce:4f:a4:
         e1:9a:11:bd:c6:10:e4:46:42:f2:f2:33:d4:73:66:e0:e7:e1:
         46:55:08:e8:30:05:56:93:da:b6:10:72:f6:b6:bd:dd:80:d4:
         f0:94:45:82:ae:a0:b0:78:9b:65:88:fa:44:97:e4:df:84:54:
         d5:90:79:a8:35:b3:35:8c:44:cb:b8:bb:63:ae:f5:38:5f:64:
         41:b3:d0:03:b2:04:3e:eb:37:80:76:56:f4:4a:b7:ae:06:13:
         43:23:62:1f:6f:23:57:bf:02:d7:85:d9:3c:8b:ce:3a:78:5c:
         0a:02:c5:b6:38:d8:83:52:5f:35:64:86:f3:13:19:d0:59:d3:
         97:12:59:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZuFu8XiDkeru2GqHk319DD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWFiMTQ0NjEwMGE4ZmNlMDNkZjE5ZDc1NWUwNjMyOWVl
MjQ3MTMwHhcNMjYwMTAzMjEyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjUxYzYwNDRlZjQwYTM2MTQ4Y2M5NGZjYmVjOGRlMWRjYzZmOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhZrLAj1DHxA+EYMi6wrnbuiJd9N
duiXXMFQaR7gAjFsTxhHEKTWdT8MAqFKKqP0QdkFcWBKcF3khdOmOvmXjhZgeLvw
+4MsSGrnY7mW367Qqq/68mpurxqjzu1mcNAMfh1sgsER6ZjpTMXpmNK9H3ktCNkp
ukeqo6VY/0jVjikjdcxeQFDCQf6BcsJ3K9F0yNgxV5jjo/i2rLbSGSi6kUA8vicp
FDIIq0eyvtkrELJJPL68pkrd4QhKst/PMdjMdxwgzg86FWdfUU1bA4fs4CzEmZbD
MmsT26RMhUCUNyu63BlUGgmRlzsrfrDeU+QeK+5DINjYfwBr7LV0qxrsDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCZRxgRO9Ao2FIzJT8vsjeHcxvnLMB8GA1UdIwQY
MBaAFOmqsURhAKj84D3xnXVeBjKe4kcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYt
YTBkYzM1NGY0Y2EzLzEvSmxIR0JFNzBDallVak1sUHkteU40ZHpHLWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYtYTBkYzM1NGY0Y2Ez
LzEvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAaKAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBRTdb2rz0AxPgtpA4g5n8HPz8dzRB7IQnWKcaF
CLvavYKkj+93TOe9v3e1jLmgD0y6hhcT99LNKmdYoKMG2Eo2VaLY9ACb6rpLbVHb
P/KN3O+SsbgOznbKBC1AKiwqwnUjTvaGVPhmt13Q8aH5ZTsTZY9hyfGxq+FeCsXO
T6ThmhG9xhDkRkLy8jPUc2bg5+FGVQjoMAVWk9q2EHL2tr3dgNTwlEWCrqCweJtl
iPpEl+TfhFTVkHmoNbM1jETLuLtjrvU4X2RBs9ADsgQ+6zeAdlb0SreuBhNDI2If
byNXvwLXhdk8i846eFwKAsW2ONiDUl81ZIbzExnQWdOXElmD
-----END CERTIFICATE-----