This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/YswYZYlKWOyRavy0ATCTvPfm9wQ.roa
File:                     YswYZYlKWOyRavy0ATCTvPfm9wQ.roa (raw, json)
Hash identifier:          aGrODVPH+/3IzPSKFduvxP2Zeu3f9DRc9hp0rYqfO0U=
Subject key identifier:   62:CC:18:65:89:4A:58:EC:91:6A:FC:B4:01:30:93:BC:F7:E6:F7:04
Certificate issuer:       /CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
Certificate serial:       019B76EB9CB6DBF62A2E243793734F333618
Authority key identifier: 70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/YswYZYlKWOyRavy0ATCTvPfm9wQ.roa
Signing time:             Thu 01 Jan 2026 00:18:31 +0000
ROA not before:           Thu 01 Jan 2026 00:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51134
IP address blocks:        2a01:430:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:9c:b6:db:f6:2a:2e:24:37:93:73:4f:33:36:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
        Validity
            Not Before: Jan  1 00:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62cc1865894a58ec916afcb4013093bcf7e6f704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:39:f0:df:d7:30:cb:b9:e3:06:03:41:ce:
                    36:8a:d5:66:f3:86:81:cc:14:f9:f8:c1:c5:e8:5d:
                    e7:78:1d:9b:86:ca:dc:1b:3e:18:c9:1b:50:84:b3:
                    0c:08:e7:b9:0e:a1:80:1a:aa:94:ea:c6:92:b2:0a:
                    35:c9:2a:35:4e:fd:a9:06:4c:28:18:44:8a:6f:68:
                    3c:fe:9b:c9:ee:bd:93:11:6c:91:3b:2e:fd:5f:65:
                    04:0d:6e:da:4b:04:a0:5a:16:7e:9d:4e:ce:71:37:
                    e7:02:22:60:8d:21:f5:1b:67:5a:0a:22:be:a3:07:
                    40:ef:d2:ed:0e:48:68:67:f3:71:17:95:45:56:8b:
                    22:30:ab:7b:70:eb:0a:9b:d9:ff:76:9c:16:3a:11:
                    03:57:bc:c7:2c:91:1a:d5:74:50:47:ee:99:07:3a:
                    c8:46:6b:92:6f:48:56:6a:f2:d0:ae:d1:3d:98:3d:
                    64:62:2e:cb:f7:3d:bf:16:f1:08:45:cc:a3:a1:19:
                    ab:3d:b0:ff:4e:9a:95:6b:4b:3c:d1:19:00:91:83:
                    b3:dc:cb:e8:e5:8a:03:f0:36:28:e7:53:95:c2:4e:
                    2a:60:9d:1b:c9:10:57:4c:71:f1:43:64:6f:9d:61:
                    9d:e6:6c:1b:d6:34:e3:a1:14:93:bf:ca:fc:c1:0d:
                    5b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:CC:18:65:89:4A:58:EC:91:6A:FC:B4:01:30:93:BC:F7:E6:F7:04
            X509v3 Authority Key Identifier:
                keyid:70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/YswYZYlKWOyRavy0ATCTvPfm9wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:430:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:b5:34:45:ac:ea:c5:d9:dd:2c:3d:83:f9:59:81:8f:88:94:
         d7:d0:18:7f:cb:68:6a:17:ed:e1:ba:17:39:b5:55:08:ea:87:
         59:4d:6e:25:90:fe:4e:73:6a:ad:f9:7b:7c:af:3e:39:42:71:
         fe:9d:f2:d5:64:07:c2:e8:23:fa:f1:62:e4:40:fb:4d:40:5f:
         a7:86:52:ec:5e:12:bf:73:d4:21:11:66:fe:24:c0:87:a2:3d:
         d0:4b:1c:74:d2:87:c6:a5:05:47:2d:49:85:50:a7:a9:65:ea:
         b6:f5:29:06:06:5f:d7:1a:3a:f6:3e:f1:86:54:75:a9:c8:b0:
         e9:43:24:7e:6a:62:1a:86:7c:8d:be:51:d4:a9:4f:03:76:be:
         d4:1e:e0:34:a8:b2:e1:3b:9c:3c:b3:4d:81:ef:b5:54:91:67:
         85:ff:30:c6:63:3b:7a:43:e0:f5:03:9a:0e:1f:dc:46:f3:94:
         e5:ec:f3:c3:43:d0:f0:92:19:be:4d:94:06:aa:f7:4f:86:ae:
         5d:cc:05:8c:44:d4:f5:1d:ad:34:a5:11:22:bf:97:09:31:83:
         de:60:e8:27:b2:b4:5b:88:f8:b2:cd:e6:6f:e3:1d:80:1f:5e:
         a6:8e:51:b0:af:6a:48:cb:87:37:a0:9c:05:9e:68:ea:7d:41:
         03:0c:91:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt265y22/YqLiQ3k3NPMzYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYWQzNTNjYzFhMGQxNmQ1ZThlMTRhMzc1NzVhNmYzZDYw
NTYzZjgwHhcNMjYwMTAxMDAxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmNjMTg2NTg5NGE1OGVjOTE2YWZjYjQwMTMwOTNiY2Y3ZTZmNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNk58N/XMMu54wYDQc42itVm84aB
zBT5+MHF6F3neB2bhsrcGz4YyRtQhLMMCOe5DqGAGqqU6saSsgo1ySo1Tv2pBkwo
GESKb2g8/pvJ7r2TEWyROy79X2UEDW7aSwSgWhZ+nU7OcTfnAiJgjSH1G2daCiK+
owdA79LtDkhoZ/NxF5VFVosiMKt7cOsKm9n/dpwWOhEDV7zHLJEa1XRQR+6ZBzrI
RmuSb0hWavLQrtE9mD1kYi7L9z2/FvEIRcyjoRmrPbD/TpqVa0s80RkAkYOz3Mvo
5YoD8DYo51OVwk4qYJ0byRBXTHHxQ2RvnWGd5mwb1jTjoRSTv8r8wQ1bFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGLMGGWJSljskWr8tAEwk7z35vcEMB8GA1UdIwQY
MBaAFHCtNTzBoNFtXo4Uo3V1pvPWBWP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1Zjkt
MTUwNGVhNTNlMjU1LzEvWXN3WVpZbEtXT3lSYXZ5MEFUQ1R2UGZtOXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1ZjktMTUwNGVhNTNlMjU1
LzEvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEMAAR
MA0GCSqGSIb3DQEBCwUAA4IBAQA7tTRFrOrF2d0sPYP5WYGPiJTX0Bh/y2hqF+3h
uhc5tVUI6odZTW4lkP5Oc2qt+Xt8rz45QnH+nfLVZAfC6CP68WLkQPtNQF+nhlLs
XhK/c9QhEWb+JMCHoj3QSxx00ofGpQVHLUmFUKepZeq29SkGBl/XGjr2PvGGVHWp
yLDpQyR+amIahnyNvlHUqU8Ddr7UHuA0qLLhO5w8s02B77VUkWeF/zDGYzt6Q+D1
A5oOH9xG85Tl7PPDQ9Dwkhm+TZQGqvdPhq5dzAWMRNT1Ha00pREiv5cJMYPeYOgn
srRbiPiyzeZv4x2AH16mjlGwr2pIy4c3oJwFnmjqfUEDDJGb
-----END CERTIFICATE-----