This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PS0uuOocv5Mg3PSS2FxV2Ue3-yQ.roa
File:                     PS0uuOocv5Mg3PSS2FxV2Ue3-yQ.roa (raw, json)
Hash identifier:          2S3OF4+hINSHD1L8AKmJ9dvia5i1NKPrmBwsYzuI6tk=
Subject key identifier:   3D:2D:2E:B8:EA:1C:BF:93:20:DC:F4:92:D8:5C:55:D9:47:B7:FB:24
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019B7F8538DBC67F9F9029F92F9F99F93A2F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PS0uuOocv5Mg3PSS2FxV2Ue3-yQ.roa
Signing time:             Fri 02 Jan 2026 16:23:15 +0000
ROA not before:           Fri 02 Jan 2026 16:23:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44853
IP address blocks:        2a0b:fdc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:38:db:c6:7f:9f:90:29:f9:2f:9f:99:f9:3a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  2 16:23:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d2d2eb8ea1cbf9320dcf492d85c55d947b7fb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2e:b7:54:b2:e1:f4:5f:60:f2:be:c2:db:2d:
                    01:64:0d:48:fe:37:1c:8d:84:ca:fe:6a:1e:3b:8d:
                    61:ec:c0:0c:25:81:b8:2b:f3:10:13:d1:ab:c5:57:
                    5a:14:4a:9d:f8:e2:89:b8:64:99:02:fe:ca:02:31:
                    7b:01:5f:48:25:1c:37:7b:f9:ea:54:52:a3:54:64:
                    1b:91:33:b1:a5:1d:a9:d4:f8:25:2b:94:09:71:4f:
                    03:69:88:87:bd:57:e2:ee:5a:1d:b6:7d:c4:42:ff:
                    9d:32:77:45:3a:3f:ac:ed:e8:dd:9a:99:89:a0:f8:
                    57:83:2f:59:ab:b0:3c:a4:03:d1:9e:46:31:db:ec:
                    54:34:0a:40:b0:20:23:c9:be:31:01:ce:61:e0:e5:
                    dd:35:5d:dc:a9:c3:96:dd:85:18:3f:0e:56:81:4a:
                    c7:b1:90:2b:c3:a4:99:b3:68:1e:95:32:4e:04:c5:
                    76:4f:ad:03:ff:69:21:63:de:c4:2a:9f:aa:19:07:
                    ee:c4:00:c0:8a:9b:e9:37:65:07:87:ce:b4:1d:8e:
                    d8:87:b1:45:0f:f3:26:4c:f5:66:67:f7:97:60:2a:
                    9e:12:cb:05:5c:f5:54:cf:bc:24:fe:e2:ef:ad:b6:
                    b8:99:b8:61:d0:11:34:70:93:b3:d9:3b:77:eb:1a:
                    84:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2D:2E:B8:EA:1C:BF:93:20:DC:F4:92:D8:5C:55:D9:47:B7:FB:24
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PS0uuOocv5Mg3PSS2FxV2Ue3-yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:fdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:08:98:7b:4f:ee:6a:76:a8:69:7a:dc:89:35:6c:36:b9:6c:
         1a:fa:98:1f:ca:40:fc:cc:7a:89:bc:e6:f3:8e:8f:e5:ae:98:
         68:7e:a9:c0:35:e4:03:83:3d:c1:11:b1:fc:38:04:b0:1b:3d:
         42:49:3b:39:17:ee:d2:13:17:5a:1e:3f:be:63:25:e5:16:02:
         da:8d:86:e2:d8:1c:0d:7c:db:57:57:ca:34:be:0a:3b:bb:93:
         c2:b8:84:b4:49:61:7d:3c:37:d4:6f:66:e3:20:26:21:09:de:
         21:36:2c:24:22:f8:b1:b0:7b:7d:a2:15:2e:d8:e4:96:68:74:
         00:fc:48:32:e3:ab:62:bb:6b:b5:1e:e2:6e:b3:37:be:41:37:
         16:c0:53:79:6a:36:5c:b0:e8:b9:41:24:c0:5d:d8:f8:a4:e6:
         cd:fa:96:14:9f:80:8a:be:64:48:94:65:90:9b:2e:46:d5:42:
         08:0d:aa:ab:f9:96:36:2c:3f:4a:70:5d:7f:c5:bc:4a:cb:1a:
         ed:07:98:73:2c:64:34:61:94:e6:f3:d9:4c:d8:08:33:07:d1:
         d8:54:e6:2b:37:14:92:60:db:7f:53:08:c2:47:05:97:6b:8c:
         1a:64:cf:f2:fd:18:7c:3a:34:ae:25:1f:3f:d9:4a:b1:91:fc:
         cc:27:f3:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/hTjbxn+fkCn5L5+Z+TovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwMTAyMTYyMzE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJkMmViOGVhMWNiZjkzMjBkY2Y0OTJkODVjNTVkOTQ3YjdmYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy63VLLh9F9g8r7C2y0BZA1I/jcc
jYTK/moeO41h7MAMJYG4K/MQE9GrxVdaFEqd+OKJuGSZAv7KAjF7AV9IJRw3e/nq
VFKjVGQbkTOxpR2p1PglK5QJcU8DaYiHvVfi7lodtn3EQv+dMndFOj+s7ejdmpmJ
oPhXgy9Zq7A8pAPRnkYx2+xUNApAsCAjyb4xAc5h4OXdNV3cqcOW3YUYPw5WgUrH
sZArw6SZs2gelTJOBMV2T60D/2khY97EKp+qGQfuxADAipvpN2UHh860HY7Yh7FF
D/MmTPVmZ/eXYCqeEssFXPVUz7wk/uLvrba4mbhh0BE0cJOz2Tt36xqEcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0tLrjqHL+TINz0kthcVdlHt/skMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUFMwdXVPb2N2NU1nM1BTUzJGeFYyVWUzLXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgv9wDAN
BgkqhkiG9w0BAQsFAAOCAQEAMwiYe0/uanaoaXrciTVsNrlsGvqYH8pA/Mx6ibzm
846P5a6YaH6pwDXkA4M9wRGx/DgEsBs9Qkk7ORfu0hMXWh4/vmMl5RYC2o2G4tgc
DXzbV1fKNL4KO7uTwriEtElhfTw31G9m4yAmIQneITYsJCL4sbB7faIVLtjklmh0
APxIMuOrYrtrtR7ibrM3vkE3FsBTeWo2XLDouUEkwF3Y+KTmzfqWFJ+Air5kSJRl
kJsuRtVCCA2qq/mWNiw/SnBdf8W8Sssa7QeYcyxkNGGU5vPZTNgIMwfR2FTmKzcU
kmDbf1MIwkcFl2uMGmTP8v0YfDo0riUfP9lKsZH8zCfz2Q==
-----END CERTIFICATE-----