This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8B2OpR0uRL2FMmC1O2ZU7nlPPyc.roa
File:                     8B2OpR0uRL2FMmC1O2ZU7nlPPyc.roa (raw, json)
Hash identifier:          poPicSh/MHjn+zNOSYV7bGTSnbO9NymTUGa9CPZhEBE=
Subject key identifier:   F0:1D:8E:A5:1D:2E:44:BD:85:32:60:B5:3B:66:54:EE:79:4F:3F:27
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019B7E38BBEF70CCBE2A9C86CA0F6CEAF4A9
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8B2OpR0uRL2FMmC1O2ZU7nlPPyc.roa
Signing time:             Fri 02 Jan 2026 10:20:05 +0000
ROA not before:           Fri 02 Jan 2026 10:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213750
IP address blocks:        2a13:a5c7:2700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:bb:ef:70:cc:be:2a:9c:86:ca:0f:6c:ea:f4:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 10:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f01d8ea51d2e44bd853260b53b6654ee794f3f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c9:67:6d:71:3b:01:d0:92:a3:cc:6a:93:d1:
                    99:2b:0c:1d:8f:23:99:63:bd:56:75:8b:9c:de:b5:
                    a9:07:8a:82:a0:98:26:2a:dc:78:8a:d9:00:d0:c0:
                    86:7e:a7:a8:65:7d:61:86:7f:01:7d:f9:db:57:29:
                    4a:f5:43:50:29:93:c5:7d:36:56:32:e5:01:d7:9a:
                    89:b3:fc:0d:93:50:25:d1:aa:a7:1a:99:68:51:66:
                    70:65:6b:6f:eb:fb:5e:2b:18:ec:f1:d7:29:d2:c3:
                    2f:e0:e2:a8:ff:b6:dd:d3:07:96:f2:38:b4:20:65:
                    56:30:87:1b:0a:1d:8d:9a:05:39:35:0a:3e:c7:e8:
                    f4:3b:ab:30:60:26:7a:ec:0b:2b:af:02:31:a1:7c:
                    67:60:22:8f:db:88:57:69:6e:cc:37:75:ef:4b:eb:
                    ba:c4:5f:4c:ec:6c:a1:6b:56:0d:99:95:cf:ae:e6:
                    81:33:0e:ca:c5:2f:a8:86:92:1f:b3:6e:d4:7f:35:
                    d7:1f:32:09:01:7b:8c:24:18:db:65:f0:e5:e9:f0:
                    8a:60:ae:f4:0d:58:fb:3d:b5:a1:2f:68:df:a9:e2:
                    d5:ac:ff:f7:3d:e7:5e:69:06:47:ff:70:31:5b:f2:
                    be:17:56:62:0c:58:30:ee:89:43:cd:b2:24:7b:8b:
                    3b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1D:8E:A5:1D:2E:44:BD:85:32:60:B5:3B:66:54:EE:79:4F:3F:27
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8B2OpR0uRL2FMmC1O2ZU7nlPPyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2700::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:ce:2e:a3:16:e1:9a:db:5c:4e:bf:30:69:5b:15:60:db:30:
         27:96:aa:bc:17:96:b0:62:02:ad:d1:56:bc:d6:c6:6d:ea:81:
         c9:8e:2b:41:9c:63:f9:19:d6:2f:f9:0e:97:33:36:5a:e2:ac:
         57:6b:02:a9:b9:89:3f:86:07:5e:6f:38:d4:24:f9:ec:97:0b:
         ac:2e:d0:66:1c:b9:0b:7f:47:98:10:67:d2:80:a3:c3:70:a8:
         0f:4b:26:d1:65:ac:7f:0b:6f:9d:98:6d:e2:b9:48:4d:df:e8:
         2f:9c:6e:19:eb:32:df:8e:c3:3a:51:08:ff:a4:81:83:3a:85:
         0e:b0:ff:eb:43:9d:f8:f8:a2:7d:ba:5d:51:f3:80:23:ed:86:
         b0:6c:bd:04:9f:45:ba:e3:6b:e6:a9:04:15:12:0a:01:07:ac:
         9e:ac:f0:26:40:98:da:2b:90:5e:7c:d4:1d:6b:24:8d:7a:7d:
         9a:09:f9:82:9f:6f:c2:c2:32:1c:f1:8e:6e:76:16:4e:6f:1a:
         1f:51:e2:ca:a0:a8:59:2d:c5:87:31:f9:dc:8c:32:df:92:2a:
         bf:dc:57:7b:52:a0:49:b7:05:88:56:61:62:6e:8d:fa:db:e8:
         38:96:a3:1d:99:af:e2:e2:cc:fb:4b:f1:76:71:26:35:8f:bc:
         8e:3d:b6:e1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+OLvvcMy+KpyGyg9s6vSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjYwMTAyMTAyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDFkOGVhNTFkMmU0NGJkODUzMjYwYjUzYjY2NTRlZTc5NGYzZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtslnbXE7AdCSo8xqk9GZKwwdjyOZ
Y71WdYuc3rWpB4qCoJgmKtx4itkA0MCGfqeoZX1hhn8BffnbVylK9UNQKZPFfTZW
MuUB15qJs/wNk1Al0aqnGploUWZwZWtv6/teKxjs8dcp0sMv4OKo/7bd0weW8ji0
IGVWMIcbCh2NmgU5NQo+x+j0O6swYCZ67AsrrwIxoXxnYCKP24hXaW7MN3XvS+u6
xF9M7Gyha1YNmZXPruaBMw7KxS+ohpIfs27UfzXXHzIJAXuMJBjbZfDl6fCKYK70
DVj7PbWhL2jfqeLVrP/3PedeaQZH/3AxW/K+F1ZiDFgw7olDzbIke4s71QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPAdjqUdLkS9hTJgtTtmVO55Tz8nMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvOEIyT3BSMHVSTDJGTW1DMU8yWlU3bmxQUHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxycw
DQYJKoZIhvcNAQELBQADggEBAIbOLqMW4ZrbXE6/MGlbFWDbMCeWqrwXlrBiAq3R
VrzWxm3qgcmOK0GcY/kZ1i/5DpczNlrirFdrAqm5iT+GB15vONQk+eyXC6wu0GYc
uQt/R5gQZ9KAo8NwqA9LJtFlrH8Lb52YbeK5SE3f6C+cbhnrMt+OwzpRCP+kgYM6
hQ6w/+tDnfj4on26XVHzgCPthrBsvQSfRbrja+apBBUSCgEHrJ6s8CZAmNorkF58
1B1rJI16fZoJ+YKfb8LCMhzxjm52Fk5vGh9R4sqgqFktxYcx+dyMMt+SKr/cV3tS
oEm3BYhWYWJujfrb6DiWox2Zr+LizPtL8XZxJjWPvI49tuE=
-----END CERTIFICATE-----