This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/PBFghIae2xwjHfVkKp2B7TGOs9U.roa
File:                     PBFghIae2xwjHfVkKp2B7TGOs9U.roa (raw, json)
Hash identifier:          6sEYt1wV5te4lrcRseI0CvT+vo353HmkjymuLozkj+U=
Subject key identifier:   3C:11:60:84:86:9E:DB:1C:23:1D:F5:64:2A:9D:81:ED:31:8E:B3:D5
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       019B7FF223A287FBFB36DA2F9FE7341DAA30
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/PBFghIae2xwjHfVkKp2B7TGOs9U.roa
Signing time:             Fri 02 Jan 2026 18:22:13 +0000
ROA not before:           Fri 02 Jan 2026 18:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:23:a2:87:fb:fb:36:da:2f:9f:e7:34:1d:aa:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: Jan  2 18:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c116084869edb1c231df5642a9d81ed318eb3d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b2:cf:ed:13:81:fa:7f:c7:fb:3f:66:40:8f:
                    c4:02:b9:39:30:b1:24:8c:1d:4a:fa:33:b1:7c:49:
                    93:92:46:ac:04:ce:68:de:c5:11:a9:48:4c:40:a8:
                    0d:7a:09:a8:96:36:c9:18:d7:1a:61:ca:15:35:d1:
                    7a:bb:18:26:6d:7b:db:08:3d:88:6b:b6:ea:ff:05:
                    21:1d:5e:01:04:cc:cd:2f:8c:10:fc:08:f6:70:de:
                    24:a6:7a:9e:66:f9:0c:ad:e0:b0:79:f0:1b:26:77:
                    f5:9b:01:0e:ca:86:84:38:16:21:82:bf:db:a5:5c:
                    78:d1:3d:c3:2c:46:93:f0:03:2b:f5:93:40:7e:d6:
                    42:da:03:02:e8:c3:59:23:59:0c:a1:47:ba:f4:b1:
                    60:c6:9e:f0:bc:0f:11:3f:e5:9a:51:ee:89:66:1e:
                    6b:8c:b2:79:f1:ed:70:62:23:66:9d:ea:ff:25:c4:
                    9a:2a:5a:56:f3:73:4c:3d:eb:5b:f3:df:51:98:da:
                    61:9f:82:4c:8d:d5:c1:b3:0e:d5:40:7b:0a:4a:15:
                    50:be:b2:43:e7:cb:d3:3c:d9:ed:9a:84:34:7d:a6:
                    20:f8:3d:c0:d3:e6:65:b8:e1:ee:b1:fc:5f:53:3e:
                    11:37:8e:35:33:e0:d3:5d:9c:f8:f5:8f:a2:c4:8a:
                    08:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:11:60:84:86:9E:DB:1C:23:1D:F5:64:2A:9D:81:ED:31:8E:B3:D5
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/PBFghIae2xwjHfVkKp2B7TGOs9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:f1:7c:5d:ad:cc:cc:4a:eb:e7:b4:9f:a1:ef:97:23:21:6b:
         8e:82:ff:70:1f:e5:d5:49:b5:d0:46:ef:d7:54:aa:8f:89:1f:
         2e:c1:9e:42:a4:b0:c2:ef:f6:e1:b9:34:1d:07:e1:53:50:a1:
         8e:0d:0b:76:55:26:0e:94:3b:05:ea:8b:73:9b:87:a1:f4:46:
         da:73:5e:37:77:82:ca:77:69:83:55:b3:37:ec:1c:59:30:cf:
         e0:e9:5d:63:32:af:ee:bb:57:72:f1:f9:78:e3:fb:13:22:eb:
         fb:20:b1:15:8b:70:0e:0c:52:0c:23:e3:8c:4e:95:eb:b4:51:
         87:ab:fd:9e:83:60:42:76:9a:35:aa:0b:85:9b:e2:2c:0f:0c:
         33:2b:68:c2:2c:bc:ee:62:80:97:c0:19:9d:2b:79:7c:3c:22:
         49:12:06:60:83:0d:34:de:92:37:89:fd:d8:95:db:d1:68:d7:
         47:f7:74:df:02:57:6f:07:18:6e:44:e3:f7:6c:40:13:63:2a:
         91:7d:d8:f3:b5:33:2b:0d:51:de:33:8a:b7:62:f9:58:19:7f:
         dc:52:9c:12:35:d4:0a:bf:8d:b0:7e:4b:25:5a:cb:ff:34:d2:
         77:fe:2f:2e:e0:05:8e:49:92:4d:fc:72:91:96:61:c4:b4:ad:
         7a:4c:9d:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/8iOih/v7Ntovn+c0HaowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjYwMTAyMTgyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzExNjA4NDg2OWVkYjFjMjMxZGY1NjQyYTlkODFlZDMxOGViM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbLP7ROB+n/H+z9mQI/EArk5MLEk
jB1K+jOxfEmTkkasBM5o3sURqUhMQKgNegmoljbJGNcaYcoVNdF6uxgmbXvbCD2I
a7bq/wUhHV4BBMzNL4wQ/Aj2cN4kpnqeZvkMreCwefAbJnf1mwEOyoaEOBYhgr/b
pVx40T3DLEaT8AMr9ZNAftZC2gMC6MNZI1kMoUe69LFgxp7wvA8RP+WaUe6JZh5r
jLJ58e1wYiNmner/JcSaKlpW83NMPetb899RmNphn4JMjdXBsw7VQHsKShVQvrJD
58vTPNntmoQ0faYg+D3A0+ZluOHusfxfUz4RN441M+DTXZz49Y+ixIoIawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDwRYISGntscIx31ZCqdge0xjrPVMB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvUEJGZ2hJYWUyeHdqSGZWa0twMkI3VEdPczlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAcvF8Xa3MzErr57Sfoe+XIyFrjoL/cB/l1Um10Ebv
11Sqj4kfLsGeQqSwwu/24bk0HQfhU1Chjg0LdlUmDpQ7BeqLc5uHofRG2nNeN3eC
yndpg1WzN+wcWTDP4OldYzKv7rtXcvH5eOP7EyLr+yCxFYtwDgxSDCPjjE6V67RR
h6v9noNgQnaaNaoLhZviLA8MMytowiy87mKAl8AZnSt5fDwiSRIGYIMNNN6SN4n9
2JXb0WjXR/d03wJXbwcYbkTj92xAE2MqkX3Y87UzKw1R3jOKt2L5WBl/3FKcEjXU
Cr+NsH5LJVrL/zTSd/4vLuAFjkmSTfxykZZhxLStekyd7g==
-----END CERTIFICATE-----