This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/oSWAW_xtfRP1kJjTdeT7-EMsHhs.roa
File:                     oSWAW_xtfRP1kJjTdeT7-EMsHhs.roa (raw, json)
Hash identifier:          VrDqucHuEE6dnVKOl90iq4hpJn4sjUlsylTzaYP83Dw=
Subject key identifier:   A1:25:80:5B:FC:6D:7D:13:F5:90:98:D3:75:E4:FB:F8:43:2C:1E:1B
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B7B360B669A191DA548EE00986E2A5B47
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/oSWAW_xtfRP1kJjTdeT7-EMsHhs.roa
Signing time:             Thu 01 Jan 2026 20:18:17 +0000
ROA not before:           Thu 01 Jan 2026 20:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152920
IP address blocks:        2a0f:cf40::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:0b:66:9a:19:1d:a5:48:ee:00:98:6e:2a:5b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  1 20:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a125805bfc6d7d13f59098d375e4fbf8432c1e1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6f:75:42:b7:b1:23:84:5c:67:f0:28:c1:4b:
                    42:d4:59:99:50:8b:df:5d:29:04:8e:02:a2:41:e7:
                    1f:d3:fe:ff:dd:b6:ae:6f:32:6b:07:5c:30:ed:c5:
                    74:a0:3a:77:d9:8b:21:5d:82:f0:2e:7c:76:26:b0:
                    65:5a:8e:50:df:4f:28:ff:12:0d:33:3b:c5:b9:9c:
                    70:a5:85:6a:b0:71:4d:78:8e:85:55:da:3f:ce:8f:
                    99:ee:6d:55:1a:5f:c5:b1:72:a7:99:f5:db:e1:8d:
                    b5:24:95:67:a9:bb:5b:6d:00:19:0b:8b:de:7a:08:
                    d6:0e:00:96:44:22:57:61:ab:29:25:fa:a4:ed:b0:
                    e5:88:d5:32:69:b6:8b:22:c0:0b:85:5d:83:1e:7c:
                    2e:82:39:0e:51:e7:57:7c:91:d6:17:c1:13:c5:07:
                    70:8f:ae:18:b1:27:f0:6e:6e:e9:42:44:af:6a:3b:
                    47:02:72:85:b9:03:dc:a5:37:b5:b4:55:ba:df:94:
                    7d:e7:0c:58:95:d1:15:90:da:43:42:d8:28:e0:87:
                    ca:c0:f8:9c:1a:e5:7c:03:fc:e7:87:9d:22:ad:2a:
                    0a:71:db:4c:fc:ea:93:8d:93:e8:a0:0f:79:8d:ba:
                    ed:d8:da:99:82:1a:5d:f0:d6:86:ed:53:27:3e:40:
                    35:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:25:80:5B:FC:6D:7D:13:F5:90:98:D3:75:E4:FB:F8:43:2C:1E:1B
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/oSWAW_xtfRP1kJjTdeT7-EMsHhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:cf40::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:94:56:9d:0e:c1:87:b1:85:32:41:8d:53:f2:67:47:53:f5:
         41:34:53:2e:94:f3:3b:ce:df:80:94:00:f6:fc:05:b2:9b:6c:
         75:1f:72:44:9a:10:58:09:a0:46:0f:4a:02:15:e8:7e:9c:83:
         a1:60:24:f8:ae:78:89:c3:47:ae:0b:0c:0d:3f:92:c0:75:ff:
         15:64:bd:b8:24:98:78:9c:d0:e9:d5:87:f7:41:31:1e:e4:27:
         8a:f5:75:62:8b:2c:0c:81:0f:e6:b4:ff:7d:5a:10:3a:67:48:
         59:d7:5f:af:91:a8:d3:7f:e7:3f:b4:2d:c5:0e:89:b3:18:d9:
         e3:4f:73:50:f0:46:d2:dc:0c:31:1c:28:ee:36:04:7a:35:dc:
         7e:c8:14:89:f5:87:08:d7:c4:2f:eb:a2:d4:c8:99:89:47:4e:
         f4:8b:2a:2d:02:89:48:ab:a9:22:99:24:31:f2:34:07:fa:db:
         0b:6c:6d:1a:63:66:7b:15:da:05:42:03:7d:54:ba:03:33:a8:
         cf:69:95:16:8f:38:6e:06:f5:f8:eb:6f:3a:f1:11:af:38:eb:
         00:6e:5e:4e:97:de:89:54:5e:80:62:fd:f9:d4:c2:9e:aa:65:
         6c:9b:75:17:67:eb:05:c0:df:b0:4d:95:5b:0a:8f:cf:7c:de:
         52:64:32:3b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7NgtmmhkdpUjuAJhuKltHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTAxMjAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTI1ODA1YmZjNmQ3ZDEzZjU5MDk4ZDM3NWU0ZmJmODQzMmMxZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAom91QrexI4RcZ/AowUtC1FmZUIvf
XSkEjgKiQecf0/7/3baubzJrB1ww7cV0oDp32YshXYLwLnx2JrBlWo5Q308o/xIN
MzvFuZxwpYVqsHFNeI6FVdo/zo+Z7m1VGl/FsXKnmfXb4Y21JJVnqbtbbQAZC4ve
egjWDgCWRCJXYaspJfqk7bDliNUyabaLIsALhV2DHnwugjkOUedXfJHWF8ETxQdw
j64YsSfwbm7pQkSvajtHAnKFuQPcpTe1tFW635R95wxYldEVkNpDQtgo4IfKwPic
GuV8A/znh50irSoKcdtM/OqTjZPooA95jbrt2NqZghpd8NaG7VMnPkA1WwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKElgFv8bX0T9ZCY03Xk+/hDLB4bMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvb1NXQVdfeHRmUlAxa0pqVGRlVDctRU1zSGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg/PQAAw
DQYJKoZIhvcNAQELBQADggEBAIeUVp0OwYexhTJBjVPyZ0dT9UE0Uy6U8zvO34CU
APb8BbKbbHUfckSaEFgJoEYPSgIV6H6cg6FgJPiueInDR64LDA0/ksB1/xVkvbgk
mHic0OnVh/dBMR7kJ4r1dWKLLAyBD+a0/31aEDpnSFnXX6+RqNN/5z+0LcUOibMY
2eNPc1DwRtLcDDEcKO42BHo13H7IFIn1hwjXxC/rotTImYlHTvSLKi0CiUirqSKZ
JDHyNAf62wtsbRpjZnsV2gVCA31UugMzqM9plRaPOG4G9fjrbzrxEa846wBuXk6X
3olUXoBi/fnUwp6qZWybdRdn6wXA37BNlVsKj8983lJkMjs=
-----END CERTIFICATE-----