This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wDFzlPwsNs0v_IQaT4j_896eKWU.roa
File:                     wDFzlPwsNs0v_IQaT4j_896eKWU.roa (raw, json)
Hash identifier:          h8DXXObKKEymdsZZeHWI8jT1TyiZNQftSi9uTSDfXyU=
Subject key identifier:   C0:31:73:94:FC:2C:36:CD:2F:FC:84:1A:4F:88:FF:F3:DE:9E:29:65
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019B7D5D1A36B951A59C51D5054E9E4421AA
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wDFzlPwsNs0v_IQaT4j_896eKWU.roa
Signing time:             Fri 02 Jan 2026 06:20:12 +0000
ROA not before:           Fri 02 Jan 2026 06:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42532
IP address blocks:        2a11:8100::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:1a:36:b9:51:a5:9c:51:d5:05:4e:9e:44:21:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  2 06:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0317394fc2c36cd2ffc841a4f88fff3de9e2965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e1:7a:4f:68:68:5f:6b:15:93:4b:ae:59:6a:
                    cb:11:36:ae:0a:55:84:ae:14:15:61:ba:5b:96:ab:
                    34:f0:e8:0f:f8:31:82:f7:5e:2e:bb:6a:4e:c2:06:
                    30:49:63:36:e6:d3:63:2d:72:54:c0:87:1e:64:94:
                    31:c1:ea:d2:34:5c:76:bc:60:bb:06:8c:1a:2e:89:
                    c4:ec:35:38:be:00:61:be:44:bd:f4:0a:a8:ff:cc:
                    32:1a:85:6b:7f:d5:94:47:2a:dd:de:33:99:5b:05:
                    78:44:51:ef:f8:07:7f:fa:00:6f:67:46:ac:5d:4d:
                    b9:b6:53:70:33:c2:86:00:15:92:f8:a9:68:61:86:
                    ca:9d:2f:7c:e6:37:a7:aa:ef:b6:10:79:ab:e6:68:
                    69:2d:39:22:25:40:3d:5b:47:78:15:aa:bf:5e:d4:
                    5e:3f:07:ee:57:8a:03:40:65:12:2c:49:6f:aa:c9:
                    dc:9b:66:dc:dc:35:f5:3c:a9:31:07:47:df:05:8e:
                    a1:cb:a5:95:34:87:a8:9d:24:36:26:64:d6:8d:56:
                    7e:97:31:8b:90:71:34:42:fb:8b:16:fc:8d:03:cb:
                    6d:1b:93:70:71:a6:82:b5:f3:3b:09:45:9a:5c:38:
                    1d:a0:3c:b6:bb:31:8f:fd:04:35:45:09:28:53:7d:
                    d1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:31:73:94:FC:2C:36:CD:2F:FC:84:1A:4F:88:FF:F3:DE:9E:29:65
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/wDFzlPwsNs0v_IQaT4j_896eKWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         dd:82:e3:a9:8a:9c:a9:7c:d4:11:24:74:10:03:f8:9d:8a:85:
         3d:db:b5:27:af:97:a4:66:b9:cc:b8:b8:00:6e:5d:e2:0f:e0:
         52:94:a5:3b:e9:1e:78:c2:cc:af:e7:92:02:17:02:cf:63:9f:
         50:19:ae:8b:b9:5f:81:9b:8b:5a:ad:da:38:7e:bd:a5:73:10:
         2f:44:fd:bb:2c:e3:d0:e2:38:65:77:b3:c9:fc:fc:fd:2f:1b:
         68:67:8b:d0:cf:38:e4:98:32:32:99:32:8d:80:59:fb:c7:d6:
         47:97:9d:cc:db:6b:b7:16:95:24:9c:7d:2c:a4:2d:7c:a5:e2:
         e6:a3:7b:82:a5:eb:06:37:c0:e0:b7:00:5f:30:25:8d:43:c4:
         6e:aa:58:ac:b8:01:8a:14:4a:68:83:ae:7a:b8:07:f2:cb:76:
         70:c8:9c:05:cf:d5:a4:4d:42:37:2b:37:cf:ff:1a:2e:80:dc:
         c0:62:6d:3c:6f:6f:9e:80:46:e5:9d:25:77:d5:69:68:7b:f3:
         06:83:c0:8c:fc:c9:1d:bf:43:4d:54:03:a1:b3:e4:e7:20:02:
         2d:53:5a:9d:70:a4:f0:38:92:b7:a2:0a:be:44:26:a5:fc:ec:
         e7:25:49:1e:a9:03:52:ed:9f:a9:a7:89:87:57:d8:4d:73:10:
         7a:8e:8b:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9XRo2uVGlnFHVBU6eRCGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwMTAyMDYyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDMxNzM5NGZjMmMzNmNkMmZmYzg0MWE0Zjg4ZmZmM2RlOWUyOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOF6T2hoX2sVk0uuWWrLETauClWE
rhQVYbpblqs08OgP+DGC914uu2pOwgYwSWM25tNjLXJUwIceZJQxwerSNFx2vGC7
BowaLonE7DU4vgBhvkS99Aqo/8wyGoVrf9WURyrd3jOZWwV4RFHv+Ad/+gBvZ0as
XU25tlNwM8KGABWS+KloYYbKnS985jenqu+2EHmr5mhpLTkiJUA9W0d4Faq/XtRe
PwfuV4oDQGUSLElvqsncm2bc3DX1PKkxB0ffBY6hy6WVNIeonSQ2JmTWjVZ+lzGL
kHE0QvuLFvyNA8ttG5NwcaaCtfM7CUWaXDgdoDy2uzGP/QQ1RQkoU33RhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMAxc5T8LDbNL/yEGk+I//PenillMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvd0RGemxQd3NOczB2X0lRYVQ0al84OTZlS1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGBADAN
BgkqhkiG9w0BAQsFAAOCAQEA3YLjqYqcqXzUESR0EAP4nYqFPdu1J6+XpGa5zLi4
AG5d4g/gUpSlO+keeMLMr+eSAhcCz2OfUBmui7lfgZuLWq3aOH69pXMQL0T9uyzj
0OI4ZXezyfz8/S8baGeL0M845JgyMpkyjYBZ+8fWR5edzNtrtxaVJJx9LKQtfKXi
5qN7gqXrBjfA4LcAXzAljUPEbqpYrLgBihRKaIOuergH8st2cMicBc/VpE1CNys3
z/8aLoDcwGJtPG9vnoBG5Z0ld9VpaHvzBoPAjPzJHb9DTVQDobPk5yACLVNanXCk
8DiSt6IKvkQmpfzs5yVJHqkDUu2fqaeJh1fYTXMQeo6L0w==
-----END CERTIFICATE-----