This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/SQCsFnrjeuZiVY1_BfYgIg4qi-k.roa
File:                     SQCsFnrjeuZiVY1_BfYgIg4qi-k.roa (raw, json)
Hash identifier:          5RBF/vlBHGxON2JarwGOKKIBZfcvo+qjnXq8BAVhPwI=
Subject key identifier:   49:00:AC:16:7A:E3:7A:E6:62:55:8D:7F:05:F6:20:22:0E:2A:8B:E9
Certificate issuer:       /CN=b0dfafd36730396fe338e772dadbe4c3c85cd952
Certificate serial:       019B7CECB85B1826F40872D3B33B454D1CB1
Authority key identifier: B0:DF:AF:D3:67:30:39:6F:E3:38:E7:72:DA:DB:E4:C3:C8:5C:D9:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/SQCsFnrjeuZiVY1_BfYgIg4qi-k.roa
Signing time:             Fri 02 Jan 2026 04:17:26 +0000
ROA not before:           Fri 02 Jan 2026 04:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42721
IP address blocks:        2a09:6340::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:b8:5b:18:26:f4:08:72:d3:b3:3b:45:4d:1c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0dfafd36730396fe338e772dadbe4c3c85cd952
        Validity
            Not Before: Jan  2 04:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4900ac167ae37ae662558d7f05f620220e2a8be9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:fa:54:9c:51:e1:71:46:8c:2a:1d:02:46:9d:
                    7a:e0:30:1e:25:71:3e:32:7a:e8:27:dd:3e:f7:21:
                    6c:29:b4:04:13:d7:06:95:f5:c8:61:56:90:a4:2c:
                    8a:50:89:84:cd:8d:4a:e6:92:37:57:3c:be:fe:b7:
                    4a:a4:d1:87:21:b2:09:f5:90:cb:cd:dc:90:2f:12:
                    48:f8:dd:2c:1d:75:79:a2:99:c7:7a:c7:7f:77:bf:
                    1f:d4:ae:1f:6f:57:59:9c:d8:9e:bc:6c:d7:0f:c0:
                    a1:2c:94:18:6c:b1:30:c1:61:70:d5:37:dd:e5:7a:
                    d0:39:07:4b:8a:a2:b5:7f:76:aa:05:3f:1a:c7:50:
                    84:6c:17:75:36:ec:03:fd:7f:51:be:43:3b:ec:3f:
                    d2:28:5b:65:0e:69:6b:89:e2:51:93:d3:9e:15:e1:
                    50:88:f8:b6:bb:88:0a:ee:c7:d2:03:6e:d1:6c:ce:
                    bd:8a:7f:8f:e6:6b:0d:5b:a0:4b:a5:b6:16:e4:7c:
                    77:63:c5:3c:84:32:5f:5b:92:a2:e6:cd:8a:2c:87:
                    a8:d9:d4:ee:5b:cb:a0:3b:71:3a:2c:cd:4c:1d:03:
                    88:12:39:9b:fb:89:ce:d7:4f:8e:b3:69:92:e7:fb:
                    5c:8f:1f:48:f3:25:37:bd:f6:29:e6:8e:2c:b7:cd:
                    35:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:00:AC:16:7A:E3:7A:E6:62:55:8D:7F:05:F6:20:22:0E:2A:8B:E9
            X509v3 Authority Key Identifier:
                keyid:B0:DF:AF:D3:67:30:39:6F:E3:38:E7:72:DA:DB:E4:C3:C8:5C:D9:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/SQCsFnrjeuZiVY1_BfYgIg4qi-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6340::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:03:af:97:c4:1d:11:5d:1c:0c:93:1f:05:3a:9b:2c:be:34:
         0b:e5:f3:b3:52:ec:35:7e:a3:58:8b:d2:4b:23:3f:3d:21:6d:
         a9:45:24:cc:38:6b:d0:b7:17:51:b4:74:95:de:66:0b:0e:18:
         e4:09:fa:37:d5:47:d0:25:e0:ed:c5:6a:d4:7d:9a:c3:13:9e:
         8c:d1:fa:5e:f8:8e:92:72:8e:e2:18:4c:ad:49:76:af:9d:52:
         3d:f8:8d:50:81:c3:33:e6:51:14:ce:77:45:5f:c0:f1:3c:3a:
         36:98:2d:76:11:d7:7c:e8:29:0d:20:0b:bc:b1:35:8e:e9:85:
         44:82:eb:77:a6:45:b8:f8:ab:03:85:50:e2:12:b0:40:f6:bc:
         9e:f5:3a:28:cd:1c:d3:fa:8f:f8:b6:b2:93:48:d3:59:23:5a:
         7e:fa:fb:de:f2:d9:84:e7:1a:39:04:d5:f8:cd:a3:ab:cf:09:
         ef:3c:5a:d1:e3:3f:f2:b7:19:df:9d:2c:a2:e3:8e:51:7a:38:
         28:33:06:bc:99:75:0f:95:40:ab:9b:35:08:ea:cb:d1:0a:dd:
         e3:01:3b:bd:14:7a:4d:ab:3d:10:39:b9:54:4a:92:22:ba:7b:
         2c:96:08:54:3b:c5:5f:46:3c:6d:f0:a3:70:d4:76:ea:fc:be:
         21:43:09:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87LhbGCb0CHLTsztFTRyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZGZhZmQzNjczMDM5NmZlMzM4ZTc3MmRhZGJlNGMzYzg1
Y2Q5NTIwHhcNMjYwMTAyMDQxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTAwYWMxNjdhZTM3YWU2NjI1NThkN2YwNWY2MjAyMjBlMmE4YmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vpUnFHhcUaMKh0CRp164DAeJXE+
MnroJ90+9yFsKbQEE9cGlfXIYVaQpCyKUImEzY1K5pI3Vzy+/rdKpNGHIbIJ9ZDL
zdyQLxJI+N0sHXV5opnHesd/d78f1K4fb1dZnNievGzXD8ChLJQYbLEwwWFw1Tfd
5XrQOQdLiqK1f3aqBT8ax1CEbBd1NuwD/X9RvkM77D/SKFtlDmlrieJRk9OeFeFQ
iPi2u4gK7sfSA27RbM69in+P5msNW6BLpbYW5Hx3Y8U8hDJfW5Ki5s2KLIeo2dTu
W8ugO3E6LM1MHQOIEjmb+4nO10+Os2mS5/tcjx9I8yU3vfYp5o4st801DwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEkArBZ643rmYlWNfwX2ICIOKovpMB8GA1UdIwQY
MBaAFLDfr9NnMDlv4zjnctrb5MPIXNlSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc04tdjAyY3dPV19qT09keTJ0dmt3OGhjMlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mNjk2ZmQtNGQ5ZC00ZTI4LTkyNmUt
MGFhNWI0NmJmOGFhLzEvU1FDc0ZucmpldVppVlkxX0JmWWdJZzRxaS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mNjk2ZmQtNGQ5ZC00ZTI4LTkyNmUtMGFhNWI0NmJmOGFh
LzEvc04tdjAyY3dPV19qT09keTJ0dmt3OGhjMlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgljQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBMA6+XxB0RXRwMkx8FOpssvjQL5fOzUuw1fqNY
i9JLIz89IW2pRSTMOGvQtxdRtHSV3mYLDhjkCfo31UfQJeDtxWrUfZrDE56M0fpe
+I6Sco7iGEytSXavnVI9+I1QgcMz5lEUzndFX8DxPDo2mC12Edd86CkNIAu8sTWO
6YVEgut3pkW4+KsDhVDiErBA9rye9ToozRzT+o/4trKTSNNZI1p++vve8tmE5xo5
BNX4zaOrzwnvPFrR4z/ytxnfnSyi445RejgoMwa8mXUPlUCrmzUI6svRCt3jATu9
FHpNqz0QOblUSpIiunsslghUO8VfRjxt8KNw1Hbq/L4hQwlN
-----END CERTIFICATE-----