This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/D6R9OyaZ-Q_-XgNkWK4J1RuvL9c.roa
File:                     D6R9OyaZ-Q_-XgNkWK4J1RuvL9c.roa (raw, json)
Hash identifier:          5h9cR8G/g4GXej/wn2hqCbkxtizUQsarXxgPXf9/q/I=
Subject key identifier:   0F:A4:7D:3B:26:99:F9:0F:FE:5E:03:64:58:AE:09:D5:1B:AF:2F:D7
Certificate issuer:       /CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
Certificate serial:       019B7F85706C9241C210858ED2919D304471
Authority key identifier: 28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/D6R9OyaZ-Q_-XgNkWK4J1RuvL9c.roa
Signing time:             Fri 02 Jan 2026 16:23:30 +0000
ROA not before:           Fri 02 Jan 2026 16:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35207
IP address blocks:        2a0c:7180::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:70:6c:92:41:c2:10:85:8e:d2:91:9d:30:44:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
        Validity
            Not Before: Jan  2 16:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fa47d3b2699f90ffe5e036458ae09d51baf2fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:dc:d7:a1:ac:51:7a:b3:70:53:7b:65:e5:dd:
                    72:fc:a8:f1:da:d4:b4:b3:24:02:5f:d1:2a:83:0e:
                    81:ee:9b:a2:a6:45:3d:8b:39:74:2e:79:ef:9a:9b:
                    b1:95:9a:e5:6a:c8:28:6f:b8:4f:de:ba:43:ad:0a:
                    6f:6a:26:9b:02:01:4a:1e:ed:e2:a4:b8:8f:9b:8d:
                    14:e2:d0:19:c9:a4:cd:8e:3f:af:f2:bd:2b:d4:02:
                    b9:c0:d6:2f:70:0d:e6:c0:21:c6:cd:13:a1:88:57:
                    97:7c:55:95:d5:2e:71:70:be:f0:71:e2:c0:3f:b1:
                    9f:95:8a:ac:05:02:ce:cb:4a:df:1f:7e:7c:cc:a0:
                    46:18:73:b1:c6:c5:f4:d7:2a:c0:69:76:c5:9d:ac:
                    92:a4:09:7e:d0:d7:cf:c6:52:69:a2:13:c5:92:f3:
                    99:4a:70:90:a3:47:a2:b1:23:e9:99:b4:3a:1e:9b:
                    38:9d:48:40:46:8a:42:f1:5f:fc:95:23:de:98:f7:
                    91:eb:20:01:a6:70:54:72:ab:fa:29:d0:62:16:89:
                    bc:c4:de:d5:90:91:45:96:3b:b6:af:42:30:07:58:
                    32:c3:df:79:2f:b0:c2:cb:5b:29:6f:1d:f5:9a:43:
                    f6:f4:da:cc:ac:fb:77:77:12:02:b6:9e:3c:ed:78:
                    39:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:A4:7D:3B:26:99:F9:0F:FE:5E:03:64:58:AE:09:D5:1B:AF:2F:D7
            X509v3 Authority Key Identifier:
                keyid:28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/D6R9OyaZ-Q_-XgNkWK4J1RuvL9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7180::/30

    Signature Algorithm: sha256WithRSAEncryption
         11:09:8c:a6:be:03:92:1c:b8:d3:16:ef:e1:4e:16:b5:11:82:
         3a:d0:48:f8:e5:a4:45:8e:9c:2c:a2:4c:96:02:fe:14:7b:dc:
         4d:e3:1d:ea:92:15:51:c8:c9:0e:d4:a3:a8:34:5d:bc:24:84:
         d4:1d:30:b0:49:1a:6f:a5:71:72:e3:3c:cb:5c:2b:17:f0:98:
         77:5b:d5:d3:3d:e3:b3:4b:eb:ef:04:bf:3b:cf:3a:60:57:0b:
         e2:61:c4:2c:f1:c5:5b:bd:2c:49:33:87:7d:2d:b2:77:db:e6:
         1d:37:ea:2f:5a:e8:db:62:89:1a:97:99:80:3c:b3:1f:e5:3a:
         88:fb:e9:44:91:95:11:fa:cd:fa:98:00:45:3e:40:f7:d3:a6:
         79:8d:3f:ec:00:2d:ab:0a:dc:5d:51:87:d2:1b:e2:0f:d3:b7:
         37:25:8a:3b:d5:d6:2c:22:75:6c:55:f4:16:0d:36:ec:20:b0:
         43:1f:10:42:80:28:e7:85:c1:ca:a3:6f:68:b4:d9:a8:57:46:
         30:85:1c:07:49:f3:9c:9c:b5:0e:95:db:8d:25:90:3f:f8:b4:
         ca:17:42:61:0e:59:f6:55:7b:77:6d:3d:2a:54:7f:31:2a:2f:
         e4:74:64:cb:f0:0c:3f:66:f1:fc:fc:55:47:91:71:af:8a:a8:
         f7:12:56:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/hXBskkHCEIWO0pGdMERxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjAzZGVjZDA4YmQ0N2Q4YTkxNjJhNmUxNzQyZjNjNTNl
YTNjNzQwHhcNMjYwMTAyMTYyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmE0N2QzYjI2OTlmOTBmZmU1ZTAzNjQ1OGFlMDlkNTFiYWYyZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9zXoaxRerNwU3tl5d1y/Kjx2tS0
syQCX9Eqgw6B7puipkU9izl0LnnvmpuxlZrlasgob7hP3rpDrQpvaiabAgFKHu3i
pLiPm40U4tAZyaTNjj+v8r0r1AK5wNYvcA3mwCHGzROhiFeXfFWV1S5xcL7wceLA
P7GflYqsBQLOy0rfH358zKBGGHOxxsX01yrAaXbFnaySpAl+0NfPxlJpohPFkvOZ
SnCQo0eisSPpmbQ6Hps4nUhARopC8V/8lSPemPeR6yABpnBUcqv6KdBiFom8xN7V
kJFFlju2r0IwB1gyw995L7DCy1spbx31mkP29NrMrPt3dxICtp487Xg5kwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA+kfTsmmfkP/l4DZFiuCdUbry/XMB8GA1UdIwQY
MBaAFCggPezQi9R9ipFipuF0LzxT6jx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYt
YTI5N2MxNDA4MDg1LzEvRDZSOU95YVotUV8tWGdOa1dLNEoxUnV2TDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYtYTI5N2MxNDA4MDg1
LzEvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKgxxgDAN
BgkqhkiG9w0BAQsFAAOCAQEAEQmMpr4Dkhy40xbv4U4WtRGCOtBI+OWkRY6cLKJM
lgL+FHvcTeMd6pIVUcjJDtSjqDRdvCSE1B0wsEkab6VxcuM8y1wrF/CYd1vV0z3j
s0vr7wS/O886YFcL4mHELPHFW70sSTOHfS2yd9vmHTfqL1ro22KJGpeZgDyzH+U6
iPvpRJGVEfrN+pgART5A99OmeY0/7AAtqwrcXVGH0hviD9O3NyWKO9XWLCJ1bFX0
Fg027CCwQx8QQoAo54XByqNvaLTZqFdGMIUcB0nznJy1DpXbjSWQP/i0yhdCYQ5Z
9lV7d209KlR/MSov5HRky/AMP2bx/PxVR5Fxr4qo9xJWwA==
-----END CERTIFICATE-----