This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/clJRJ54PpuGANgQRnsIa2yT6BDo.roa
File:                     clJRJ54PpuGANgQRnsIa2yT6BDo.roa (raw, json)
Hash identifier:          JT4YwFeFXZsVWgOdfgaga4WEC+fJLlUPYj8EpztRznY=
Subject key identifier:   72:52:51:27:9E:0F:A6:E1:80:36:04:11:9E:C2:1A:DB:24:FA:04:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019B7D5D1EC1612521DF663E673D4A18FB5E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/clJRJ54PpuGANgQRnsIa2yT6BDo.roa
Signing time:             Fri 02 Jan 2026 06:20:13 +0000
ROA not before:           Fri 02 Jan 2026 06:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209606
IP address blocks:        2a0e:b107:a50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:1e:c1:61:25:21:df:66:3e:67:3d:4a:18:fb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 06:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=725251279e0fa6e1803604119ec21adb24fa043a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:46:ae:98:00:a7:5c:6d:4a:40:9e:2c:28:c4:
                    8f:8d:c9:9f:07:1a:28:99:77:1f:30:7f:ea:af:56:
                    ad:e0:96:ad:b9:47:f1:58:1a:66:b4:52:89:69:f1:
                    93:1b:89:60:fd:5e:b5:5e:ec:bd:8a:cf:c8:ae:41:
                    47:37:4c:8c:4e:b5:ad:32:27:46:26:4f:00:6c:a7:
                    ae:fc:26:5f:8e:f1:eb:f9:d8:ff:df:c4:b9:e9:7b:
                    a3:b2:31:ec:6e:b4:88:f8:cf:c3:f0:13:e3:5b:f8:
                    a5:48:1e:b5:98:92:80:08:8b:57:70:fe:c9:b9:2f:
                    4e:05:48:06:fc:bf:37:71:5c:4a:c2:a8:67:7f:d2:
                    4e:8f:c6:57:94:9c:03:9e:21:bb:15:30:6c:9b:28:
                    fe:5e:45:42:fa:4d:ee:61:1b:0d:3a:f5:5b:a5:54:
                    59:b2:b7:ac:82:ad:d7:8f:46:b5:02:5b:d2:3d:4a:
                    98:f4:e8:5d:c6:8a:dc:a9:27:53:ed:fa:e2:c0:08:
                    7a:a7:d6:b3:27:b0:50:b2:bc:76:d8:ab:61:88:77:
                    91:86:34:98:da:2f:0e:6d:bf:c4:40:3e:e3:ce:ba:
                    55:ee:61:e5:4f:c8:c5:2c:04:71:c5:75:38:01:ae:
                    9b:99:ae:42:31:19:16:16:74:1d:c7:a0:62:8f:55:
                    29:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:52:51:27:9E:0F:A6:E1:80:36:04:11:9E:C2:1A:DB:24:FA:04:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/clJRJ54PpuGANgQRnsIa2yT6BDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:a50::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:9d:a8:9e:82:8f:39:0e:bb:9d:d1:d6:01:dc:47:a5:a1:ae:
         1e:d5:3c:41:61:0f:ce:35:ad:44:87:e6:36:3e:e2:92:79:7f:
         33:1c:f0:45:da:00:db:7f:75:d7:a9:4e:7e:20:db:93:24:21:
         f0:eb:56:f2:37:ba:3b:c0:f3:6f:0c:fa:b7:f6:23:fa:db:50:
         2b:8d:49:66:2e:0b:1d:b6:9d:01:69:fe:ec:7a:e0:22:3c:7f:
         00:c4:1e:b1:50:1c:60:f9:61:a4:38:15:6e:b9:96:2a:79:0d:
         a2:06:ed:2c:73:9e:5b:c2:34:77:64:0c:ef:10:6c:f1:46:e9:
         30:7e:55:9c:11:7e:86:35:98:50:88:2d:21:7c:38:2d:e6:dc:
         39:38:9f:6c:eb:f3:e1:9f:12:10:58:56:2b:51:97:d5:da:18:
         c3:ad:0a:09:17:7e:6a:1b:16:95:3d:3a:e5:fd:c7:7b:94:49:
         6d:04:79:25:39:e2:3d:54:2b:f7:be:b9:35:4b:da:b0:f2:e8:
         66:55:b9:ac:0e:40:ec:bc:71:e1:27:2c:47:83:21:55:a2:ce:
         f9:2e:81:08:84:9e:5f:87:64:47:d9:e1:70:c9:e1:d0:d4:d3:
         8d:bf:32:2a:bd:b7:13:20:8d:c1:da:55:76:ff:11:84:1f:bb:
         a5:e9:cd:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XR7BYSUh32Y+Zz1KGPteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMTAyMDYyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUyNTEyNzllMGZhNmUxODAzNjA0MTE5ZWMyMWFkYjI0ZmEwNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0aumACnXG1KQJ4sKMSPjcmfBxoo
mXcfMH/qr1at4JatuUfxWBpmtFKJafGTG4lg/V61Xuy9is/IrkFHN0yMTrWtMidG
Jk8AbKeu/CZfjvHr+dj/38S56XujsjHsbrSI+M/D8BPjW/ilSB61mJKACItXcP7J
uS9OBUgG/L83cVxKwqhnf9JOj8ZXlJwDniG7FTBsmyj+XkVC+k3uYRsNOvVbpVRZ
sresgq3Xj0a1AlvSPUqY9OhdxorcqSdT7friwAh6p9azJ7BQsrx22KthiHeRhjSY
2i8Obb/EQD7jzrpV7mHlT8jFLARxxXU4Aa6bma5CMRkWFnQdx6Bij1UpwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJSUSeeD6bhgDYEEZ7CGtsk+gQ6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY2xKUko1NFBwdUdBTmdRUm5zSWEyeVQ2QkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwpQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAVnaiego85Drud0dYB3Eeloa4e1TxBYQ/ONa1E
h+Y2PuKSeX8zHPBF2gDbf3XXqU5+INuTJCHw61byN7o7wPNvDPq39iP621ArjUlm
Lgsdtp0Baf7seuAiPH8AxB6xUBxg+WGkOBVuuZYqeQ2iBu0sc55bwjR3ZAzvEGzx
RukwflWcEX6GNZhQiC0hfDgt5tw5OJ9s6/PhnxIQWFYrUZfV2hjDrQoJF35qGxaV
PTrl/cd7lEltBHklOeI9VCv3vrk1S9qw8uhmVbmsDkDsvHHhJyxHgyFVos75LoEI
hJ5fh2RH2eFwyeHQ1NONvzIqvbcTII3B2lV2/xGEH7ul6c0o
-----END CERTIFICATE-----