This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/RwAyPd51yPKFVoNHbXXQGuR7_EY.roa
File:                     RwAyPd51yPKFVoNHbXXQGuR7_EY.roa (raw, json)
Hash identifier:          SJOa0Y57+2jyYSq2obqvHcjbEVfI5zAybNhvZJSsELU=
Subject key identifier:   47:00:32:3D:DE:75:C8:F2:85:56:83:47:6D:75:D0:1A:E4:7B:FC:46
Certificate issuer:       /CN=49ea50a1c62082762afda007d6fc8b4bdb05749f
Certificate serial:       019B7910415E84160A315114C1F0EF8E3DF3
Authority key identifier: 49:EA:50:A1:C6:20:82:76:2A:FD:A0:07:D6:FC:8B:4B:DB:05:74:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/RwAyPd51yPKFVoNHbXXQGuR7_EY.roa
Signing time:             Thu 01 Jan 2026 10:17:47 +0000
ROA not before:           Thu 01 Jan 2026 10:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205415
IP address blocks:        2a14:5ac0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:41:5e:84:16:0a:31:51:14:c1:f0:ef:8e:3d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ea50a1c62082762afda007d6fc8b4bdb05749f
        Validity
            Not Before: Jan  1 10:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4700323dde75c8f2855683476d75d01ae47bfc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3f:2e:ed:7c:50:cd:54:71:eb:90:d8:1c:d0:
                    30:a1:b2:d2:dc:92:07:49:10:8e:23:d6:fe:06:6d:
                    c9:1e:0f:a1:d2:9a:6c:3c:9b:40:30:49:a0:8b:21:
                    73:9e:8e:b8:43:0d:da:45:58:32:fa:13:76:69:16:
                    34:35:f4:97:08:08:f0:4d:d6:75:f6:4b:a8:5e:d5:
                    c5:87:96:7a:10:33:6a:43:64:41:f0:33:17:a0:42:
                    6d:47:40:9f:66:bd:28:0a:45:33:fd:3f:db:8b:03:
                    32:a4:60:5a:72:90:81:5d:84:ea:52:ad:60:ed:22:
                    6a:49:3e:58:1d:66:12:ed:6b:18:e6:86:81:68:62:
                    2c:bc:90:bc:d8:3f:e8:96:14:12:94:f0:69:29:7b:
                    82:5e:46:02:03:73:fc:e9:50:1c:03:f6:43:bf:b4:
                    5e:9d:1e:99:47:d8:78:5c:b3:60:f2:98:a3:4e:99:
                    26:a1:cf:90:69:e2:6b:a2:34:6f:e7:a2:9d:70:7f:
                    7a:7d:76:9b:9d:f5:31:45:40:68:93:dd:37:d1:ee:
                    e2:b6:3b:31:6b:3f:37:f4:1a:e7:20:be:3d:43:15:
                    4f:80:33:72:33:6c:13:78:c4:fd:08:6e:cf:b0:b9:
                    6d:25:d9:a0:8d:a9:22:af:0a:f5:8b:47:49:1d:87:
                    f7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:00:32:3D:DE:75:C8:F2:85:56:83:47:6D:75:D0:1A:E4:7B:FC:46
            X509v3 Authority Key Identifier:
                keyid:49:EA:50:A1:C6:20:82:76:2A:FD:A0:07:D6:FC:8B:4B:DB:05:74:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/RwAyPd51yPKFVoNHbXXQGuR7_EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:cc:60:0d:d2:3c:5d:78:72:2f:79:d4:bc:1e:26:90:8c:20:
         f3:ff:be:2a:3a:95:fb:2c:0b:78:89:ae:b7:97:ec:9c:1d:0d:
         60:1a:cd:21:46:5d:5f:34:ef:15:02:9e:be:f9:c6:a5:c3:74:
         da:6f:ce:4d:a0:b5:ab:0d:94:47:4c:19:5c:6f:63:b6:9c:5b:
         c2:ed:7d:09:91:59:ee:aa:15:9c:db:02:41:e4:99:89:8a:3d:
         26:0a:c8:79:58:9c:ec:fa:2a:39:03:80:5a:61:ba:77:26:e5:
         8a:22:74:db:6d:54:63:ba:b4:b7:d4:da:b2:bf:89:fc:35:5a:
         74:e0:98:c4:62:39:f7:70:d8:2c:9d:8d:50:ed:70:45:4b:17:
         7e:7a:9e:39:1f:ec:04:b9:9a:62:79:2b:5a:91:0e:d1:b5:7c:
         fa:df:10:c2:a0:8a:d2:44:0f:72:cb:6d:90:9f:fc:47:8a:04:
         b9:9d:89:95:52:b3:0d:8c:76:30:75:2a:54:bb:a2:75:af:c6:
         00:7e:ba:64:f9:d6:88:4b:ce:e6:72:f8:bb:97:77:95:7d:61:
         62:64:5d:d7:30:34:e2:2f:7d:ab:a2:dd:2b:66:78:80:f0:5a:
         58:b1:b9:19:83:22:21:d3:77:fa:7b:f9:ef:3c:9e:be:f7:b9:
         92:40:ee:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EEFehBYKMVEUwfDvjj3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZWE1MGExYzYyMDgyNzYyYWZkYTAwN2Q2ZmM4YjRiZGIw
NTc0OWYwHhcNMjYwMTAxMTAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzAwMzIzZGRlNzVjOGYyODU1NjgzNDc2ZDc1ZDAxYWU0N2JmYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj8u7XxQzVRx65DYHNAwobLS3JIH
SRCOI9b+Bm3JHg+h0ppsPJtAMEmgiyFzno64Qw3aRVgy+hN2aRY0NfSXCAjwTdZ1
9kuoXtXFh5Z6EDNqQ2RB8DMXoEJtR0CfZr0oCkUz/T/biwMypGBacpCBXYTqUq1g
7SJqST5YHWYS7WsY5oaBaGIsvJC82D/olhQSlPBpKXuCXkYCA3P86VAcA/ZDv7Re
nR6ZR9h4XLNg8pijTpkmoc+QaeJrojRv56KdcH96fXabnfUxRUBok9030e7itjsx
az839BrnIL49QxVPgDNyM2wTeMT9CG7PsLltJdmgjakirwr1i0dJHYf38QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEcAMj3edcjyhVaDR2110Brke/xGMB8GA1UdIwQY
MBaAFEnqUKHGIIJ2Kv2gB9b8i0vbBXSfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VwUW9jWWdnbllxX2FBSDF2eUxTOXNGZEo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi80OGE5ZWItMThkYi00ZjkyLTk1ODAt
MjcyZGFiNWFmYTY2LzEvUndBeVBkNTF5UEtGVm9OSGJYWFFHdVI3X0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi80OGE5ZWItMThkYi00ZjkyLTk1ODAtMjcyZGFiNWFmYTY2
LzEvU2VwUW9jWWdnbllxX2FBSDF2eUxTOXNGZEo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRawDAN
BgkqhkiG9w0BAQsFAAOCAQEAC8xgDdI8XXhyL3nUvB4mkIwg8/++KjqV+ywLeImu
t5fsnB0NYBrNIUZdXzTvFQKevvnGpcN02m/OTaC1qw2UR0wZXG9jtpxbwu19CZFZ
7qoVnNsCQeSZiYo9JgrIeVic7PoqOQOAWmG6dybliiJ0221UY7q0t9Tasr+J/DVa
dOCYxGI593DYLJ2NUO1wRUsXfnqeOR/sBLmaYnkrWpEO0bV8+t8QwqCK0kQPcstt
kJ/8R4oEuZ2JlVKzDYx2MHUqVLuida/GAH66ZPnWiEvO5nL4u5d3lX1hYmRd1zA0
4i99q6LdK2Z4gPBaWLG5GYMiIdN3+nv57zyevve5kkDuzQ==
-----END CERTIFICATE-----