This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/aESuuALkp9R98yDiNUY5nveL4-o.roa
File:                     aESuuALkp9R98yDiNUY5nveL4-o.roa (raw, json)
Hash identifier:          o135yeh0bwtH5IHdNJMNH9c/+RcrghX/j14puM1j2sk=
Subject key identifier:   68:44:AE:B8:02:E4:A7:D4:7D:F3:20:E2:35:46:39:9E:F7:8B:E3:EA
Certificate issuer:       /CN=ccefffc15a83a38bdda8cfe120c335267dce50f3
Certificate serial:       019B7910013A7DF67B1AEF97CA3064FDE83A
Authority key identifier: CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/aESuuALkp9R98yDiNUY5nveL4-o.roa
Signing time:             Thu 01 Jan 2026 10:17:30 +0000
ROA not before:           Thu 01 Jan 2026 10:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a02:fa8:c800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:01:3a:7d:f6:7b:1a:ef:97:ca:30:64:fd:e8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccefffc15a83a38bdda8cfe120c335267dce50f3
        Validity
            Not Before: Jan  1 10:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6844aeb802e4a7d47df320e23546399ef78be3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b4:f8:f2:9c:a8:77:1b:a5:96:6d:c8:49:21:
                    39:2f:60:9b:57:73:77:6b:2f:d6:bd:95:c4:13:75:
                    c9:0c:36:81:a3:41:99:a3:8f:c3:5f:66:89:20:d6:
                    63:d1:0c:a1:98:af:3e:81:b3:bb:3f:13:9b:07:ed:
                    54:2a:ea:da:c2:70:14:0c:ff:c0:65:a5:4b:f9:e6:
                    7a:7e:07:a6:26:b6:df:09:a6:1c:bd:42:c9:92:96:
                    10:6a:9f:80:cd:e6:61:23:bb:72:70:62:fe:76:1d:
                    92:19:b4:13:2a:43:7f:ae:bd:9d:e2:40:9f:85:d8:
                    ed:80:9d:a2:bf:70:74:03:c2:ae:86:d6:65:01:9e:
                    b9:fd:b4:d6:a3:a2:35:6c:af:e5:f6:30:fd:0b:c3:
                    b2:56:ee:e4:9b:20:79:01:d9:87:dc:8d:94:eb:32:
                    81:0f:bd:17:7d:bd:ec:13:4a:6c:d5:f7:74:41:4c:
                    93:6e:22:ed:1a:a0:83:81:75:df:c4:55:7a:71:14:
                    b0:08:14:d7:6b:a6:22:cd:4d:87:ef:8b:19:5d:21:
                    7f:b4:3e:d1:c0:fe:03:a6:e5:a6:bf:f1:8e:b4:88:
                    65:3b:cd:95:bb:b7:c0:2e:a8:a1:b6:55:4c:9f:34:
                    09:e5:c2:c4:d3:c2:a6:05:a2:15:52:e1:8a:63:48:
                    7e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:44:AE:B8:02:E4:A7:D4:7D:F3:20:E2:35:46:39:9E:F7:8B:E3:EA
            X509v3 Authority Key Identifier:
                keyid:CC:EF:FF:C1:5A:83:A3:8B:DD:A8:CF:E1:20:C3:35:26:7D:CE:50:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zO__wVqDo4vdqM_hIMM1Jn3OUPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/aESuuALkp9R98yDiNUY5nveL4-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cfd488-a25d-439a-bd17-4beb5dff1701/1/zO__wVqDo4vdqM_hIMM1Jn3OUPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:fa8:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:dd:b1:40:0c:42:6f:f0:c6:b9:3c:6e:ca:97:1a:59:bc:e2:
         8c:50:ed:50:21:d7:3f:3f:67:08:ad:b0:b1:5c:32:3f:86:2f:
         69:0e:27:0b:7e:4d:59:94:de:aa:68:51:21:4b:89:c3:5e:fb:
         62:f8:f0:aa:29:de:dd:6b:fc:b3:7d:e5:76:09:05:6e:5e:30:
         8f:7f:f7:fe:83:a6:1d:18:12:f1:7d:78:a8:77:47:f1:38:38:
         0b:5d:62:73:30:b4:f2:20:7e:0a:07:f5:db:fe:55:90:2f:cf:
         59:73:4f:45:b9:d0:8b:31:53:17:fd:b7:5a:bc:e1:79:1b:5e:
         4e:8f:d4:50:cc:f9:89:f2:fe:e8:87:18:9f:cc:15:16:5b:95:
         df:a8:ee:de:7e:47:c9:3a:ff:9d:d1:b3:14:03:72:c0:74:d7:
         02:cf:5c:f9:6a:06:6d:8b:52:a8:bf:be:fe:bf:1c:5f:5f:86:
         19:2e:c9:68:09:19:4e:6f:93:fa:1e:5d:a5:2f:43:e2:ca:c9:
         f5:ee:dc:48:b1:45:00:23:3c:64:a2:87:a4:28:c1:36:61:43:
         b8:8b:4d:f9:bf:e3:8c:8f:82:f9:11:88:0c:b2:5e:c0:e1:08:
         e3:99:4b:a1:1d:08:f4:40:95:91:17:c4:c7:99:51:ff:e5:70:
         ac:dc:0f:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt5EAE6ffZ7Gu+XyjBk/eg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZWZmZmMxNWE4M2EzOGJkZGE4Y2ZlMTIwYzMzNTI2N2Rj
ZTUwZjMwHhcNMjYwMTAxMTAxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQ0YWViODAyZTRhN2Q0N2RmMzIwZTIzNTQ2Mzk5ZWY3OGJlM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLT48pyodxullm3ISSE5L2CbV3N3
ay/WvZXEE3XJDDaBo0GZo4/DX2aJINZj0QyhmK8+gbO7PxObB+1UKurawnAUDP/A
ZaVL+eZ6fgemJrbfCaYcvULJkpYQap+AzeZhI7tycGL+dh2SGbQTKkN/rr2d4kCf
hdjtgJ2iv3B0A8KuhtZlAZ65/bTWo6I1bK/l9jD9C8OyVu7kmyB5AdmH3I2U6zKB
D70Xfb3sE0ps1fd0QUyTbiLtGqCDgXXfxFV6cRSwCBTXa6YizU2H74sZXSF/tD7R
wP4DpuWmv/GOtIhlO82Vu7fALqihtlVMnzQJ5cLE08KmBaIVUuGKY0h+3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGhErrgC5KfUffMg4jVGOZ73i+PqMB8GA1UdIwQY
MBaAFMzv/8Fag6OL3ajP4SDDNSZ9zlDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek9fX3dWcURvNHZkcU1faElNTTFKbjNPVVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jZmQ0ODgtYTI1ZC00MzlhLWJkMTct
NGJlYjVkZmYxNzAxLzEvYUVTdXVBTGtwOVI5OHlEaU5VWTVudmVMNC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jZmQ0ODgtYTI1ZC00MzlhLWJkMTctNGJlYjVkZmYxNzAx
LzEvek9fX3dWcURvNHZkcU1faElNTTFKbjNPVVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIPqMgw
DQYJKoZIhvcNAQELBQADggEBADndsUAMQm/wxrk8bsqXGlm84oxQ7VAh1z8/Zwit
sLFcMj+GL2kOJwt+TVmU3qpoUSFLicNe+2L48Kop3t1r/LN95XYJBW5eMI9/9/6D
ph0YEvF9eKh3R/E4OAtdYnMwtPIgfgoH9dv+VZAvz1lzT0W50IsxUxf9t1q84Xkb
Xk6P1FDM+Yny/uiHGJ/MFRZbld+o7t5+R8k6/53RsxQDcsB01wLPXPlqBm2LUqi/
vv6/HF9fhhkuyWgJGU5vk/oeXaUvQ+LKyfXu3EixRQAjPGSih6QowTZhQ7iLTfm/
44yPgvkRiAyyXsDhCOOZS6EdCPRAlZEXxMeZUf/lcKzcD3Y=
-----END CERTIFICATE-----