This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/XtKXCOtCNU6Lrrn0TJCwxieRvXU.roa
File:                     XtKXCOtCNU6Lrrn0TJCwxieRvXU.roa (raw, json)
Hash identifier:          lzSA5Mabt+O7OjYTV4EXtliSGVGvFAeT6Vl/Ct0B0qM=
Subject key identifier:   5E:D2:97:08:EB:42:35:4E:8B:AE:B9:F4:4C:90:B0:C6:27:91:BD:75
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C308474CAE29D8598683F7C8054F0F65B
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/XtKXCOtCNU6Lrrn0TJCwxieRvXU.roa
Signing time:             Fri 06 Feb 2026 01:15:12 +0000
ROA not before:           Fri 06 Feb 2026 01:15:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201676
IP address blocks:        2a06:9801:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Feb 2026 19:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:30:84:74:ca:e2:9d:85:98:68:3f:7c:80:54:f0:f6:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb  6 01:15:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ed29708eb42354e8baeb9f44c90b0c62791bd75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:f6:2d:fd:04:3c:48:ae:b8:2b:7f:17:6f:
                    3b:ed:4a:2f:e7:c5:9f:16:5c:14:f0:8e:71:75:1f:
                    35:7f:58:65:3f:d8:b2:7f:be:29:2f:3a:de:5b:93:
                    ab:b1:bb:2d:4f:37:0a:32:0f:22:55:45:a2:44:cb:
                    86:c4:ed:fa:23:2c:ea:91:84:09:4b:1d:f6:e3:8c:
                    62:30:aa:c9:00:62:5a:92:86:64:48:73:be:40:df:
                    d4:b8:dc:d0:24:5a:a2:3e:14:4a:f0:28:7f:fb:c5:
                    ee:25:97:cd:59:6c:2b:4b:74:0a:c8:c7:e3:5c:00:
                    1c:40:0f:04:6c:41:07:39:12:20:08:3d:e7:c1:a8:
                    e8:ae:f2:0d:aa:af:7f:76:0e:be:85:95:47:bb:62:
                    1d:4b:aa:8b:4e:68:05:3d:27:8a:22:fd:ba:d2:68:
                    71:16:a1:88:d9:a3:bf:b2:ff:e8:1b:ce:0d:cc:8f:
                    e8:03:82:1b:86:ac:f0:22:fa:b4:5a:52:bf:ed:da:
                    2f:12:c8:b1:94:7a:97:6d:9c:ef:be:11:74:07:33:
                    53:f8:f8:84:ed:f0:55:0a:e6:b2:d4:9e:82:d5:66:
                    cd:fc:59:8f:a9:1e:3f:69:06:7d:0a:67:83:a6:f6:
                    c2:28:96:14:b3:af:06:eb:f1:e8:80:8d:bd:38:81:
                    f0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D2:97:08:EB:42:35:4E:8B:AE:B9:F4:4C:90:B0:C6:27:91:BD:75
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/XtKXCOtCNU6Lrrn0TJCwxieRvXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:4f:35:99:88:f8:95:3a:8c:f7:eb:91:83:bd:c0:21:8c:38:
         7f:8d:c1:d6:a6:32:c8:97:ab:4e:7b:f8:f0:0e:58:9d:73:ae:
         2f:7e:9b:8c:08:7f:c5:8f:ce:d3:46:68:e5:39:b4:bb:b1:8d:
         bd:2c:78:01:b7:19:50:e5:c1:c3:ee:f5:96:b6:16:53:c1:ec:
         28:ec:e4:40:54:29:c4:ba:67:53:a8:09:73:3a:80:6d:a3:0e:
         3b:e5:2d:14:0b:d0:27:37:d1:d8:50:f8:f2:07:be:6e:5e:28:
         f6:91:69:6e:57:cb:e5:2d:fd:49:03:3c:82:f1:dc:36:af:eb:
         81:32:df:50:8e:2a:96:3a:81:ce:d8:53:b7:aa:2f:f7:51:50:
         b5:53:94:e7:03:b8:8d:86:52:c4:33:48:90:10:9a:6e:31:6e:
         82:00:b8:87:25:b8:eb:bd:c3:8c:f8:58:ca:85:81:de:1a:9a:
         6c:25:17:ed:ae:1a:7d:ce:44:99:04:15:54:1b:ac:d5:c4:30:
         dd:e7:f5:78:8c:5d:db:f6:77:90:b8:b6:dc:4e:2c:78:03:53:
         df:c0:e6:65:ac:a2:1e:2a:91:1f:20:a0:81:1d:57:c6:91:cd:
         b9:36:fe:25:a6:8f:12:95:57:84:85:b0:95:d3:c6:12:a6:62:
         f2:d2:69:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwwhHTK4p2FmGg/fIBU8PZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjA2MDExNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQyOTcwOGViNDIzNTRlOGJhZWI5ZjQ0YzkwYjBjNjI3OTFiZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT72Lf0EPEiuuCt/F2877Uov58Wf
FlwU8I5xdR81f1hlP9iyf74pLzreW5OrsbstTzcKMg8iVUWiRMuGxO36IyzqkYQJ
Sx3244xiMKrJAGJakoZkSHO+QN/UuNzQJFqiPhRK8Ch/+8XuJZfNWWwrS3QKyMfj
XAAcQA8EbEEHORIgCD3nwajorvINqq9/dg6+hZVHu2IdS6qLTmgFPSeKIv260mhx
FqGI2aO/sv/oG84NzI/oA4IbhqzwIvq0WlK/7dovEsixlHqXbZzvvhF0BzNT+PiE
7fBVCuay1J6C1WbN/FmPqR4/aQZ9CmeDpvbCKJYUs68G6/HogI29OIHw0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF7SlwjrQjVOi6659EyQsMYnkb11MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvWHRLWENPdENOVTZMcnJuMFRKQ3d4aWVSdlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAI
MA0GCSqGSIb3DQEBCwUAA4IBAQC1TzWZiPiVOoz365GDvcAhjDh/jcHWpjLIl6tO
e/jwDlidc64vfpuMCH/Fj87TRmjlObS7sY29LHgBtxlQ5cHD7vWWthZTwewo7ORA
VCnEumdTqAlzOoBtow475S0UC9AnN9HYUPjyB75uXij2kWluV8vlLf1JAzyC8dw2
r+uBMt9QjiqWOoHO2FO3qi/3UVC1U5TnA7iNhlLEM0iQEJpuMW6CALiHJbjrvcOM
+FjKhYHeGppsJRftrhp9zkSZBBVUG6zVxDDd5/V4jF3b9neQuLbcTix4A1PfwOZl
rKIeKpEfIKCBHVfGkc25Nv4lpo8SlVeEhbCV08YSpmLy0mnF
-----END CERTIFICATE-----