This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/32lBUSY7MB3HX85AFl8_WHG5muU.roa
File:                     32lBUSY7MB3HX85AFl8_WHG5muU.roa (raw, json)
Hash identifier:          DX7Jowpu4ATsxEaKcxYS2ErG2seM2gF/VCmTZVoZqYE=
Subject key identifier:   DF:69:41:51:26:3B:30:1D:C7:5F:CE:40:16:5F:3F:58:71:B9:9A:E5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C1322A5329A67CFA7436A7CA012AC98
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/32lBUSY7MB3HX85AFl8_WHG5muU.roa
Signing time:             Fri 02 Jan 2026 00:19:47 +0000
ROA not before:           Fri 02 Jan 2026 00:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39827
IP address blocks:        2a04:3a40::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 18:47:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:22:a5:32:9a:67:cf:a7:43:6a:7c:a0:12:ac:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df694151263b301dc75fce40165f3f5871b99ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a4:3e:9f:bd:78:f9:94:04:be:a9:5a:27:60:
                    6c:fe:e2:d8:02:b1:28:87:e7:47:5e:38:3b:37:79:
                    a5:35:50:d8:ab:49:b3:6f:f4:f5:c4:47:64:cf:26:
                    35:22:d4:2d:15:85:a5:e0:80:49:84:5c:f8:5f:ad:
                    d0:b5:0d:ca:45:8a:32:31:5f:2e:cf:11:e6:9e:98:
                    41:01:a0:70:47:ff:ac:d0:05:a0:36:92:bd:96:f9:
                    53:37:a0:da:df:df:ce:58:86:f2:3e:66:dd:7b:ee:
                    73:99:16:84:44:49:e7:46:e4:7f:61:91:e3:83:fc:
                    31:e4:d0:7c:97:a4:9e:a8:03:eb:8b:de:c7:2f:11:
                    c9:c7:39:cc:57:89:61:43:b3:76:71:66:74:2b:76:
                    83:80:79:c2:43:aa:1b:ec:62:93:1d:7e:62:d9:6b:
                    16:f6:0a:f1:aa:af:57:86:de:f6:09:3e:09:9a:5b:
                    7c:d7:ff:db:10:a7:0b:02:07:09:ea:22:40:a6:89:
                    f4:17:69:b9:0e:61:b8:9b:0d:52:00:c9:24:d5:31:
                    cd:10:b5:e4:85:f6:12:8c:93:94:43:3d:13:32:b5:
                    46:81:90:12:b0:64:e3:49:4e:25:5f:2f:43:36:55:
                    9d:d7:af:56:89:43:e4:08:77:b7:bf:4c:b3:43:3b:
                    9c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:69:41:51:26:3B:30:1D:C7:5F:CE:40:16:5F:3F:58:71:B9:9A:E5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/32lBUSY7MB3HX85AFl8_WHG5muU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3a40::/33

    Signature Algorithm: sha256WithRSAEncryption
         14:c9:e2:39:f3:ec:f4:74:0a:bd:ef:b7:e2:c5:47:b7:2c:70:
         68:c2:2f:03:4b:8e:b8:50:09:16:49:be:b3:a6:3f:d7:b6:34:
         9f:95:8c:ef:b1:b0:7f:e3:34:e6:4c:a9:81:ae:b5:b8:8a:a5:
         c6:bd:5d:9f:0e:51:17:1e:2c:51:98:5d:16:3f:4f:a0:8d:df:
         89:78:da:29:83:b5:d5:d0:bc:7e:86:f0:5f:da:86:9b:d5:14:
         c5:7e:f1:f0:0a:a2:8f:f2:a9:a1:39:13:0a:8b:f4:3c:4e:6c:
         05:60:7f:dc:25:39:fe:75:6a:e5:68:f2:94:3c:87:03:fa:21:
         cf:24:58:a4:aa:ad:df:0e:10:00:00:fe:1e:2d:eb:79:95:74:
         24:26:e4:fd:12:1e:61:98:a9:fc:61:a6:56:2b:51:c2:27:29:
         7d:3f:88:a7:60:14:63:17:8a:be:22:10:57:2f:71:11:64:61:
         02:91:9e:00:ac:10:34:52:cb:f8:c1:de:38:80:b3:c6:69:2d:
         13:5b:30:98:dc:60:f0:7d:6d:57:4d:c5:d4:32:44:6e:58:11:
         16:64:5b:97:d0:23:a3:a2:1d:ae:11:a2:c9:81:64:9a:0e:27:
         a8:9d:a6:f8:45:40:1d:f6:69:03:ba:f5:0d:35:b0:67:59:19:
         51:6e:df:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8EyKlMppnz6dDanygEqyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjY5NDE1MTI2M2IzMDFkYzc1ZmNlNDAxNjVmM2Y1ODcxYjk5YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaQ+n714+ZQEvqlaJ2Bs/uLYArEo
h+dHXjg7N3mlNVDYq0mzb/T1xEdkzyY1ItQtFYWl4IBJhFz4X63QtQ3KRYoyMV8u
zxHmnphBAaBwR/+s0AWgNpK9lvlTN6Da39/OWIbyPmbde+5zmRaEREnnRuR/YZHj
g/wx5NB8l6SeqAPri97HLxHJxznMV4lhQ7N2cWZ0K3aDgHnCQ6ob7GKTHX5i2WsW
9grxqq9Xht72CT4Jmlt81//bEKcLAgcJ6iJApon0F2m5DmG4mw1SAMkk1THNELXk
hfYSjJOUQz0TMrVGgZASsGTjSU4lXy9DNlWd169WiUPkCHe3v0yzQzuchwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFN9pQVEmOzAdx1/OQBZfP1hxuZrlMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMzJsQlVTWTdNQjNIWDg1QUZsOF9XSEc1bXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgQ6QAAw
DQYJKoZIhvcNAQELBQADggEBABTJ4jnz7PR0Cr3vt+LFR7cscGjCLwNLjrhQCRZJ
vrOmP9e2NJ+VjO+xsH/jNOZMqYGutbiKpca9XZ8OURceLFGYXRY/T6CN34l42imD
tdXQvH6G8F/ahpvVFMV+8fAKoo/yqaE5EwqL9DxObAVgf9wlOf51auVo8pQ8hwP6
Ic8kWKSqrd8OEAAA/h4t63mVdCQm5P0SHmGYqfxhplYrUcInKX0/iKdgFGMXir4i
EFcvcRFkYQKRngCsEDRSy/jB3jiAs8ZpLRNbMJjcYPB9bVdNxdQyRG5YERZkW5fQ
I6OiHa4RosmBZJoOJ6idpvhFQB32aQO69Q01sGdZGVFu3w4=
-----END CERTIFICATE-----