This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/u-xiDa9PrBG52ESi9g99XF0w-kM.roa
File:                     u-xiDa9PrBG52ESi9g99XF0w-kM.roa (raw, json)
Hash identifier:          Gn+0aGT2XxNqhltcQSBQF67cBSHRAted9T1Eep6Q9Ls=
Subject key identifier:   BB:EC:62:0D:AF:4F:AC:11:B9:D8:44:A2:F6:0F:7D:5C:5D:30:FA:43
Certificate issuer:       /CN=f5056dabb9a47010cd1b4ef274bc3d2f4a59e93a
Certificate serial:       019B77C7155E6E6488A1312A49281A4D785B
Authority key identifier: F5:05:6D:AB:B9:A4:70:10:CD:1B:4E:F2:74:BC:3D:2F:4A:59:E9:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/u-xiDa9PrBG52ESi9g99XF0w-kM.roa
Signing time:             Thu 01 Jan 2026 04:18:14 +0000
ROA not before:           Thu 01 Jan 2026 04:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21534
IP address blocks:        2a05:4200:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:15:5e:6e:64:88:a1:31:2a:49:28:1a:4d:78:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5056dabb9a47010cd1b4ef274bc3d2f4a59e93a
        Validity
            Not Before: Jan  1 04:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbec620daf4fac11b9d844a2f60f7d5c5d30fa43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:df:42:57:31:66:cc:00:db:a0:0c:0b:45:02:
                    3b:9d:3a:12:70:b7:00:21:ca:27:a0:c6:75:bd:ea:
                    12:23:b7:9e:ea:31:d7:6d:46:58:32:bc:da:e1:1b:
                    14:26:2f:d9:52:98:c6:34:4d:66:da:b3:8d:22:bf:
                    8d:f8:4b:db:44:04:62:73:3d:8f:12:7e:9b:17:81:
                    b5:f5:71:07:65:ab:3d:f7:26:75:8c:0b:cc:d2:93:
                    56:22:68:5d:43:33:b0:3c:ea:c7:df:94:24:30:f2:
                    2d:b2:7c:c8:9f:64:45:d9:8a:38:49:b1:98:e5:09:
                    a0:44:0c:0b:ea:24:fb:dc:25:8d:f3:bc:4c:9f:a9:
                    02:11:00:6d:f5:4a:15:a4:84:42:3a:8b:e9:7a:9a:
                    f3:5f:88:a7:10:c1:dc:d7:b8:a0:27:a4:20:b1:c1:
                    a6:ed:33:28:d2:2c:b4:b4:43:bf:e9:80:4a:04:90:
                    55:c1:3d:4a:cc:d3:5f:6c:db:e8:6f:0f:67:21:7d:
                    e3:f8:73:3e:8b:6e:ee:c8:0b:75:e3:03:5e:26:3f:
                    70:f1:fb:a0:c8:63:aa:51:a6:de:30:9f:c9:3a:ed:
                    b4:01:e5:f2:89:9f:90:81:17:fb:1a:e3:09:c7:e2:
                    10:6d:ae:5b:82:f4:4b:27:d4:4b:15:fe:7a:c3:73:
                    d0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EC:62:0D:AF:4F:AC:11:B9:D8:44:A2:F6:0F:7D:5C:5D:30:FA:43
            X509v3 Authority Key Identifier:
                keyid:F5:05:6D:AB:B9:A4:70:10:CD:1B:4E:F2:74:BC:3D:2F:4A:59:E9:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QVtq7mkcBDNG07ydLw9L0pZ6To.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/u-xiDa9PrBG52ESi9g99XF0w-kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0ac463-868c-4115-b583-de0ec76a4672/1/9QVtq7mkcBDNG07ydLw9L0pZ6To.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4200:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:2b:e1:b9:d0:87:86:4a:bc:9c:d4:4d:50:18:5a:d3:ff:3e:
         2b:d2:3d:48:91:17:07:b2:99:fd:25:bb:fe:08:71:97:9e:58:
         ce:6e:ae:48:f3:e2:c8:49:0b:81:10:b2:c9:fc:b7:74:bb:8a:
         0b:7b:ad:4a:a8:94:77:78:45:0e:38:37:ad:f3:f7:81:4a:3e:
         9b:cd:63:88:24:aa:82:5a:8b:ab:59:af:af:90:55:ad:37:55:
         d4:d0:5f:5d:66:4a:30:31:87:f5:09:80:e6:2c:38:c1:5e:5c:
         7b:89:6a:ca:3f:16:b8:fa:1a:4e:11:39:e1:73:62:67:aa:6d:
         c8:22:47:90:fe:43:e8:f7:a6:21:b7:3e:52:ee:10:5e:ea:e8:
         ab:49:dd:73:2e:63:9c:63:2c:ff:28:4c:fc:19:e3:fe:16:a5:
         9e:96:2b:e4:11:19:c4:91:7b:7a:85:da:24:d0:e3:a1:12:b7:
         a6:35:cd:fe:1f:44:8c:81:fc:30:b3:e7:2c:64:00:fe:1e:9f:
         a6:31:d7:e8:87:79:2b:8b:66:dc:1c:95:c1:c8:fb:ca:22:f0:
         71:16:ec:d8:50:d2:77:46:09:e0:f9:ce:f7:68:a4:21:ed:63:
         a9:6c:af:42:d5:c7:c4:d3:25:aa:4b:64:38:55:92:5c:64:f2:
         e8:f7:23:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xxVebmSIoTEqSSgaTXhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MDU2ZGFiYjlhNDcwMTBjZDFiNGVmMjc0YmMzZDJmNGE1
OWU5M2EwHhcNMjYwMTAxMDQxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmVjNjIwZGFmNGZhYzExYjlkODQ0YTJmNjBmN2Q1YzVkMzBmYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN9CVzFmzADboAwLRQI7nToScLcA
IconoMZ1veoSI7ee6jHXbUZYMrza4RsUJi/ZUpjGNE1m2rONIr+N+EvbRARicz2P
En6bF4G19XEHZas99yZ1jAvM0pNWImhdQzOwPOrH35QkMPItsnzIn2RF2Yo4SbGY
5QmgRAwL6iT73CWN87xMn6kCEQBt9UoVpIRCOovpeprzX4inEMHc17igJ6QgscGm
7TMo0iy0tEO/6YBKBJBVwT1KzNNfbNvobw9nIX3j+HM+i27uyAt14wNeJj9w8fug
yGOqUabeMJ/JOu20AeXyiZ+QgRf7GuMJx+IQba5bgvRLJ9RLFf56w3PQSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLvsYg2vT6wRudhEovYPfVxdMPpDMB8GA1UdIwQY
MBaAFPUFbau5pHAQzRtO8nS8PS9KWek6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVFWdHE3bWtjQkRORzA3eWRMdzlMMHBaNlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wYWM0NjMtODY4Yy00MTE1LWI1ODMt
ZGUwZWM3NmE0NjcyLzEvdS14aURhOVByQkc1MkVTaTlnOTlYRjB3LWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wYWM0NjMtODY4Yy00MTE1LWI1ODMtZGUwZWM3NmE0Njcy
LzEvOVFWdHE3bWtjQkRORzA3eWRMdzlMMHBaNlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVCAAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAxK+G50IeGSryc1E1QGFrT/z4r0j1IkRcHspn9
Jbv+CHGXnljObq5I8+LISQuBELLJ/Ld0u4oLe61KqJR3eEUOODet8/eBSj6bzWOI
JKqCWourWa+vkFWtN1XU0F9dZkowMYf1CYDmLDjBXlx7iWrKPxa4+hpOETnhc2Jn
qm3IIkeQ/kPo96Yhtz5S7hBe6uirSd1zLmOcYyz/KEz8GeP+FqWelivkERnEkXt6
hdok0OOhEremNc3+H0SMgfwws+csZAD+Hp+mMdfoh3kri2bcHJXByPvKIvBxFuzY
UNJ3Rgng+c73aKQh7WOpbK9C1cfE0yWqS2Q4VZJcZPLo9yOV
-----END CERTIFICATE-----