This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4rtDjghVSmpVsY7iSoarw8MjP3E.roa
File:                     4rtDjghVSmpVsY7iSoarw8MjP3E.roa (raw, json)
Hash identifier:          uiLZrgsTGykijHUMNZmDDAZqwmcCeV9ZAeIuPlRfFeg=
Subject key identifier:   E2:BB:43:8E:08:55:4A:6A:55:B1:8E:E2:4A:86:AB:C3:C3:23:3F:71
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019B7DCB7AAE36EEAE80229A2614175D89E3
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4rtDjghVSmpVsY7iSoarw8MjP3E.roa
Signing time:             Fri 02 Jan 2026 08:20:45 +0000
ROA not before:           Fri 02 Jan 2026 08:20:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204916
IP address blocks:        2a0d:e244::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:7a:ae:36:ee:ae:80:22:9a:26:14:17:5d:89:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  2 08:20:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2bb438e08554a6a55b18ee24a86abc3c3233f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d0:48:47:b5:7d:5a:10:1b:42:be:e6:92:0c:
                    38:3f:fd:95:25:82:4e:fc:6c:f3:4e:83:c0:b5:f3:
                    e8:c1:72:03:1c:b4:40:cb:0b:c8:e4:e6:80:f2:3f:
                    bc:2c:3b:99:59:0f:48:f8:33:b6:c8:3e:dd:2f:ac:
                    67:b4:1e:5a:ed:0a:76:ea:4b:dc:8e:9e:d9:d1:b1:
                    bc:5b:38:e9:4f:2f:54:4b:f7:98:d6:1a:76:74:39:
                    46:a8:c8:ee:71:4d:cd:28:6d:e9:f2:75:6b:01:c3:
                    d4:6b:99:ac:a4:3e:c9:90:dc:0b:e5:55:61:09:26:
                    8e:ec:2c:7d:1d:2b:18:32:08:a0:c6:d8:e5:42:7a:
                    09:d7:b1:47:ca:86:40:67:5e:35:08:5e:ed:78:2a:
                    c2:0f:64:35:b5:d4:13:75:e1:21:79:b4:dd:50:2d:
                    10:aa:c2:09:81:a6:ce:75:44:cc:d9:b9:f8:fd:7d:
                    e3:2b:a8:62:90:70:5c:81:cc:b4:8c:77:fb:d2:4c:
                    dd:09:9a:2e:5a:72:52:c2:63:44:2e:3a:28:29:6b:
                    47:fb:bd:e9:07:9a:c5:b5:ff:00:b0:39:bc:9b:62:
                    54:ce:8b:b2:97:bb:7d:48:6a:d9:5f:db:09:4c:19:
                    9c:d5:ce:3c:6a:4c:be:35:f0:6e:75:8e:7c:a6:4c:
                    20:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:BB:43:8E:08:55:4A:6A:55:B1:8E:E2:4A:86:AB:C3:C3:23:3F:71
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4rtDjghVSmpVsY7iSoarw8MjP3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:e244::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:2c:03:2d:9c:e1:e2:f0:ce:fd:1d:f0:83:5b:49:55:bc:c8:
         db:be:94:b0:3b:13:1f:77:4d:66:da:34:b8:9a:3d:cb:6c:f2:
         5b:0d:34:0e:38:58:a0:f0:8c:45:d5:bd:53:82:8a:00:0b:09:
         79:98:5f:d3:6d:51:39:0d:a8:f1:7a:d6:0f:a8:17:2c:0c:4b:
         a8:92:f0:0b:dc:28:f8:1a:13:81:71:39:cf:35:9f:ad:16:e9:
         47:b1:3b:74:fe:bc:d3:2a:88:d4:4d:5b:9f:e4:ad:b4:94:f4:
         1c:8b:d3:19:1a:c3:20:c6:11:d8:34:0d:51:f6:4b:c3:b4:e3:
         b3:77:30:1c:56:b4:21:f3:6a:3a:f8:84:0f:44:82:cc:97:01:
         e1:39:ba:ac:8a:99:30:f6:43:76:40:0b:d4:7d:28:ec:0a:19:
         30:35:54:20:99:43:8b:ef:cb:a0:ab:4b:3d:fe:19:4c:f8:18:
         c9:f7:a5:cf:35:81:91:d0:e2:0e:af:2f:c8:9f:ae:06:15:dc:
         92:ef:3a:bc:53:88:52:30:d2:bf:03:df:1e:72:ed:01:cd:d5:
         b2:e9:1d:ae:8f:c3:c8:63:48:92:dd:33:a2:fd:98:4b:a9:90:
         42:02:fd:7e:67:c4:56:83:dc:b3:af:1f:dd:66:f0:aa:6e:7f:
         f5:09:f3:45
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9y3quNu6ugCKaJhQXXYnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTAyMDgyMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmJiNDM4ZTA4NTU0YTZhNTViMThlZTI0YTg2YWJjM2MzMjMzZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdBIR7V9WhAbQr7mkgw4P/2VJYJO
/GzzToPAtfPowXIDHLRAywvI5OaA8j+8LDuZWQ9I+DO2yD7dL6xntB5a7Qp26kvc
jp7Z0bG8WzjpTy9US/eY1hp2dDlGqMjucU3NKG3p8nVrAcPUa5mspD7JkNwL5VVh
CSaO7Cx9HSsYMgigxtjlQnoJ17FHyoZAZ141CF7teCrCD2Q1tdQTdeEhebTdUC0Q
qsIJgabOdUTM2bn4/X3jK6hikHBcgcy0jHf70kzdCZouWnJSwmNELjooKWtH+73p
B5rFtf8AsDm8m2JUzouyl7t9SGrZX9sJTBmc1c48aky+NfBudY58pkwguwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOK7Q44IVUpqVbGO4kqGq8PDIz9xMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvNHJ0RGpnaFZTbXBWc1k3aVNvYXJ3OE1qUDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3iRDAN
BgkqhkiG9w0BAQsFAAOCAQEAbiwDLZzh4vDO/R3wg1tJVbzI276UsDsTH3dNZto0
uJo9y2zyWw00DjhYoPCMRdW9U4KKAAsJeZhf021ROQ2o8XrWD6gXLAxLqJLwC9wo
+BoTgXE5zzWfrRbpR7E7dP680yqI1E1bn+SttJT0HIvTGRrDIMYR2DQNUfZLw7Tj
s3cwHFa0IfNqOviED0SCzJcB4Tm6rIqZMPZDdkAL1H0o7AoZMDVUIJlDi+/LoKtL
Pf4ZTPgYyfelzzWBkdDiDq8vyJ+uBhXcku86vFOIUjDSvwPfHnLtAc3Vsukdro/D
yGNIkt0zov2YS6mQQgL9fmfEVoPcs68f3Wbwqm5/9QnzRQ==
-----END CERTIFICATE-----