This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/uOX0wAHHngBgL0ZEci7ZQvhUzbI.roa
File:                     uOX0wAHHngBgL0ZEci7ZQvhUzbI.roa (raw, json)
Hash identifier:          L/4pSTHYLlxM7/E0WzF+gjoqb+agL4vYIcAc8+76EyY=
Subject key identifier:   B8:E5:F4:C0:01:C7:9E:00:60:2F:46:44:72:2E:D9:42:F8:54:CD:B2
Certificate issuer:       /CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
Certificate serial:       019B7834782B242C2939A7AA2FAAD5D693C8
Authority key identifier: 98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/uOX0wAHHngBgL0ZEci7ZQvhUzbI.roa
Signing time:             Thu 01 Jan 2026 06:17:43 +0000
ROA not before:           Thu 01 Jan 2026 06:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29588
IP address blocks:        2a00:f440:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:78:2b:24:2c:29:39:a7:aa:2f:aa:d5:d6:93:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
        Validity
            Not Before: Jan  1 06:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8e5f4c001c79e00602f4644722ed942f854cdb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e5:f8:9e:a9:69:91:de:e2:e5:dd:b2:a0:e2:
                    12:61:68:12:8b:08:8d:43:96:39:e1:a5:c2:ef:cf:
                    3e:5b:06:49:08:8e:39:0c:46:b5:8f:4d:0c:29:7e:
                    04:cc:bc:52:d9:c6:50:0f:54:d5:99:08:79:d2:e4:
                    1c:de:d0:1e:84:8c:bd:e4:f3:ea:4d:c5:61:d5:fe:
                    4e:ab:f2:52:66:cf:7e:97:63:e0:fa:2f:6b:73:96:
                    b4:e1:93:e6:ff:66:3d:3f:07:bd:a8:55:70:96:91:
                    47:dc:e4:7d:87:d1:25:f7:47:fe:8a:ec:77:9f:92:
                    b2:bb:fa:97:b3:0c:8a:ff:7a:ed:21:a0:d9:39:01:
                    6e:39:c6:0d:51:1a:9e:c9:b9:2d:d0:56:54:fd:90:
                    69:77:47:2a:9e:7d:e8:f3:61:87:1c:08:6b:21:2c:
                    bb:11:eb:c2:08:48:7b:20:51:b9:f4:6c:03:85:c7:
                    49:ba:fc:72:7b:34:93:f6:25:10:9e:df:8e:58:4b:
                    15:fa:5c:bd:5b:fb:99:93:8b:3f:c2:15:4c:6f:cc:
                    d0:5e:db:56:35:a0:1e:68:4c:0b:21:01:81:43:38:
                    ce:ab:a6:5e:6d:21:49:89:58:85:84:a2:37:98:f5:
                    b9:ba:32:fe:f4:4b:9b:30:aa:f7:aa:bd:9c:b2:43:
                    4a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E5:F4:C0:01:C7:9E:00:60:2F:46:44:72:2E:D9:42:F8:54:CD:B2
            X509v3 Authority Key Identifier:
                keyid:98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/uOX0wAHHngBgL0ZEci7ZQvhUzbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f440:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:33:29:f6:b7:25:d8:0f:94:47:87:5e:01:03:75:e5:8d:02:
         6b:d9:f2:3f:ca:91:ee:a0:4f:47:5c:61:6e:54:9e:87:20:12:
         ee:dd:d1:33:b6:f1:8d:ef:10:2b:72:cd:a0:3e:db:cc:f4:e8:
         cd:15:f4:3e:5a:68:bc:be:c5:b0:8d:79:dc:f3:8b:05:a0:df:
         65:ba:82:30:e0:a4:f2:a9:fd:d6:08:7e:9f:60:33:a3:69:00:
         28:8d:e8:12:fe:70:56:04:3d:1f:4c:95:35:9b:30:f0:9c:f4:
         16:de:00:33:39:1f:ff:80:f7:06:d9:ab:f7:2e:78:1e:4d:a9:
         22:95:ee:89:e4:cf:be:f4:e0:1d:a1:14:e4:f8:3a:ca:87:8f:
         28:8d:22:f7:2d:aa:56:ee:3b:c8:1d:2a:e2:a5:8c:17:31:8e:
         bb:85:b9:69:ab:d9:b7:93:dd:77:d3:fc:31:3d:ab:42:0d:1e:
         d9:78:07:c7:ff:b6:fa:dd:0e:77:56:d2:c1:6c:68:15:48:e6:
         fd:3f:f0:87:49:91:93:d8:0b:2c:04:4f:57:be:00:b8:81:20:
         18:77:f8:bc:f1:7d:89:26:ae:5b:b5:bf:77:c7:1a:32:62:b6:
         67:11:6c:7e:23:ab:c3:14:23:04:74:aa:8e:78:f6:1e:7f:98:
         98:dd:bb:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NHgrJCwpOaeqL6rV1pPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTFjNDQ4ODY5OWU2ZDAyNGUzOWNjNGQ2MWVlZWFiZDM4
MDEwZmEwHhcNMjYwMTAxMDYxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGU1ZjRjMDAxYzc5ZTAwNjAyZjQ2NDQ3MjJlZDk0MmY4NTRjZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eX4nqlpkd7i5d2yoOISYWgSiwiN
Q5Y54aXC788+WwZJCI45DEa1j00MKX4EzLxS2cZQD1TVmQh50uQc3tAehIy95PPq
TcVh1f5Oq/JSZs9+l2Pg+i9rc5a04ZPm/2Y9Pwe9qFVwlpFH3OR9h9El90f+iux3
n5Kyu/qXswyK/3rtIaDZOQFuOcYNURqeybkt0FZU/ZBpd0cqnn3o82GHHAhrISy7
EevCCEh7IFG59GwDhcdJuvxyezST9iUQnt+OWEsV+ly9W/uZk4s/whVMb8zQXttW
NaAeaEwLIQGBQzjOq6ZebSFJiViFhKI3mPW5ujL+9EubMKr3qr2cskNKEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLjl9MABx54AYC9GRHIu2UL4VM2yMB8GA1UdIwQY
MBaAFJiRxEiGmebQJOOcxNYe7qvTgBD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUt
ZTEwYTYwNTk2YzI2LzEvdU9YMHdBSEhuZ0JnTDBaRWNpN1pRdmhVemJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUtZTEwYTYwNTk2YzI2
LzEvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD0QAAK
MA0GCSqGSIb3DQEBCwUAA4IBAQBqMyn2tyXYD5RHh14BA3XljQJr2fI/ypHuoE9H
XGFuVJ6HIBLu3dEztvGN7xArcs2gPtvM9OjNFfQ+Wmi8vsWwjXnc84sFoN9luoIw
4KTyqf3WCH6fYDOjaQAojegS/nBWBD0fTJU1mzDwnPQW3gAzOR//gPcG2av3Lnge
Takile6J5M++9OAdoRTk+DrKh48ojSL3LapW7jvIHSripYwXMY67hblpq9m3k913
0/wxPatCDR7ZeAfH/7b63Q53VtLBbGgVSOb9P/CHSZGT2AssBE9XvgC4gSAYd/i8
8X2JJq5btb93xxoyYrZnEWx+I6vDFCMEdKqOePYef5iY3bsj
-----END CERTIFICATE-----