This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/yqfYAhxKzEU-xZc4dSsVxVRn1xQ.roa
File:                     yqfYAhxKzEU-xZc4dSsVxVRn1xQ.roa (raw, json)
Hash identifier:          x2ct4zFMCc0boyM7X2ctiDqfrOIuQWGhxoimZFBvzz8=
Subject key identifier:   CA:A7:D8:02:1C:4A:CC:45:3E:C5:97:38:75:2B:15:C5:54:67:D7:14
Certificate issuer:       /CN=43dfc066ce7cd3e382574a68667973b0b468df3c
Certificate serial:       019BC61EB1F256259A2F3407CF014877467E
Authority key identifier: 43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/yqfYAhxKzEU-xZc4dSsVxVRn1xQ.roa
Signing time:             Fri 16 Jan 2026 09:24:18 +0000
ROA not before:           Fri 16 Jan 2026 09:24:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202218
IP address blocks:        2a10:ba00:53::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 18:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c6:1e:b1:f2:56:25:9a:2f:34:07:cf:01:48:77:46:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43dfc066ce7cd3e382574a68667973b0b468df3c
        Validity
            Not Before: Jan 16 09:24:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caa7d8021c4acc453ec59738752b15c55467d714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b5:dc:ab:e9:a7:5a:b0:ca:5f:7e:27:2a:4f:
                    2e:c5:0c:57:f4:c0:8f:cd:8e:2c:e5:8f:1f:79:20:
                    7a:67:71:de:1a:13:6f:7e:27:ad:b7:a9:82:20:7d:
                    53:59:fc:72:15:2c:d1:a1:e8:f4:84:11:b0:d3:e0:
                    09:4b:ed:0a:5a:ac:d6:42:a7:72:de:f8:be:e9:c2:
                    27:20:a1:20:bc:ad:fc:ca:ed:ab:f1:32:88:0d:52:
                    37:2b:c4:c9:b6:2e:1b:7a:b3:30:83:73:49:b6:12:
                    af:9c:09:d5:15:d6:fd:cd:b7:e7:df:2d:58:d8:32:
                    dc:27:c0:9d:14:05:7f:82:7f:fc:a2:27:2c:76:b9:
                    f5:dc:e7:65:85:16:bc:63:7c:0d:25:3a:83:a7:18:
                    cb:69:e6:23:95:07:bb:a8:93:4f:95:cf:c6:d6:d1:
                    9a:73:95:49:82:09:a5:fe:2e:62:54:ab:7f:93:f2:
                    81:36:f9:9c:48:73:04:ae:df:4b:c7:7d:6f:de:40:
                    3c:92:dd:a4:61:d4:8f:67:dd:04:7a:41:92:ed:a6:
                    41:14:d0:cf:4e:c0:29:b0:5c:f8:b8:6e:c8:1e:d8:
                    e4:c7:d8:a9:2a:b7:df:36:0c:bd:a8:f0:a5:32:12:
                    7e:6e:3d:48:88:d4:96:ca:3c:40:ac:3a:57:89:05:
                    80:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A7:D8:02:1C:4A:CC:45:3E:C5:97:38:75:2B:15:C5:54:67:D7:14
            X509v3 Authority Key Identifier:
                keyid:43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/yqfYAhxKzEU-xZc4dSsVxVRn1xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ba00:53::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:79:c6:12:d8:14:ca:05:66:a0:34:76:57:ca:d5:f0:1b:5a:
         2b:07:01:fa:b2:30:14:c5:9d:a0:25:cc:c6:be:d7:81:30:64:
         46:d7:f2:fc:a5:ed:60:00:32:d5:a8:cc:58:70:02:8d:12:cf:
         12:5c:d7:28:45:28:a7:1d:3c:73:54:dd:87:a8:c8:16:aa:04:
         fa:91:dc:13:9d:45:ab:7e:76:46:a2:1a:b6:e9:a6:3c:98:e0:
         f5:5d:bf:75:f7:9d:f4:0a:44:ad:ad:d5:de:bb:02:2f:12:e9:
         a9:fc:9e:a3:08:d0:b2:c7:c0:bf:ea:e7:8d:8e:c1:7e:14:6f:
         ea:78:02:29:5d:a1:4b:64:f7:a3:c0:88:f8:8c:e1:88:cb:fd:
         20:c9:34:0c:0c:71:3c:63:8a:24:46:c5:08:f2:c1:06:67:02:
         9e:76:ec:3a:b8:c1:a1:03:fd:d3:14:75:d1:2a:6b:26:b0:fe:
         f7:54:ce:fc:be:eb:60:df:96:be:05:ad:b3:2f:49:06:a8:a4:
         26:ea:75:63:1d:e2:ba:5f:b4:cf:96:46:55:ec:14:ee:16:06:
         83:31:74:51:39:66:96:c3:a4:4c:f3:64:ce:9d:60:6b:06:c5:
         5c:93:15:e8:93:51:b4:3d:73:53:81:7e:89:e0:e9:7c:7e:9f:
         e5:67:70:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZvGHrHyViWaLzQHzwFId0Z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZGZjMDY2Y2U3Y2QzZTM4MjU3NGE2ODY2Nzk3M2IwYjQ2
OGRmM2MwHhcNMjYwMTE2MDkyNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWE3ZDgwMjFjNGFjYzQ1M2VjNTk3Mzg3NTJiMTVjNTU0NjdkNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7Xcq+mnWrDKX34nKk8uxQxX9MCP
zY4s5Y8feSB6Z3HeGhNvfiett6mCIH1TWfxyFSzRoej0hBGw0+AJS+0KWqzWQqdy
3vi+6cInIKEgvK38yu2r8TKIDVI3K8TJti4berMwg3NJthKvnAnVFdb9zbfn3y1Y
2DLcJ8CdFAV/gn/8oicsdrn13OdlhRa8Y3wNJTqDpxjLaeYjlQe7qJNPlc/G1tGa
c5VJggml/i5iVKt/k/KBNvmcSHMErt9Lx31v3kA8kt2kYdSPZ90EekGS7aZBFNDP
TsApsFz4uG7IHtjkx9ipKrffNgy9qPClMhJ+bj1IiNSWyjxArDpXiQWAOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMqn2AIcSsxFPsWXOHUrFcVUZ9cUMB8GA1UdIwQY
MBaAFEPfwGbOfNPjgldKaGZ5c7C0aN88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUt
MjUwOTc0M2FkMjllLzEveXFmWUFoeEt6RVUteFpjNGRTc1Z4VlJuMXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUtMjUwOTc0M2FkMjll
LzEvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhC6AABT
MA0GCSqGSIb3DQEBCwUAA4IBAQBYecYS2BTKBWagNHZXytXwG1orBwH6sjAUxZ2g
JczGvteBMGRG1/L8pe1gADLVqMxYcAKNEs8SXNcoRSinHTxzVN2HqMgWqgT6kdwT
nUWrfnZGohq26aY8mOD1Xb919530CkStrdXeuwIvEump/J6jCNCyx8C/6ueNjsF+
FG/qeAIpXaFLZPejwIj4jOGIy/0gyTQMDHE8Y4okRsUI8sEGZwKeduw6uMGhA/3T
FHXRKmsmsP73VM78vutg35a+Ba2zL0kGqKQm6nVjHeK6X7TPlkZV7BTuFgaDMXRR
OWaWw6RM82TOnWBrBsVckxXok1G0PXNTgX6J4Ol8fp/lZ3Cl
-----END CERTIFICATE-----