This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CeOf0W3m5MX_jgJBEH7JX5KrhUg.roa
File:                     CeOf0W3m5MX_jgJBEH7JX5KrhUg.roa (raw, json)
Hash identifier:          mmqeSNHOtnnmrTwyC57QgpMJJpTtxSVFaFpgv9+Nv3U=
Subject key identifier:   09:E3:9F:D1:6D:E6:E4:C5:FF:8E:02:41:10:7E:C9:5F:92:AB:85:48
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC7930547C7980CF5E9043AABCA803F
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CeOf0W3m5MX_jgJBEH7JX5KrhUg.roa
Signing time:             Thu 01 Jan 2026 18:17:38 +0000
ROA not before:           Thu 01 Jan 2026 18:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        2a09:e01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:93:05:47:c7:98:0c:f5:e9:04:3a:ab:ca:80:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09e39fd16de6e4c5ff8e0241107ec95f92ab8548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5c:13:9c:51:88:04:fa:97:44:7f:9c:89:aa:
                    5a:e8:07:2b:38:3c:61:6b:2e:c1:a9:00:f2:0d:33:
                    43:ac:11:24:0a:b0:8c:5e:8a:18:59:32:8f:51:e5:
                    ee:e1:e6:6e:37:36:7c:66:73:67:2a:b9:41:9b:7b:
                    54:3e:4e:f5:79:a3:7f:71:d7:0e:ec:df:30:b9:53:
                    d9:39:f6:cb:b9:ff:ba:02:a6:90:49:1a:6f:47:85:
                    82:81:ff:c1:1c:63:4b:ff:5d:2b:bc:26:c7:9a:1a:
                    b3:e1:d8:9b:f2:4f:ce:db:c6:0e:b3:b8:e7:08:31:
                    19:02:a2:a8:34:37:b7:d8:1d:49:03:26:b7:b2:38:
                    27:67:58:00:4f:4c:60:80:d1:a3:2c:73:1f:3b:31:
                    5f:a0:ae:38:b5:81:97:55:27:cb:b6:99:7c:2d:72:
                    3b:e8:7d:40:3e:c1:b4:cc:65:27:ed:86:1e:fe:9a:
                    5c:7d:ca:f7:bf:ec:56:5d:be:c8:2d:03:81:84:2e:
                    af:46:46:9c:c7:42:13:98:bb:4b:e8:21:d7:1b:a6:
                    1a:e3:07:ee:0b:84:70:9a:c1:ef:c1:38:c4:29:71:
                    3d:84:1a:6d:10:e5:d6:cf:f5:42:cf:21:b1:76:f7:
                    95:6f:22:7f:d1:b3:4e:55:44:f4:c7:93:75:bb:6b:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:E3:9F:D1:6D:E6:E4:C5:FF:8E:02:41:10:7E:C9:5F:92:AB:85:48
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CeOf0W3m5MX_jgJBEH7JX5KrhUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e01::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:4b:2c:4a:5e:62:2d:78:0a:b4:55:88:7e:42:5b:ed:e9:a4:
         2d:ca:45:1f:a5:1f:a6:b8:6a:1a:86:ce:b7:c0:e3:39:d2:1f:
         9b:0f:b8:2a:45:2e:fd:84:02:15:3b:ec:ca:53:62:db:45:f9:
         5a:70:c5:b0:36:d2:35:4c:bc:d3:f0:2b:23:8d:75:fd:64:78:
         3c:04:53:ff:e3:4e:d3:b4:1f:d0:c3:56:e4:ec:56:5b:a4:f4:
         26:fa:d7:6e:6a:f0:89:4c:1d:e7:c8:26:fb:c3:e2:e3:5b:15:
         aa:9b:f6:6c:cf:8c:bc:ad:6c:46:e6:f9:46:19:0c:b7:d2:f0:
         24:bd:d9:de:f3:82:cd:af:c8:e9:6f:50:a4:27:1a:1e:ab:e4:
         9e:6d:ce:51:c0:a4:22:d7:aa:b3:59:ca:ae:b1:6e:bd:94:56:
         54:9f:06:af:77:39:68:6b:22:9d:d1:7d:41:7b:03:8d:49:64:
         08:45:1b:e3:69:1d:71:35:cb:4a:fe:96:b7:b1:6e:9c:55:28:
         d0:87:13:80:21:ed:fe:ba:ea:d7:bf:01:b0:09:0f:94:8e:8a:
         b2:4e:d6:6d:d8:40:8d:40:ed:ef:3e:9c:61:e8:3c:64:cc:4f:
         05:42:f7:26:3e:28:b7:33:7a:ed:91:e6:71:61:5f:01:04:a3:
         80:9f:0a:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6x5MFR8eYDPXpBDqryoA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWUzOWZkMTZkZTZlNGM1ZmY4ZTAyNDExMDdlYzk1ZjkyYWI4NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1wTnFGIBPqXRH+ciapa6AcrODxh
ay7BqQDyDTNDrBEkCrCMXooYWTKPUeXu4eZuNzZ8ZnNnKrlBm3tUPk71eaN/cdcO
7N8wuVPZOfbLuf+6AqaQSRpvR4WCgf/BHGNL/10rvCbHmhqz4dib8k/O28YOs7jn
CDEZAqKoNDe32B1JAya3sjgnZ1gAT0xggNGjLHMfOzFfoK44tYGXVSfLtpl8LXI7
6H1APsG0zGUn7YYe/ppcfcr3v+xWXb7ILQOBhC6vRkacx0ITmLtL6CHXG6Ya4wfu
C4RwmsHvwTjEKXE9hBptEOXWz/VCzyGxdveVbyJ/0bNOVUT0x5N1u2u5GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAnjn9Ft5uTF/44CQRB+yV+Sq4VIMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQ2VPZjBXM201TVhfamdKQkVIN0pYNUtyaFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgkOATAN
BgkqhkiG9w0BAQsFAAOCAQEAJ0ssSl5iLXgKtFWIfkJb7emkLcpFH6UfprhqGobO
t8DjOdIfmw+4KkUu/YQCFTvsylNi20X5WnDFsDbSNUy80/ArI411/WR4PART/+NO
07Qf0MNW5OxWW6T0JvrXbmrwiUwd58gm+8Pi41sVqpv2bM+MvK1sRub5RhkMt9Lw
JL3Z3vOCza/I6W9QpCcaHqvknm3OUcCkIteqs1nKrrFuvZRWVJ8Gr3c5aGsindF9
QXsDjUlkCEUb42kdcTXLSv6Wt7FunFUo0IcTgCHt/rrq178BsAkPlI6Ksk7WbdhA
jUDt7z6cYeg8ZMxPBUL3Jj4otzN67ZHmcWFfAQSjgJ8K2w==
-----END CERTIFICATE-----