This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/XtIJQiHXMFZdv3to7hzaFPe58CM.roa
File:                     XtIJQiHXMFZdv3to7hzaFPe58CM.roa (raw, json)
Hash identifier:          0ywEoOgBomhFv9aUHIMG9mVJhsMccKkONYTnJ5FZ8MI=
Subject key identifier:   5E:D2:09:42:21:D7:30:56:5D:BF:7B:68:EE:1C:DA:14:F7:B9:F0:23
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       019B797EE25B66725B987D782B4BE5E857AB
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/XtIJQiHXMFZdv3to7hzaFPe58CM.roa
Signing time:             Thu 01 Jan 2026 12:18:37 +0000
ROA not before:           Thu 01 Jan 2026 12:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204508
IP address blocks:        2a04:f280::/40 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:e2:5b:66:72:5b:98:7d:78:2b:4b:e5:e8:57:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ed2094221d730565dbf7b68ee1cda14f7b9f023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2e:cb:4f:f8:d3:6a:df:b4:66:90:6b:8f:8e:
                    0f:5f:af:8b:91:20:ab:ff:47:86:62:17:d4:a5:f5:
                    f5:30:78:9b:af:2a:17:ba:41:a0:66:7e:25:43:d4:
                    cd:39:fe:ef:b4:93:c4:1f:be:bf:6c:52:41:83:85:
                    ee:bb:2b:bc:6f:02:c6:aa:d3:5d:f9:1f:2a:e1:c6:
                    47:f9:09:3e:0e:34:1e:f5:7b:a6:69:1a:42:de:4e:
                    66:3f:b7:a1:b8:ab:10:89:cf:42:39:ee:50:8c:e8:
                    4b:ac:76:f8:2c:85:28:95:c6:d3:35:71:e2:92:52:
                    0d:54:9d:78:52:d8:d8:e9:cc:af:6f:59:21:14:b8:
                    7d:2e:e0:23:32:19:ff:37:5a:93:ab:db:80:ec:ba:
                    a3:ba:00:fa:59:48:f3:fa:a5:50:10:80:81:6e:6c:
                    c4:e0:f9:a4:db:2c:15:0c:e9:d4:81:72:4b:15:19:
                    c1:50:40:3c:30:94:b3:24:87:8c:5f:1c:17:c2:22:
                    b2:e3:31:a3:7e:b0:57:ba:89:e1:e5:e7:e1:45:92:
                    b2:a0:3a:16:3b:9e:62:d2:4e:49:48:6a:46:ad:80:
                    e6:3e:05:c6:79:65:09:0d:23:05:d1:6a:ae:93:6c:
                    07:69:85:b3:94:d0:dd:b9:f8:b1:78:61:fc:b0:0e:
                    58:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D2:09:42:21:D7:30:56:5D:BF:7B:68:EE:1C:DA:14:F7:B9:F0:23
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/XtIJQiHXMFZdv3to7hzaFPe58CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         5e:0e:7c:3a:a8:06:c7:c8:b2:78:98:64:66:46:53:72:a6:60:
         7f:04:2a:6b:39:6c:f1:dd:94:89:7d:ef:e6:c5:0d:0e:57:dd:
         4d:fc:ba:85:4b:3e:23:9e:f3:43:b8:27:9a:de:4f:bb:dd:bf:
         14:9a:3e:c4:f0:c3:86:96:c2:cf:0c:4e:d2:84:7c:3f:e8:0d:
         30:52:d5:60:d4:fa:b1:e2:d9:34:fa:ed:27:79:48:91:fe:93:
         e4:21:02:06:be:e2:2a:42:b2:93:67:cc:73:b4:bc:7b:20:7f:
         20:27:c8:72:33:74:44:65:de:1e:b2:cd:cc:8d:b3:c8:35:f3:
         f2:33:3c:42:11:2b:b1:34:26:ea:75:81:67:b7:b1:9d:05:02:
         d0:b3:17:2f:ba:52:aa:8a:21:b2:36:1b:5d:2b:2c:9e:be:31:
         0c:8b:2a:92:9a:ad:48:7c:d1:a7:92:9b:b1:f2:fb:eb:eb:17:
         c9:77:ea:16:c5:e0:7c:d0:06:16:70:aa:56:e9:5e:c1:53:46:
         21:d7:5a:35:2a:ef:11:a7:e3:44:a9:38:7d:12:1e:23:ce:06:
         74:a9:7b:c6:0f:f0:4a:33:48:12:9b:de:3e:cb:fb:86:00:4c:
         51:54:9c:0e:17:4f:65:15:c7:52:41:17:95:1c:31:9c:19:bb:
         5c:58:5b:cf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt5fuJbZnJbmH14K0vl6FerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjYwMTAxMTIxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQyMDk0MjIxZDczMDU2NWRiZjdiNjhlZTFjZGExNGY3YjlmMDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC7LT/jTat+0ZpBrj44PX6+LkSCr
/0eGYhfUpfX1MHibryoXukGgZn4lQ9TNOf7vtJPEH76/bFJBg4Xuuyu8bwLGqtNd
+R8q4cZH+Qk+DjQe9XumaRpC3k5mP7ehuKsQic9COe5QjOhLrHb4LIUolcbTNXHi
klINVJ14UtjY6cyvb1khFLh9LuAjMhn/N1qTq9uA7LqjugD6WUjz+qVQEICBbmzE
4Pmk2ywVDOnUgXJLFRnBUEA8MJSzJIeMXxwXwiKy4zGjfrBXuonh5efhRZKyoDoW
O55i0k5JSGpGrYDmPgXGeWUJDSMF0Wquk2wHaYWzlNDdufixeGH8sA5YNQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF7SCUIh1zBWXb97aO4c2hT3ufAjMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvWHRJSlFpSFhNRlpkdjN0bzdoemFGUGU1OENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgTygAAw
DQYJKoZIhvcNAQELBQADggEBAF4OfDqoBsfIsniYZGZGU3KmYH8EKms5bPHdlIl9
7+bFDQ5X3U38uoVLPiOe80O4J5reT7vdvxSaPsTww4aWws8MTtKEfD/oDTBS1WDU
+rHi2TT67Sd5SJH+k+QhAga+4ipCspNnzHO0vHsgfyAnyHIzdERl3h6yzcyNs8g1
8/IzPEIRK7E0Jup1gWe3sZ0FAtCzFy+6UqqKIbI2G10rLJ6+MQyLKpKarUh80aeS
m7Hy++vrF8l36hbF4HzQBhZwqlbpXsFTRiHXWjUq7xGn40SpOH0SHiPOBnSpe8YP
8EozSBKb3j7L+4YATFFUnA4XT2UVx1JBF5UcMZwZu1xYW88=
-----END CERTIFICATE-----