This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/L7xswkZOYtWZFKKAqV29uL6KrTo.roa
File:                     L7xswkZOYtWZFKKAqV29uL6KrTo.roa (raw, json)
Hash identifier:          7HxTzwEYY9RT2odFm0ohwxx/sbrU6yVxKLryEnSr9X4=
Subject key identifier:   2F:BC:6C:C2:46:4E:62:D5:99:14:A2:80:A9:5D:BD:B8:BE:8A:AD:3A
Certificate issuer:       /CN=a685f1914ceb19221c563193027d45345033ad5f
Certificate serial:       019B7F83186EE6330B6F91A3CA6AF1AF6158
Authority key identifier: A6:85:F1:91:4C:EB:19:22:1C:56:31:93:02:7D:45:34:50:33:AD:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/L7xswkZOYtWZFKKAqV29uL6KrTo.roa
Signing time:             Fri 02 Jan 2026 16:20:56 +0000
ROA not before:           Fri 02 Jan 2026 16:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213685
IP address blocks:        2a14:ca00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:18:6e:e6:33:0b:6f:91:a3:ca:6a:f1:af:61:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a685f1914ceb19221c563193027d45345033ad5f
        Validity
            Not Before: Jan  2 16:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2fbc6cc2464e62d59914a280a95dbdb8be8aad3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5f:24:cf:90:df:b0:a4:ff:f5:81:c8:05:fb:
                    46:f0:bb:ee:b7:63:39:40:46:4a:04:81:05:12:82:
                    b6:70:28:69:99:cc:44:99:fd:4a:e3:e8:80:df:da:
                    f2:f2:db:2b:1f:66:1c:71:6d:b4:12:4d:dd:50:ea:
                    d4:32:3e:62:d5:99:10:2b:13:f4:85:53:75:37:57:
                    a8:12:dd:3c:5e:e4:4d:e3:70:77:5f:86:fc:2c:8d:
                    c4:9f:68:9b:65:df:88:da:d3:fd:55:73:61:fb:b4:
                    0e:6d:bd:bc:37:44:5e:e9:69:34:25:ee:a4:38:82:
                    6d:77:81:50:bd:61:58:9f:48:7d:4d:30:6f:33:86:
                    cd:19:e1:c5:76:2d:14:3a:53:f6:7d:69:23:e5:16:
                    bf:8b:64:43:0c:63:6a:7c:05:5e:c1:4a:2c:9f:81:
                    2a:ce:92:c4:dd:bb:98:f1:f6:ce:10:51:fb:7c:e0:
                    0d:23:21:ac:bf:2f:98:13:bf:78:94:b7:d4:e3:6d:
                    a3:39:c4:cc:05:60:0d:2d:ad:c6:a6:01:9f:78:ff:
                    f6:cb:4b:c1:7c:4a:ea:7d:18:49:91:88:2a:9c:95:
                    8d:68:e9:15:66:af:5d:6c:f8:dc:6d:86:0f:95:cd:
                    86:6e:54:1e:c7:bc:a3:2f:25:89:47:16:2c:5c:58:
                    b8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:BC:6C:C2:46:4E:62:D5:99:14:A2:80:A9:5D:BD:B8:BE:8A:AD:3A
            X509v3 Authority Key Identifier:
                keyid:A6:85:F1:91:4C:EB:19:22:1C:56:31:93:02:7D:45:34:50:33:AD:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/L7xswkZOYtWZFKKAqV29uL6KrTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ca00::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:ed:46:7d:43:cd:59:d9:64:dd:cc:3a:de:0e:45:70:b1:e0:
         16:6a:08:b5:f3:de:cc:cd:f6:1f:91:fb:f7:8b:64:90:4d:26:
         70:13:7a:6e:66:2c:95:0a:cd:bc:8f:2b:a1:1a:61:66:cd:20:
         dc:e9:b8:03:5c:f2:76:af:cb:42:26:ad:13:63:c9:37:90:eb:
         96:9c:f6:ab:b9:13:6e:de:99:c9:05:fc:89:67:41:06:71:31:
         e8:52:a4:9f:e4:f8:f4:66:07:7d:f3:d4:3b:2c:16:aa:49:65:
         ab:b8:ef:1c:22:82:84:0e:85:73:33:a0:47:fc:98:e7:da:40:
         a8:bd:14:cc:f6:b2:e5:ec:e9:58:fe:6d:16:c4:48:06:da:1a:
         0f:5f:1f:ff:b3:00:09:75:cf:c5:5c:93:d2:56:aa:30:54:4f:
         5b:d8:82:3c:a8:a1:80:a8:cb:db:6a:0a:f4:aa:88:8b:90:24:
         01:81:79:65:5d:88:d0:fe:cb:a3:00:3d:75:e5:0f:19:b3:c3:
         a8:60:db:21:2d:ee:52:09:71:45:a5:bd:1f:57:f1:88:28:b8:
         58:ee:59:98:23:b6:07:b0:ce:30:84:46:fc:73:34:21:e6:e5:
         74:60:ea:0d:ee:26:8f:66:34:00:86:f1:db:5e:b3:28:1e:aa:
         4c:f9:d0:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/gxhu5jMLb5Gjymrxr2FYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ODVmMTkxNGNlYjE5MjIxYzU2MzE5MzAyN2Q0NTM0NTAz
M2FkNWYwHhcNMjYwMTAyMTYyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmJjNmNjMjQ2NGU2MmQ1OTkxNGEyODBhOTVkYmRiOGJlOGFhZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl8kz5DfsKT/9YHIBftG8Lvut2M5
QEZKBIEFEoK2cChpmcxEmf1K4+iA39ry8tsrH2YccW20Ek3dUOrUMj5i1ZkQKxP0
hVN1N1eoEt08XuRN43B3X4b8LI3En2ibZd+I2tP9VXNh+7QObb28N0Re6Wk0Je6k
OIJtd4FQvWFYn0h9TTBvM4bNGeHFdi0UOlP2fWkj5Ra/i2RDDGNqfAVewUosn4Eq
zpLE3buY8fbOEFH7fOANIyGsvy+YE794lLfU422jOcTMBWANLa3GpgGfeP/2y0vB
fErqfRhJkYgqnJWNaOkVZq9dbPjcbYYPlc2GblQex7yjLyWJRxYsXFi4oQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC+8bMJGTmLVmRSigKldvbi+iq06MB8GA1UdIwQY
MBaAFKaF8ZFM6xkiHFYxkwJ9RTRQM61fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9YeGtVenJHU0ljVmpHVEFuMUZORkF6clY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xOTg2MmMtZjdkNC00ZjRmLWE4ZGQt
MWViYzUwZGNlZDQ5LzEvTDd4c3drWk9ZdFdaRktLQXFWMjl1TDZLclRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xOTg2MmMtZjdkNC00ZjRmLWE4ZGQtMWViYzUwZGNlZDQ5
LzEvcG9YeGtVenJHU0ljVmpHVEFuMUZORkF6clY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTKADAN
BgkqhkiG9w0BAQsFAAOCAQEAl+1GfUPNWdlk3cw63g5FcLHgFmoItfPezM32H5H7
94tkkE0mcBN6bmYslQrNvI8roRphZs0g3Om4A1zydq/LQiatE2PJN5Drlpz2q7kT
bt6ZyQX8iWdBBnEx6FKkn+T49GYHffPUOywWqkllq7jvHCKChA6FczOgR/yY59pA
qL0UzPay5ezpWP5tFsRIBtoaD18f/7MACXXPxVyT0laqMFRPW9iCPKihgKjL22oK
9KqIi5AkAYF5ZV2I0P7LowA9deUPGbPDqGDbIS3uUglxRaW9H1fxiCi4WO5ZmCO2
B7DOMIRG/HM0IebldGDqDe4mj2Y0AIbx216zKB6qTPnQrQ==
-----END CERTIFICATE-----