This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/l31vC9yj9tOcNEOiDfa6E5mFI5A.roa
File:                     l31vC9yj9tOcNEOiDfa6E5mFI5A.roa (raw, json)
Hash identifier:          iMLRpeq0aUEWDn3LyfJLey3OSaLGqWRnQDkTV9RvDA0=
Subject key identifier:   97:7D:6F:0B:DC:A3:F6:D3:9C:34:43:A2:0D:F6:BA:13:99:85:23:90
Certificate issuer:       /CN=42b4c79a22a3fe987ef31908cd44ff81e9b1acf4
Certificate serial:       019B7BA4FAFA776D3B855A66B95F40C8B78F
Authority key identifier: 42:B4:C7:9A:22:A3:FE:98:7E:F3:19:08:CD:44:FF:81:E9:B1:AC:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QrTHmiKj_ph-8xkIzUT_gemxrPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/l31vC9yj9tOcNEOiDfa6E5mFI5A.roa
Signing time:             Thu 01 Jan 2026 22:19:28 +0000
ROA not before:           Thu 01 Jan 2026 22:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43595
IP address blocks:        2a06:4180:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/QrTHmiKj_ph-8xkIzUT_gemxrPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/QrTHmiKj_ph-8xkIzUT_gemxrPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QrTHmiKj_ph-8xkIzUT_gemxrPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:fa:fa:77:6d:3b:85:5a:66:b9:5f:40:c8:b7:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42b4c79a22a3fe987ef31908cd44ff81e9b1acf4
        Validity
            Not Before: Jan  1 22:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=977d6f0bdca3f6d39c3443a20df6ba1399852390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:54:10:2e:98:f6:e4:d0:16:3f:50:ff:c2:53:
                    49:30:84:41:61:ab:34:8f:e6:3b:d5:f7:bb:a7:29:
                    f0:41:00:d4:56:fa:f5:42:a3:6e:6f:4e:ac:49:d8:
                    d4:37:1c:19:29:d5:e4:3c:c3:04:bd:bf:99:3b:2c:
                    d8:23:23:c8:fd:00:45:8b:c2:3f:c2:93:de:20:fb:
                    8b:83:cf:66:d3:28:e0:ec:2f:81:86:ba:46:7a:29:
                    8e:c5:52:92:74:61:71:10:94:6b:cd:8d:ba:ec:0b:
                    51:94:26:d0:c6:55:e3:6c:a0:c5:f5:29:35:00:2d:
                    27:f1:f8:de:83:a0:d8:81:b5:1b:95:7b:78:f7:3b:
                    69:59:08:0f:24:03:20:50:b2:3c:53:11:87:d7:a3:
                    cb:23:70:ae:5f:1d:84:1f:16:58:cb:a8:5d:c0:a7:
                    25:d1:ef:d9:7c:26:a4:dc:85:b3:b6:81:3a:25:56:
                    3d:b5:5b:f2:bb:f6:4e:80:e4:23:7b:7d:d7:99:1a:
                    f3:60:fa:81:b2:3b:23:3c:24:e4:00:b2:2e:8e:c2:
                    15:0a:fa:86:81:05:1b:88:6f:56:3e:fa:31:05:4a:
                    c8:19:9c:3a:58:06:cd:03:4b:33:0f:b5:ba:8c:ad:
                    6c:4f:3a:e9:83:9c:ba:53:92:af:97:44:92:58:81:
                    a7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7D:6F:0B:DC:A3:F6:D3:9C:34:43:A2:0D:F6:BA:13:99:85:23:90
            X509v3 Authority Key Identifier:
                keyid:42:B4:C7:9A:22:A3:FE:98:7E:F3:19:08:CD:44:FF:81:E9:B1:AC:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QrTHmiKj_ph-8xkIzUT_gemxrPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/l31vC9yj9tOcNEOiDfa6E5mFI5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/4b911c-3d4d-42d5-9234-f288137cb500/1/QrTHmiKj_ph-8xkIzUT_gemxrPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:4180:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:aa:2a:fd:e3:de:bd:b1:74:b5:10:0f:a7:6e:b7:02:99:97:
         d3:21:9c:d5:53:6a:45:43:cd:c9:14:3e:bf:e4:df:d2:cf:a1:
         8d:99:db:e4:66:dc:a2:2b:b1:8a:f8:e1:d2:fd:25:73:97:28:
         49:e6:20:eb:38:4a:7e:fd:8d:5e:8f:91:12:ec:28:88:2b:f6:
         02:78:63:62:f5:95:81:cf:1d:99:82:5a:d7:7a:de:45:5f:fe:
         43:4a:31:3b:70:1d:a5:d2:29:ba:b2:b8:95:25:10:fd:41:1a:
         c8:3b:cd:aa:90:d9:9d:e9:d7:ad:3f:8b:a4:d7:45:ac:33:ef:
         d9:8a:00:34:3c:f2:05:ef:c4:13:ec:fd:7c:00:a1:31:3d:fa:
         c8:85:c0:7c:fc:25:a7:31:76:6b:ed:22:7f:e6:b9:1b:3e:f9:
         40:9f:3f:da:cb:e2:dd:49:d7:12:1c:ed:df:c2:a9:98:e0:6f:
         b3:c9:28:11:f8:a1:db:4a:66:ad:ed:4b:76:dc:e4:a4:9d:dc:
         13:e6:45:3c:53:d4:b1:89:be:1d:c2:69:f3:d1:31:32:6d:14:
         84:61:b7:c4:85:4b:0e:8f:4e:f6:72:a0:6a:57:fb:81:cb:f0:
         02:5b:a2:8f:1d:48:1d:fe:58:fc:ad:96:a8:bf:03:db:d7:ca:
         83:00:97:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pPr6d207hVpmuV9AyLePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYjRjNzlhMjJhM2ZlOTg3ZWYzMTkwOGNkNDRmZjgxZTli
MWFjZjQwHhcNMjYwMTAxMjIxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdkNmYwYmRjYTNmNmQzOWMzNDQzYTIwZGY2YmExMzk5ODUyMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVQQLpj25NAWP1D/wlNJMIRBYas0
j+Y71fe7pynwQQDUVvr1QqNub06sSdjUNxwZKdXkPMMEvb+ZOyzYIyPI/QBFi8I/
wpPeIPuLg89m0yjg7C+BhrpGeimOxVKSdGFxEJRrzY267AtRlCbQxlXjbKDF9Sk1
AC0n8fjeg6DYgbUblXt49ztpWQgPJAMgULI8UxGH16PLI3CuXx2EHxZYy6hdwKcl
0e/ZfCak3IWztoE6JVY9tVvyu/ZOgOQje33XmRrzYPqBsjsjPCTkALIujsIVCvqG
gQUbiG9WPvoxBUrIGZw6WAbNA0szD7W6jK1sTzrpg5y6U5Kvl0SSWIGnoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJd9bwvco/bTnDRDog32uhOZhSOQMB8GA1UdIwQY
MBaAFEK0x5oio/6YfvMZCM1E/4Hpsaz0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXJUSG1pS2pfcGgtOHhrSXpVVF9nZW14clBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC80YjkxMWMtM2Q0ZC00MmQ1LTkyMzQt
ZjI4ODEzN2NiNTAwLzEvbDMxdkM5eWo5dE9jTkVPaURmYTZFNW1GSTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC80YjkxMWMtM2Q0ZC00MmQ1LTkyMzQtZjI4ODEzN2NiNTAw
LzEvUXJUSG1pS2pfcGgtOHhrSXpVVF9nZW14clBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgZBgAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAnqir94969sXS1EA+nbrcCmZfTIZzVU2pFQ83J
FD6/5N/Sz6GNmdvkZtyiK7GK+OHS/SVzlyhJ5iDrOEp+/Y1ej5ES7CiIK/YCeGNi
9ZWBzx2ZglrXet5FX/5DSjE7cB2l0im6sriVJRD9QRrIO82qkNmd6detP4uk10Ws
M+/ZigA0PPIF78QT7P18AKExPfrIhcB8/CWnMXZr7SJ/5rkbPvlAnz/ay+LdSdcS
HO3fwqmY4G+zySgR+KHbSmat7Ut23OSkndwT5kU8U9Sxib4dwmnz0TEybRSEYbfE
hUsOj072cqBqV/uBy/ACW6KPHUgd/lj8rZaovwPb18qDAJcn
-----END CERTIFICATE-----