This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/x-IqmHcq2RbbNQwZWPLFGME6fBQ.roa
File:                     x-IqmHcq2RbbNQwZWPLFGME6fBQ.roa (raw, json)
Hash identifier:          FCgzZFlvjuxmEtwainnhIhWfBfZQSILdu5ybFbV80a8=
Subject key identifier:   C7:E2:2A:98:77:2A:D9:16:DB:35:0C:19:58:F2:C5:18:C1:3A:7C:14
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       019B7AC7EC5BDCEC62F6A780A1F80CE5947F
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/x-IqmHcq2RbbNQwZWPLFGME6fBQ.roa
Signing time:             Thu 01 Jan 2026 18:18:01 +0000
ROA not before:           Thu 01 Jan 2026 18:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3333
IP address blocks:        2001:610:240::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:ec:5b:dc:ec:62:f6:a7:80:a1:f8:0c:e5:94:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 18:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7e22a98772ad916db350c1958f2c518c13a7c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:49:5b:2c:18:52:62:78:70:01:8b:e8:77:9e:
                    04:63:ff:e6:72:ca:9e:08:02:50:cf:60:b2:fc:df:
                    f5:a3:54:37:4f:ff:71:5a:b6:55:d0:bc:4f:a8:4a:
                    29:08:49:28:76:02:22:f1:0d:cb:45:f7:8f:6f:41:
                    8e:26:a2:57:36:4a:e4:2d:93:76:e5:82:b8:34:f5:
                    f1:da:8b:dc:fc:55:07:dc:3b:13:4c:d9:da:36:f4:
                    d8:63:0a:15:3c:2d:57:ce:11:2e:8d:a7:44:74:82:
                    37:85:e9:1b:ba:eb:7c:4a:54:a1:6c:d9:95:f5:82:
                    21:81:09:c8:97:e1:a2:bf:6a:cf:21:f3:1b:13:0f:
                    68:18:30:7c:1a:5f:7a:1f:42:63:1c:6c:42:1d:07:
                    44:53:72:56:7a:e3:df:90:b3:fc:6c:cc:4b:61:d6:
                    ed:74:3b:ca:42:22:b0:76:16:27:aa:ce:16:99:c5:
                    ea:bc:e9:6f:7d:36:22:a8:35:ec:11:7a:d0:03:55:
                    75:17:75:8f:8a:25:03:fd:4f:a6:f9:8d:74:14:5d:
                    64:e5:10:7f:97:eb:8e:f3:2a:1d:7f:98:46:7b:8f:
                    ab:85:54:15:9c:55:79:ce:46:84:7e:bb:ac:cf:ca:
                    e7:dd:25:b1:7e:83:cd:08:1e:9a:15:75:63:34:8f:
                    a5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E2:2A:98:77:2A:D9:16:DB:35:0C:19:58:F2:C5:18:C1:3A:7C:14
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/x-IqmHcq2RbbNQwZWPLFGME6fBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:610:240::/42

    Signature Algorithm: sha256WithRSAEncryption
         66:8b:9f:fe:e1:a4:9c:37:46:19:b3:db:48:07:c3:00:99:05:
         ea:2b:55:cb:0c:45:65:73:62:3f:d0:e3:75:dc:8a:55:4c:3a:
         72:81:2d:52:34:b2:20:6b:5d:93:c3:dd:ad:6c:df:e6:5a:83:
         ff:a5:09:22:0d:38:5f:12:1d:96:b4:ee:f9:c9:24:0c:d7:07:
         73:80:46:dd:d1:f0:d2:c0:7d:b4:05:4d:83:ef:13:5a:48:22:
         28:4f:3b:52:84:7d:52:5d:64:3b:55:7f:50:a5:6e:a2:83:84:
         61:fc:ba:32:6e:4d:b0:e8:98:ee:3c:ae:ea:51:8c:6b:8c:e3:
         f6:e2:52:c7:93:6c:9d:2e:09:00:ce:72:c1:e7:d6:af:36:d0:
         c7:99:ad:5f:3a:3b:70:19:b8:fa:2c:19:54:e3:e2:3a:2a:5b:
         a0:f7:b0:3c:dd:77:32:32:1b:54:25:da:85:03:21:d3:91:35:
         68:9a:bf:dd:18:70:ad:ed:84:77:02:b0:13:68:46:8b:6f:ff:
         ef:aa:54:62:db:6c:41:82:1d:eb:51:df:6c:ef:09:61:99:74:
         e4:0b:ae:f8:4b:33:9a:a5:82:35:19:f7:6b:db:eb:c0:b5:d1:
         26:5b:4e:1b:61:60:0c:49:ac:20:bc:4d:bf:ca:85:04:11:f5:
         bd:c3:20:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6x+xb3Oxi9qeAofgM5ZR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjYwMTAxMTgxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2UyMmE5ODc3MmFkOTE2ZGIzNTBjMTk1OGYyYzUxOGMxM2E3YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUlbLBhSYnhwAYvod54EY//mcsqe
CAJQz2Cy/N/1o1Q3T/9xWrZV0LxPqEopCEkodgIi8Q3LRfePb0GOJqJXNkrkLZN2
5YK4NPXx2ovc/FUH3DsTTNnaNvTYYwoVPC1XzhEujadEdII3hekbuut8SlShbNmV
9YIhgQnIl+Giv2rPIfMbEw9oGDB8Gl96H0JjHGxCHQdEU3JWeuPfkLP8bMxLYdbt
dDvKQiKwdhYnqs4WmcXqvOlvfTYiqDXsEXrQA1V1F3WPiiUD/U+m+Y10FF1k5RB/
l+uO8yodf5hGe4+rhVQVnFV5zkaEfrusz8rn3SWxfoPNCB6aFXVjNI+lJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMfiKph3KtkW2zUMGVjyxRjBOnwUMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEveC1JcW1IY3EyUmJiTlF3WldQTEZHTUU2ZkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGIAEGEAJA
MA0GCSqGSIb3DQEBCwUAA4IBAQBmi5/+4aScN0YZs9tIB8MAmQXqK1XLDEVlc2I/
0ON13IpVTDpygS1SNLIga12Tw92tbN/mWoP/pQkiDThfEh2WtO75ySQM1wdzgEbd
0fDSwH20BU2D7xNaSCIoTztShH1SXWQ7VX9QpW6ig4Rh/Loybk2w6JjuPK7qUYxr
jOP24lLHk2ydLgkAznLB59avNtDHma1fOjtwGbj6LBlU4+I6Klug97A83XcyMhtU
JdqFAyHTkTVomr/dGHCt7YR3ArATaEaLb//vqlRi22xBgh3rUd9s7wlhmXTkC674
SzOapYI1Gfdr2+vAtdEmW04bYWAMSawgvE2/yoUEEfW9wyDn
-----END CERTIFICATE-----