This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/FXU6diYKcbRIsw4MmevlGTpvGb0.roa
File:                     FXU6diYKcbRIsw4MmevlGTpvGb0.roa (raw, json)
Hash identifier:          aFnvjS1XXi7qixi4xTsDLaU24Ku8jOZbxW9SYMuhSJc=
Subject key identifier:   15:75:3A:76:26:0A:71:B4:48:B3:0E:0C:99:EB:E5:19:3A:6F:19:BD
Certificate issuer:       /CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
Certificate serial:       019BEA67CF389469AFB9066A41943516837A
Authority key identifier: 4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/FXU6diYKcbRIsw4MmevlGTpvGb0.roa
Signing time:             Fri 23 Jan 2026 10:30:30 +0000
ROA not before:           Fri 23 Jan 2026 10:30:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206777
IP address blocks:        2a07:e000:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ea:67:cf:38:94:69:af:b9:06:6a:41:94:35:16:83:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
        Validity
            Not Before: Jan 23 10:30:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15753a76260a71b448b30e0c99ebe5193a6f19bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:30:ee:e1:c1:db:8e:ba:0f:be:41:f9:f8:28:
                    88:d7:0d:78:57:1a:4e:36:4c:e1:90:a7:9c:45:cf:
                    3d:79:a6:2c:0f:dc:07:dd:b5:46:a9:d5:31:1a:a7:
                    71:33:6d:45:d6:c9:c7:9e:23:13:d8:e2:1b:e9:57:
                    1f:ae:70:00:6e:c4:19:bc:6c:66:c6:ab:62:57:d0:
                    8e:ca:8e:1f:6d:4c:ad:c4:6e:eb:a0:af:cc:80:c6:
                    33:d4:59:dc:21:03:8c:f2:c9:ad:09:1d:34:c3:21:
                    cc:f6:d6:e0:b0:34:2d:00:bb:0e:21:44:fa:5c:da:
                    79:fd:af:3e:30:89:ec:03:8f:d9:71:00:b6:0d:4a:
                    c3:7d:4e:bc:ac:76:88:f6:64:2e:80:a5:e1:33:b7:
                    d9:78:f7:2c:eb:34:8a:70:69:9f:7b:84:61:db:5a:
                    8b:45:5a:bd:4a:ec:76:2d:84:87:18:3f:3c:2f:d8:
                    26:8e:11:d5:25:d6:95:60:77:86:46:ac:95:1a:7a:
                    4f:2d:bc:b9:4b:fc:fd:ee:e0:31:bd:78:e6:42:70:
                    c7:4d:1d:93:bf:7f:9f:ac:89:0c:9c:0d:93:44:05:
                    3e:ad:17:53:4c:54:7d:a4:dd:5b:ae:ef:87:b3:86:
                    ea:72:00:98:64:36:07:d8:07:cc:55:79:8f:74:76:
                    a9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:75:3A:76:26:0A:71:B4:48:B3:0E:0C:99:EB:E5:19:3A:6F:19:BD
            X509v3 Authority Key Identifier:
                keyid:4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/FXU6diYKcbRIsw4MmevlGTpvGb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e000:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:e5:f8:ed:49:18:e4:df:00:3f:9b:f3:2a:48:ce:63:4b:bd:
         8f:ca:d2:7f:b0:51:d1:9a:a8:19:1e:ac:20:0f:fb:bf:a2:47:
         14:37:c7:9a:88:1f:63:9c:d1:fa:eb:57:44:09:36:0b:58:da:
         8e:3a:30:bc:aa:0f:7d:13:6d:e0:8e:bd:2e:b7:70:42:10:ee:
         5c:39:d8:24:eb:f8:1e:54:dc:40:65:83:88:0c:f0:13:6d:e0:
         f0:4c:73:26:b1:5e:9c:f6:50:59:6d:a8:24:49:08:ca:18:03:
         99:cd:11:71:77:0b:85:09:99:25:78:a8:81:68:c5:07:01:95:
         ff:12:c6:70:fe:43:5d:a2:7c:86:4d:c2:14:0d:cf:e5:fc:95:
         49:f5:c3:2c:ca:6c:79:b7:0d:e0:95:bf:4b:41:7a:9e:e0:12:
         92:f5:9c:06:c4:f7:2a:31:e2:76:b9:45:b8:b0:26:23:5e:58:
         90:cb:24:0f:7e:35:d7:5a:71:0f:98:77:ce:c4:6d:9f:a7:40:
         e3:1b:52:1c:ac:9f:55:10:7d:7a:78:81:4c:59:b5:87:74:85:
         bd:f1:37:e5:04:0d:f0:53:82:5d:0b:3a:e1:ec:3f:28:7b:16:
         d0:5d:64:4d:c8:da:cf:6e:c0:f1:3f:4a:3f:ee:bc:48:29:53:
         2e:7f:31:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZvqZ884lGmvuQZqQZQ1FoN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY0MjEwMmViZGQ3ZjIyNjhjMTRjMjdlM2ViYmYyNmI0
Y2FmZWIwHhcNMjYwMTIzMTAzMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc1M2E3NjI2MGE3MWI0NDhiMzBlMGM5OWViZTUxOTNhNmYxOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjDu4cHbjroPvkH5+CiI1w14VxpO
NkzhkKecRc89eaYsD9wH3bVGqdUxGqdxM21F1snHniMT2OIb6VcfrnAAbsQZvGxm
xqtiV9COyo4fbUytxG7roK/MgMYz1FncIQOM8smtCR00wyHM9tbgsDQtALsOIUT6
XNp5/a8+MInsA4/ZcQC2DUrDfU68rHaI9mQugKXhM7fZePcs6zSKcGmfe4Rh21qL
RVq9Sux2LYSHGD88L9gmjhHVJdaVYHeGRqyVGnpPLby5S/z97uAxvXjmQnDHTR2T
v3+frIkMnA2TRAU+rRdTTFR9pN1bru+Hs4bqcgCYZDYH2AfMVXmPdHapGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBV1OnYmCnG0SLMODJnr5Rk6bxm9MB8GA1UdIwQY
MBaAFE/WQhAuvdfyJowUwn4+u/JrTK/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQt
Zjk0MWNjMzlhNzFlLzEvRlhVNmRpWUtjYlJJc3c0TW1ldmxHVHB2R2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQtZjk0MWNjMzlhNzFl
LzEvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfgAAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBX5fjtSRjk3wA/m/MqSM5jS72PytJ/sFHRmqgZ
HqwgD/u/okcUN8eaiB9jnNH661dECTYLWNqOOjC8qg99E23gjr0ut3BCEO5cOdgk
6/geVNxAZYOIDPATbeDwTHMmsV6c9lBZbagkSQjKGAOZzRFxdwuFCZkleKiBaMUH
AZX/EsZw/kNdonyGTcIUDc/l/JVJ9cMsymx5tw3glb9LQXqe4BKS9ZwGxPcqMeJ2
uUW4sCYjXliQyyQPfjXXWnEPmHfOxG2fp0DjG1IcrJ9VEH16eIFMWbWHdIW98Tfl
BA3wU4JdCzrh7D8oexbQXWRNyNrPbsDxP0o/7rxIKVMufzEz
-----END CERTIFICATE-----