This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/DEoshG7eFPeY0S4yiXHA0qmeYz4.roa
File:                     DEoshG7eFPeY0S4yiXHA0qmeYz4.roa (raw, json)
Hash identifier:          /yw5l05SyglUs5cn26JsT7BxKWTQinjgne8eANoGKSI=
Subject key identifier:   0C:4A:2C:84:6E:DE:14:F7:98:D1:2E:32:89:71:C0:D2:A9:9E:63:3E
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019B7CEDEAF440C71A38362BA8A0C27D9D98
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/DEoshG7eFPeY0S4yiXHA0qmeYz4.roa
Signing time:             Fri 02 Jan 2026 04:18:45 +0000
ROA not before:           Fri 02 Jan 2026 04:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59993
IP address blocks:        2a0d:2585::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 15:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:ea:f4:40:c7:1a:38:36:2b:a8:a0:c2:7d:9d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 04:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c4a2c846ede14f798d12e328971c0d2a99e633e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:9a:b3:71:a7:ba:35:a3:ef:86:71:93:51:
                    f1:46:0b:80:f4:13:f5:9d:c6:f1:dc:1b:60:0f:2a:
                    77:7c:c5:9b:a5:3d:1f:99:f5:09:98:ef:bb:d9:cd:
                    04:a6:42:85:b5:52:96:25:e3:9f:6e:6b:ee:61:c3:
                    26:10:ed:7e:38:fa:32:fd:73:c6:cd:fe:06:06:a8:
                    9f:0d:5f:f4:42:76:a5:5d:1b:02:36:90:3e:13:a7:
                    ff:90:d9:ed:b9:0e:6c:54:85:d8:3a:ec:4e:d9:db:
                    f6:b1:6e:8a:40:22:73:5c:33:5e:ad:71:d3:ee:fd:
                    9f:55:85:06:56:cd:83:04:32:2c:c3:51:64:82:6a:
                    64:16:6c:0e:9b:20:f6:fd:e3:0d:44:2c:c3:29:63:
                    c3:d2:f1:f0:35:7a:cf:d5:27:17:ed:97:11:16:0a:
                    3e:0a:e8:d6:4c:d5:5e:43:86:5e:20:b3:a3:bc:3f:
                    c9:09:d4:64:ac:3c:0d:3e:62:17:89:be:a8:ce:f6:
                    74:08:3d:cd:af:ff:ac:71:94:ef:14:c4:39:6e:05:
                    0e:f6:80:59:2d:75:b6:a0:cd:4b:7a:57:15:6a:61:
                    06:8c:e8:83:95:94:39:7e:df:5a:12:62:03:cd:41:
                    78:b5:a6:0b:ee:72:bb:8b:9c:cf:b6:b3:d8:5a:a9:
                    89:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4A:2C:84:6E:DE:14:F7:98:D1:2E:32:89:71:C0:D2:A9:9E:63:3E
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/DEoshG7eFPeY0S4yiXHA0qmeYz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2585::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:f6:aa:eb:70:36:7a:51:5d:c7:c7:3b:6c:b4:88:5c:59:fa:
         37:f2:1a:4b:4d:0a:12:f8:a9:f0:fe:35:cf:3e:19:8d:65:13:
         2a:2a:32:82:e9:23:42:10:3d:d9:eb:aa:ad:97:9c:1c:de:19:
         73:1c:9e:ce:dc:3f:f0:4d:06:b3:9a:f3:6a:b7:a8:79:ac:1f:
         5e:95:4c:d5:e1:a4:d6:d2:80:65:0f:1b:7c:de:89:0d:5f:f3:
         c4:b6:ec:45:d4:87:cd:a0:e5:44:6f:bb:40:74:49:bf:2e:14:
         6a:4f:0e:09:1a:2f:e8:77:1b:ab:ee:cc:e9:a3:35:48:42:7b:
         97:6b:68:d2:46:9a:4c:5d:9d:33:4e:ef:e0:72:b2:47:ca:18:
         d4:40:14:16:75:6e:69:bd:31:25:bc:a9:12:18:6f:04:5d:7b:
         89:16:71:a9:b5:03:a3:14:60:de:ca:8a:c0:aa:fa:97:b6:84:
         2e:b0:04:1f:c7:25:34:98:e8:ca:96:05:16:18:47:c2:73:aa:
         19:2c:74:39:73:6d:8b:32:24:2f:8d:ac:b4:df:02:06:cb:2e:
         a7:e6:ac:80:dc:34:7b:eb:82:87:41:be:63:4f:3c:fa:c9:3d:
         f7:e5:b9:1e:ce:01:94:0d:59:08:b3:ae:e9:bf:98:29:ce:7c:
         e1:16:f2:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt87er0QMcaODYrqKDCfZ2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjYwMTAyMDQxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRhMmM4NDZlZGUxNGY3OThkMTJlMzI4OTcxYzBkMmE5OWU2MzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7mas3GnujWj74Zxk1HxRguA9BP1
ncbx3BtgDyp3fMWbpT0fmfUJmO+72c0EpkKFtVKWJeOfbmvuYcMmEO1+OPoy/XPG
zf4GBqifDV/0QnalXRsCNpA+E6f/kNntuQ5sVIXYOuxO2dv2sW6KQCJzXDNerXHT
7v2fVYUGVs2DBDIsw1FkgmpkFmwOmyD2/eMNRCzDKWPD0vHwNXrP1ScX7ZcRFgo+
CujWTNVeQ4ZeILOjvD/JCdRkrDwNPmIXib6ozvZ0CD3Nr/+scZTvFMQ5bgUO9oBZ
LXW2oM1LelcVamEGjOiDlZQ5ft9aEmIDzUF4taYL7nK7i5zPtrPYWqmJnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAxKLIRu3hT3mNEuMolxwNKpnmM+MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvREVvc2hHN2VGUGVZMFM0eWlYSEEwcW1lWXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0lhTAN
BgkqhkiG9w0BAQsFAAOCAQEACPaq63A2elFdx8c7bLSIXFn6N/IaS00KEvip8P41
zz4ZjWUTKioygukjQhA92euqrZecHN4Zcxyeztw/8E0Gs5rzareoeawfXpVM1eGk
1tKAZQ8bfN6JDV/zxLbsRdSHzaDlRG+7QHRJvy4Uak8OCRov6Hcbq+7M6aM1SEJ7
l2to0kaaTF2dM07v4HKyR8oY1EAUFnVuab0xJbypEhhvBF17iRZxqbUDoxRg3sqK
wKr6l7aELrAEH8clNJjoypYFFhhHwnOqGSx0OXNtizIkL42stN8CBssup+asgNw0
e+uCh0G+Y088+sk99+W5Hs4BlA1ZCLOu6b+YKc584Rby6w==
-----END CERTIFICATE-----