This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/u385ri2O2FA0gs-a8Bv1qP66Iag.roa
File:                     u385ri2O2FA0gs-a8Bv1qP66Iag.roa (raw, json)
Hash identifier:          irHgjUHRkkYaiRFdrgPZK/IkaqPzLXY5DRUnkCoUmLY=
Subject key identifier:   BB:7F:39:AE:2D:8E:D8:50:34:82:CF:9A:F0:1B:F5:A8:FE:BA:21:A8
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019B7CEDE8CAD06243EA92DCFD05DFBC90E5
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/u385ri2O2FA0gs-a8Bv1qP66Iag.roa
Signing time:             Fri 02 Jan 2026 04:18:44 +0000
ROA not before:           Fri 02 Jan 2026 04:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32167
IP address blocks:        2a0d:2683::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:e8:ca:d0:62:43:ea:92:dc:fd:05:df:bc:90:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 04:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb7f39ae2d8ed8503482cf9af01bf5a8feba21a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:93:88:fd:93:c6:0c:f2:de:2d:a2:1e:47:aa:
                    3e:5d:11:62:f1:8e:1e:ef:57:df:d9:a0:30:59:f1:
                    f1:78:99:ee:94:72:51:d2:a5:1d:30:83:3f:1d:59:
                    b6:e3:71:c0:c5:c1:e8:20:a9:89:63:20:0b:f9:ec:
                    bc:0a:2d:f6:e5:84:49:00:3e:8b:95:5d:ee:d2:4c:
                    2d:1b:54:b4:37:b5:ba:ad:b1:42:e6:e9:7a:07:5c:
                    fc:d8:76:35:e3:d1:65:e1:e4:32:5c:4b:c0:4a:ed:
                    c5:cf:07:7e:7e:25:c4:6c:9a:d7:c1:2e:9e:1a:e5:
                    bc:7a:df:b0:f7:7a:8c:2f:9b:6f:7d:47:bd:aa:db:
                    3b:c6:d2:58:2b:8a:29:e8:bc:19:55:b8:22:1d:b7:
                    db:d4:74:1e:19:da:8a:6d:7a:d3:1c:23:d2:96:8f:
                    0c:6b:7b:2b:ed:64:3f:c3:7b:d0:10:6c:7e:7e:c9:
                    97:e2:c4:a3:64:6d:4b:70:72:50:5f:5c:27:8d:f0:
                    b1:c4:c9:60:6f:17:af:0a:b0:99:2b:4c:78:ee:43:
                    bd:bf:4f:d2:d2:39:43:7e:19:e1:49:1c:87:cd:b6:
                    bb:a2:37:bf:09:fb:86:bb:0b:3e:2f:91:4f:1f:6f:
                    3e:65:da:cd:12:cc:70:2b:30:21:73:dc:c9:96:25:
                    40:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:7F:39:AE:2D:8E:D8:50:34:82:CF:9A:F0:1B:F5:A8:FE:BA:21:A8
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/u385ri2O2FA0gs-a8Bv1qP66Iag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2683::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:6c:16:eb:9d:ed:64:cf:0f:b2:b9:ca:6c:1a:43:54:0e:7b:
         d7:ae:74:ca:d6:21:2a:d3:9e:a7:9b:23:b5:b3:52:2f:36:0b:
         94:b3:cf:bb:8a:f8:43:3f:e5:44:29:31:a6:09:d6:3d:31:a4:
         d2:1a:00:e9:7e:69:27:a3:6f:1d:87:c9:b6:4e:47:f8:fc:83:
         79:d5:f4:c9:c0:99:46:00:c1:a7:eb:4c:98:c8:d9:01:4c:58:
         dd:20:1d:50:9e:75:0f:96:4d:8c:bd:28:0d:6f:85:a6:b7:1d:
         8a:81:2d:84:d9:d9:da:99:62:fa:4e:6d:90:41:60:d3:42:d3:
         a2:e6:95:40:f7:be:cb:76:89:42:63:00:ba:31:71:ed:af:c6:
         a7:02:66:4c:fc:fc:17:46:e3:c1:7c:bb:8b:b7:de:fa:84:09:
         5f:73:5c:71:e9:4d:e5:1c:c5:33:99:63:18:d0:0a:84:d4:e1:
         67:9b:01:91:64:03:d7:e0:8f:1a:d3:d0:57:ed:07:32:52:e1:
         ff:33:a5:b4:3d:78:5e:7c:6e:69:a5:03:d4:e3:6c:a7:8a:39:
         5a:61:a8:d9:24:7b:3d:2f:2e:52:14:1b:9a:fd:39:fb:1d:56:
         c0:bb:2e:d4:53:9a:b2:e1:12:c7:64:cb:28:54:7e:30:6a:62:
         57:1b:67:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt87ejK0GJD6pLc/QXfvJDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjYwMTAyMDQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjdmMzlhZTJkOGVkODUwMzQ4MmNmOWFmMDFiZjVhOGZlYmEyMWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pOI/ZPGDPLeLaIeR6o+XRFi8Y4e
71ff2aAwWfHxeJnulHJR0qUdMIM/HVm243HAxcHoIKmJYyAL+ey8Ci325YRJAD6L
lV3u0kwtG1S0N7W6rbFC5ul6B1z82HY149Fl4eQyXEvASu3Fzwd+fiXEbJrXwS6e
GuW8et+w93qML5tvfUe9qts7xtJYK4op6LwZVbgiHbfb1HQeGdqKbXrTHCPSlo8M
a3sr7WQ/w3vQEGx+fsmX4sSjZG1LcHJQX1wnjfCxxMlgbxevCrCZK0x47kO9v0/S
0jlDfhnhSRyHzba7oje/CfuGuws+L5FPH28+ZdrNEsxwKzAhc9zJliVAAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLt/Oa4tjthQNILPmvAb9aj+uiGoMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvdTM4NXJpMk8yRkEwZ3MtYThCdjFxUDY2SWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0mgzAN
BgkqhkiG9w0BAQsFAAOCAQEATGwW653tZM8PsrnKbBpDVA571650ytYhKtOep5sj
tbNSLzYLlLPPu4r4Qz/lRCkxpgnWPTGk0hoA6X5pJ6NvHYfJtk5H+PyDedX0ycCZ
RgDBp+tMmMjZAUxY3SAdUJ51D5ZNjL0oDW+FprcdioEthNnZ2pli+k5tkEFg00LT
ouaVQPe+y3aJQmMAujFx7a/GpwJmTPz8F0bjwXy7i7fe+oQJX3NccelN5RzFM5lj
GNAKhNThZ5sBkWQD1+CPGtPQV+0HMlLh/zOltD14XnxuaaUD1ONsp4o5WmGo2SR7
PS8uUhQbmv05+x1WwLsu1FOasuESx2TLKFR+MGpiVxtnrw==
-----END CERTIFICATE-----