This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/0r_UE69prseODZzygBvCxia-3X0.roa
File:                     0r_UE69prseODZzygBvCxia-3X0.roa (raw, json)
Hash identifier:          gkr4fLf/h/n+t25YUpdj0dN1J2aUCJ0sU9K4sKPOSZA=
Subject key identifier:   D2:BF:D4:13:AF:69:AE:C7:8E:0D:9C:F2:80:1B:C2:C6:26:BE:DD:7D
Certificate issuer:       /CN=ac89af60986e6d958322fb026c6b65aeec949a0d
Certificate serial:       019B7B3666EA946759FEB35F17455F45BE7E
Authority key identifier: AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/0r_UE69prseODZzygBvCxia-3X0.roa
Signing time:             Thu 01 Jan 2026 20:18:41 +0000
ROA not before:           Thu 01 Jan 2026 20:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5068
IP address blocks:        2a13:ce40:6660::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:66:ea:94:67:59:fe:b3:5f:17:45:5f:45:be:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac89af60986e6d958322fb026c6b65aeec949a0d
        Validity
            Not Before: Jan  1 20:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2bfd413af69aec78e0d9cf2801bc2c626bedd7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cc:b9:b9:4a:c4:db:d5:45:d4:9b:28:92:1b:
                    10:c0:22:d1:0b:e5:44:96:18:34:95:f2:c7:14:2f:
                    2d:77:63:b9:e9:e0:99:1a:2e:9a:6d:47:92:2b:17:
                    ba:15:97:29:a6:c7:fa:ac:c0:68:db:10:61:d6:e3:
                    51:8b:27:02:21:72:f5:b0:f0:2c:96:be:3e:50:bc:
                    43:6a:d4:a6:7a:83:06:63:6d:e6:c4:98:39:78:c0:
                    9e:05:43:4e:7f:bd:c7:e1:22:9d:e3:a4:bd:07:46:
                    42:f9:e4:45:df:00:28:22:79:62:3a:7d:df:94:4e:
                    a0:ee:fb:b1:98:c8:5a:08:1d:a8:16:0f:34:33:de:
                    83:61:de:e0:12:12:43:27:63:6f:70:6b:61:cb:a2:
                    78:0a:95:87:28:0f:a1:e3:83:d8:3a:72:0c:27:54:
                    c5:d4:88:c5:85:51:e7:5b:5a:94:92:79:f0:70:80:
                    5e:ac:87:b7:83:2f:46:46:f7:f2:30:d2:ae:d0:ca:
                    65:9c:5d:39:84:1c:9f:51:40:66:e9:72:19:aa:4e:
                    7d:7f:e9:3a:80:be:58:cc:37:36:e4:f5:e7:ed:9f:
                    1c:4f:65:05:0d:f0:fa:82:a1:68:2b:95:9e:5a:bb:
                    4f:d9:b8:e5:7f:5e:a2:bb:e3:12:ae:72:78:a2:f9:
                    c4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BF:D4:13:AF:69:AE:C7:8E:0D:9C:F2:80:1B:C2:C6:26:BE:DD:7D
            X509v3 Authority Key Identifier:
                keyid:AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/0r_UE69prseODZzygBvCxia-3X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ce40:6660::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:07:ea:8d:52:c7:9d:9b:95:98:ab:24:14:87:f0:03:14:10:
         9b:2c:b8:cc:ad:2a:34:72:e3:19:c5:69:bb:9a:56:06:a0:1b:
         de:52:c1:48:89:68:3c:be:2c:e5:03:f5:86:73:ed:66:c6:0d:
         da:87:6d:59:d4:33:29:2f:02:66:55:86:08:28:91:bf:0b:b5:
         ad:c4:dc:05:93:f3:91:e9:8a:b4:f8:cf:7e:98:9d:29:7a:4c:
         64:81:ee:cb:13:44:b9:1d:92:2b:ce:04:94:53:7a:f1:04:20:
         ae:4d:03:36:7d:1a:56:14:23:77:5c:22:b9:cb:cf:24:50:a0:
         a6:98:56:34:57:a6:65:98:44:a4:8f:a8:10:bf:95:5c:a3:8d:
         4d:bb:12:53:e0:f1:33:93:c0:0d:0a:02:b2:01:eb:3a:c9:a3:
         0c:c7:05:00:b6:f9:57:18:eb:a3:79:ab:de:13:1d:0a:39:ad:
         7c:78:1c:58:4c:b6:e8:53:0f:54:51:7e:31:cf:c3:75:bd:72:
         06:47:24:e9:a0:02:40:af:07:b4:82:65:6b:8f:a5:62:8c:6a:
         c3:1e:9c:8c:f5:9c:bc:06:2a:f5:f1:97:ce:c7:93:70:59:c4:
         ca:9b:5a:e1:bd:04:31:93:9e:39:5c:c1:03:c4:8f:bb:ca:e0:
         f7:2e:21:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NmbqlGdZ/rNfF0VfRb5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODlhZjYwOTg2ZTZkOTU4MzIyZmIwMjZjNmI2NWFlZWM5
NDlhMGQwHhcNMjYwMTAxMjAxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmJmZDQxM2FmNjlhZWM3OGUwZDljZjI4MDFiYzJjNjI2YmVkZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcy5uUrE29VF1JsokhsQwCLRC+VE
lhg0lfLHFC8td2O56eCZGi6abUeSKxe6FZcppsf6rMBo2xBh1uNRiycCIXL1sPAs
lr4+ULxDatSmeoMGY23mxJg5eMCeBUNOf73H4SKd46S9B0ZC+eRF3wAoInliOn3f
lE6g7vuxmMhaCB2oFg80M96DYd7gEhJDJ2NvcGthy6J4CpWHKA+h44PYOnIMJ1TF
1IjFhVHnW1qUknnwcIBerIe3gy9GRvfyMNKu0MplnF05hByfUUBm6XIZqk59f+k6
gL5YzDc25PXn7Z8cT2UFDfD6gqFoK5WeWrtP2bjlf16iu+MSrnJ4ovnEqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNK/1BOvaa7Hjg2c8oAbwsYmvt19MB8GA1UdIwQY
MBaAFKyJr2CYbm2VgyL7AmxrZa7slJoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTIt
OWM4YmJhNjY0ZmYwLzEvMHJfVUU2OXByc2VPRFp6eWdCdkN4aWEtM1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTItOWM4YmJhNjY0ZmYw
LzEvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPOQGZg
MA0GCSqGSIb3DQEBCwUAA4IBAQAKB+qNUsedm5WYqyQUh/ADFBCbLLjMrSo0cuMZ
xWm7mlYGoBveUsFIiWg8vizlA/WGc+1mxg3ah21Z1DMpLwJmVYYIKJG/C7WtxNwF
k/OR6Yq0+M9+mJ0pekxkge7LE0S5HZIrzgSUU3rxBCCuTQM2fRpWFCN3XCK5y88k
UKCmmFY0V6ZlmESkj6gQv5Vco41NuxJT4PEzk8ANCgKyAes6yaMMxwUAtvlXGOuj
eaveEx0KOa18eBxYTLboUw9UUX4xz8N1vXIGRyTpoAJArwe0gmVrj6VijGrDHpyM
9Zy8Bir18ZfOx5NwWcTKm1rhvQQxk545XMEDxI+7yuD3LiG7
-----END CERTIFICATE-----