This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/jG9EgXRBLGvOBo4GIXCZVUuSt2A.roa
File:                     jG9EgXRBLGvOBo4GIXCZVUuSt2A.roa (raw, json)
Hash identifier:          ulV9PXQSp7gV/2hgy8hXiIjeElHgC51tTqI2j2NsiPw=
Subject key identifier:   8C:6F:44:81:74:41:2C:6B:CE:06:8E:06:21:70:99:55:4B:92:B7:60
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       019B7AC83CF46BD9B7F2CC69AFC896A00DAE
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/jG9EgXRBLGvOBo4GIXCZVUuSt2A.roa
Signing time:             Thu 01 Jan 2026 18:18:21 +0000
ROA not before:           Thu 01 Jan 2026 18:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:144::/35 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:3c:f4:6b:d9:b7:f2:cc:69:af:c8:96:a0:0d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Jan  1 18:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c6f448174412c6bce068e06217099554b92b760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:74:44:e0:9d:6e:f3:82:c3:8d:77:92:cd:0c:
                    41:22:ce:3b:3f:2c:86:fb:85:63:c8:79:b2:58:db:
                    f0:69:0a:06:0a:af:b2:e0:f1:08:6a:76:60:35:30:
                    6c:9e:51:fc:8d:f1:9b:64:be:19:d1:86:c0:64:1c:
                    b9:a3:e1:81:40:e7:5e:c6:72:e7:a9:d4:cf:25:02:
                    68:fd:e8:a9:dd:a7:5c:d9:ff:ca:d2:83:e3:93:ed:
                    96:1b:50:81:7d:15:ab:0b:12:a2:33:93:9c:64:7b:
                    4a:73:b3:0c:ab:8c:e9:63:72:43:43:ff:13:a5:38:
                    fd:2c:b6:31:04:fc:0e:eb:d7:44:0a:60:5f:e0:f4:
                    98:02:47:99:db:c7:ce:91:be:b1:75:2e:b8:10:fa:
                    d5:57:59:b4:35:5d:f6:03:aa:3f:01:a8:f9:4b:f2:
                    bc:62:9f:1d:69:20:49:ed:72:d6:4c:36:6f:a9:d0:
                    dc:b4:e9:34:a4:ac:d3:08:1f:df:56:9b:17:e2:f6:
                    54:98:b6:a4:e1:95:8f:62:9c:d4:ef:39:87:63:96:
                    c5:db:6b:94:28:7c:99:6c:d6:1d:b7:e3:8c:18:96:
                    b3:48:a5:84:e4:f8:74:56:fd:b7:85:ee:5c:49:72:
                    b1:c3:0c:3b:a0:80:ac:5b:79:6d:d4:16:6d:12:de:
                    10:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:6F:44:81:74:41:2C:6B:CE:06:8E:06:21:70:99:55:4B:92:B7:60
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/jG9EgXRBLGvOBo4GIXCZVUuSt2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:144::/35

    Signature Algorithm: sha256WithRSAEncryption
         81:af:e6:2d:87:74:7c:f8:41:22:e6:82:78:44:e1:32:be:d8:
         00:83:3c:e2:d1:76:08:ca:b5:13:5c:cb:a1:ca:ad:d6:5a:d6:
         ee:e8:6e:b1:18:0e:98:ed:e0:e6:52:00:c6:e0:b0:21:c1:e5:
         7f:0c:78:d4:9f:f6:f0:ea:1e:87:fd:4c:80:e9:4c:33:a3:0c:
         85:e8:69:d3:08:4f:d2:29:09:c8:47:3d:66:9e:22:8e:1a:02:
         f4:f4:5e:d5:1c:2c:d3:37:35:10:cc:a8:e6:e8:2f:bf:29:ad:
         4b:c5:bc:a9:38:86:97:84:cf:0f:a9:38:62:de:4b:f8:f9:c7:
         d3:f1:1f:79:02:16:53:3a:4e:30:5e:21:f9:33:51:fa:a7:b0:
         72:cf:e9:f5:1e:07:71:a0:ad:85:c6:c0:8f:14:2c:70:00:ab:
         be:a3:a2:36:4c:2c:31:4b:c2:26:a2:e1:cf:39:20:5f:6e:67:
         5d:ce:66:2b:98:7e:26:7d:9b:41:53:be:ad:74:96:f6:c7:33:
         98:97:10:8c:c8:4a:5c:4b:85:a1:4c:70:f5:cd:35:c6:89:a1:
         e9:0f:f6:74:32:78:c0:72:bf:fd:c1:e3:72:22:81:9f:7b:03:
         a6:a5:c1:46:b1:98:49:b0:61:0d:da:28:2a:b3:ff:37:87:a4:
         2a:6d:99:71
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt6yDz0a9m38sxpr8iWoA2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjYwMTAxMTgxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzZmNDQ4MTc0NDEyYzZiY2UwNjhlMDYyMTcwOTk1NTRiOTJiNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnRE4J1u84LDjXeSzQxBIs47PyyG
+4VjyHmyWNvwaQoGCq+y4PEIanZgNTBsnlH8jfGbZL4Z0YbAZBy5o+GBQOdexnLn
qdTPJQJo/eip3adc2f/K0oPjk+2WG1CBfRWrCxKiM5OcZHtKc7MMq4zpY3JDQ/8T
pTj9LLYxBPwO69dECmBf4PSYAkeZ28fOkb6xdS64EPrVV1m0NV32A6o/Aaj5S/K8
Yp8daSBJ7XLWTDZvqdDctOk0pKzTCB/fVpsX4vZUmLak4ZWPYpzU7zmHY5bF22uU
KHyZbNYdt+OMGJazSKWE5Ph0Vv23he5cSXKxwww7oICsW3lt1BZtEt4QuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIxvRIF0QSxrzgaOBiFwmVVLkrdgMB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvakc5RWdYUkJMR3ZPQm80R0lYQ1pWVXVTdDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgoBRAAw
DQYJKoZIhvcNAQELBQADggEBAIGv5i2HdHz4QSLmgnhE4TK+2ACDPOLRdgjKtRNc
y6HKrdZa1u7obrEYDpjt4OZSAMbgsCHB5X8MeNSf9vDqHof9TIDpTDOjDIXoadMI
T9IpCchHPWaeIo4aAvT0XtUcLNM3NRDMqOboL78prUvFvKk4hpeEzw+pOGLeS/j5
x9PxH3kCFlM6TjBeIfkzUfqnsHLP6fUeB3GgrYXGwI8ULHAAq76jojZMLDFLwiai
4c85IF9uZ13OZiuYfiZ9m0FTvq10lvbHM5iXEIzISlxLhaFMcPXNNcaJoekP9nQy
eMByv/3B43IigZ97A6alwUaxmEmwYQ3aKCqz/zeHpCptmXE=
-----END CERTIFICATE-----