This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/21NeNpcW4oxHggCZ5Q0NwvEKO-w.roa
File:                     21NeNpcW4oxHggCZ5Q0NwvEKO-w.roa (raw, json)
Hash identifier:          rYQTn5VUnYSBZQyKJsZVkaMiEdwdyyMCkQ0rk19+3K8=
Subject key identifier:   DB:53:5E:36:97:16:E2:8C:47:82:00:99:E5:0D:0D:C2:F1:0A:3B:EC
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019B2CB924EDC5243E030ED5846BBA5D833B
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/21NeNpcW4oxHggCZ5Q0NwvEKO-w.roa
Signing time:             Wed 17 Dec 2025 14:31:29 +0000
ROA not before:           Wed 17 Dec 2025 14:31:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202747
IP address blocks:        2a03:5840:136::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2c:b9:24:ed:c5:24:3e:03:0e:d5:84:6b:ba:5d:83:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Dec 17 14:31:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db535e369716e28c47820099e50d0dc2f10a3bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e8:3e:29:a0:d2:3c:d1:d2:63:cf:80:2a:32:
                    81:2a:34:a1:fb:ab:c0:d9:ce:bf:ce:31:d9:68:7b:
                    be:04:55:77:1c:98:6a:89:b0:7e:4d:22:f0:c9:d4:
                    f5:81:33:90:61:7b:4a:d7:93:56:e7:3d:85:18:62:
                    26:bf:2e:18:8a:c8:14:69:db:42:9c:50:85:c9:ef:
                    85:20:29:f9:83:eb:fb:5f:11:c4:52:e0:ec:f1:7b:
                    44:25:6a:09:1f:06:41:2a:a0:f3:a6:1b:5c:e3:1a:
                    fe:c1:c2:9a:d3:85:c9:ab:47:53:1e:1e:ea:01:f4:
                    9b:65:f3:73:a5:50:0c:ba:3c:de:f5:cc:3a:eb:39:
                    80:43:ec:85:24:50:41:ab:05:f0:82:be:1f:a7:8f:
                    b8:07:87:ea:16:68:70:75:e0:32:bd:a5:21:db:9a:
                    ec:83:f5:95:cc:a2:dd:ae:8b:5a:77:f7:5b:0e:1e:
                    ad:63:4e:7b:75:78:af:1f:47:30:b9:fc:74:90:cf:
                    3b:c0:36:c5:6c:3d:e9:1c:ca:59:06:0d:61:02:98:
                    e1:6e:1d:40:44:21:47:d5:a0:49:01:86:c0:22:ec:
                    5d:6c:fe:a2:82:09:44:56:13:1c:88:af:d1:9f:dd:
                    cc:ab:96:e4:b7:30:ba:62:b4:a0:16:08:72:8a:e8:
                    d0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:53:5E:36:97:16:E2:8C:47:82:00:99:E5:0D:0D:C2:F1:0A:3B:EC
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/21NeNpcW4oxHggCZ5Q0NwvEKO-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:136::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:44:94:20:b2:9c:01:b4:5e:ff:c1:21:df:0f:10:05:ce:e4:
         3b:71:2c:9c:4e:90:37:ff:0f:d1:4f:bf:ae:d3:e4:bc:2c:b5:
         66:55:b8:22:ae:68:b8:29:5f:4a:b1:0e:bf:6b:29:7f:65:81:
         a5:1c:2d:94:a8:60:b8:df:5e:79:17:95:23:2f:b0:f0:d9:08:
         5a:4b:a7:c1:c6:9f:9a:c7:4c:e3:a9:55:a3:16:4c:c0:3d:e5:
         72:a8:ce:3b:48:dd:10:01:e1:e0:4a:79:5e:4c:3a:76:62:14:
         6f:42:57:94:4a:53:cf:c3:82:c4:1f:01:d1:eb:c6:f9:ea:c9:
         34:3f:15:ff:e9:53:41:ad:0a:91:5b:3c:bf:98:2a:e6:dd:af:
         38:5c:9e:66:b6:1c:6c:bd:1e:cc:51:94:33:bc:ef:3a:42:fb:
         20:8c:44:5e:93:f6:51:89:c6:a7:86:e9:52:ef:03:b7:1c:3e:
         a1:e0:60:34:ba:7a:24:1a:42:e9:6e:86:80:4e:6b:0e:24:cb:
         2e:85:02:5e:ab:d5:5f:79:66:92:d6:a7:02:31:0e:9a:10:95:
         62:13:83:be:fc:ac:7d:53:58:01:60:86:c5:22:cc:16:64:ca:
         a5:52:db:4d:af:ea:6b:f5:f5:4c:f5:9c:76:5f:27:28:32:6f:
         43:6b:8e:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZssuSTtxSQ+Aw7VhGu6XYM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUxMjE3MTQzMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjUzNWUzNjk3MTZlMjhjNDc4MjAwOTllNTBkMGRjMmYxMGEzYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Og+KaDSPNHSY8+AKjKBKjSh+6vA
2c6/zjHZaHu+BFV3HJhqibB+TSLwydT1gTOQYXtK15NW5z2FGGImvy4YisgUadtC
nFCFye+FICn5g+v7XxHEUuDs8XtEJWoJHwZBKqDzphtc4xr+wcKa04XJq0dTHh7q
AfSbZfNzpVAMujze9cw66zmAQ+yFJFBBqwXwgr4fp4+4B4fqFmhwdeAyvaUh25rs
g/WVzKLdrotad/dbDh6tY057dXivH0cwufx0kM87wDbFbD3pHMpZBg1hApjhbh1A
RCFH1aBJAYbAIuxdbP6igglEVhMciK/Rn93Mq5bktzC6YrSgFghyiujQ4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNtTXjaXFuKMR4IAmeUNDcLxCjvsMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvMjFOZU5wY1c0b3hIZ2dDWjVRME53dkVLTy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAE2
MA0GCSqGSIb3DQEBCwUAA4IBAQBIRJQgspwBtF7/wSHfDxAFzuQ7cSycTpA3/w/R
T7+u0+S8LLVmVbgirmi4KV9KsQ6/ayl/ZYGlHC2UqGC43155F5UjL7Dw2QhaS6fB
xp+ax0zjqVWjFkzAPeVyqM47SN0QAeHgSnleTDp2YhRvQleUSlPPw4LEHwHR68b5
6sk0PxX/6VNBrQqRWzy/mCrm3a84XJ5mthxsvR7MUZQzvO86QvsgjERek/ZRican
hulS7wO3HD6h4GA0unokGkLpboaATmsOJMsuhQJeq9VfeWaS1qcCMQ6aEJViE4O+
/Kx9U1gBYIbFIswWZMqlUttNr+pr9fVM9Zx2XycoMm9Da44q
-----END CERTIFICATE-----