This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/cuzZQDYRmdoOYAwAqrA09B4nCAY.roa
File:                     cuzZQDYRmdoOYAwAqrA09B4nCAY.roa (raw, json)
Hash identifier:          1hhTZq7Tio3QN3NZHMlqIBNsnPCPxg5AP94bS0dr2eU=
Subject key identifier:   72:EC:D9:40:36:11:99:DA:0E:60:0C:00:AA:B0:34:F4:1E:27:08:06
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       019B7B3669D87A666A71F0E6D8E712BD02B3
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/cuzZQDYRmdoOYAwAqrA09B4nCAY.roa
Signing time:             Thu 01 Jan 2026 20:18:42 +0000
ROA not before:           Thu 01 Jan 2026 20:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a00:8860::/29 maxlen: 29
                          2a00:8861::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 08:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:69:d8:7a:66:6a:71:f0:e6:d8:e7:12:bd:02:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 20:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72ecd940361199da0e600c00aab034f41e270806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ca:93:bf:2b:38:6d:ae:c3:93:30:c0:94:85:
                    50:e6:e4:34:7e:3e:7b:c7:46:3f:83:b4:94:d1:b6:
                    72:a3:28:ea:70:5e:a8:41:fc:03:98:d0:ac:52:5f:
                    55:35:67:28:fe:fb:c0:16:e5:17:a5:30:be:9a:f6:
                    32:f6:ee:36:a4:26:ef:49:05:3f:57:f7:c2:7b:40:
                    4c:d6:09:af:08:37:da:49:52:ce:25:ad:eb:7b:10:
                    05:6d:e9:76:4f:ae:05:82:06:99:9f:9d:11:4e:1d:
                    61:d6:9e:83:73:f0:10:77:6f:84:4f:04:99:90:94:
                    6a:28:0c:0f:b2:6c:bd:ec:b3:a6:82:d6:44:d2:04:
                    20:95:08:ca:e1:50:c2:bd:39:4e:06:7b:48:85:c2:
                    85:6d:59:cb:2a:7b:92:87:4c:bc:e2:f4:b5:fe:9a:
                    53:34:1a:0a:7b:1e:b7:cd:d2:f9:b9:ee:5a:ca:97:
                    4c:a8:9b:07:62:20:4e:38:af:2c:11:2a:b9:78:a1:
                    60:67:32:f6:55:e4:bf:0b:e9:39:5f:e8:f7:08:bb:
                    5c:43:f3:a9:c4:1f:eb:09:8e:13:c3:0f:43:44:7e:
                    c5:79:b8:19:6c:6f:67:f6:15:f2:44:c7:90:ce:1a:
                    45:d9:e0:90:5c:4b:d0:b9:77:2c:4b:8f:da:04:34:
                    58:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:EC:D9:40:36:11:99:DA:0E:60:0C:00:AA:B0:34:F4:1E:27:08:06
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/cuzZQDYRmdoOYAwAqrA09B4nCAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:6b:28:db:fa:46:3f:7c:29:cb:14:c1:04:2a:35:ea:32:2b:
         1d:19:c0:1d:8a:d9:de:67:de:6b:83:f1:b1:b8:29:a4:88:13:
         69:13:79:d9:39:13:5e:83:76:f3:5d:ef:0d:4a:2f:0d:e8:b8:
         dd:c2:d6:52:94:c6:e5:52:da:81:1f:34:ca:41:85:17:c2:ee:
         2d:19:33:7c:d6:d6:3d:ba:ed:0c:30:ae:c2:19:ca:63:12:9e:
         ed:2b:a8:bc:55:20:17:e1:b9:76:26:45:03:42:90:69:da:e0:
         4e:be:7c:b2:db:6d:d2:f0:83:e2:62:b1:5f:ba:89:92:b4:fb:
         88:81:1e:4a:9f:04:6d:b5:9d:7a:d5:ca:86:32:12:05:be:8e:
         90:9c:7a:84:86:15:52:d7:2b:e3:ab:fe:ad:76:86:55:fc:bd:
         7b:19:06:d4:dd:c2:fb:13:31:91:6f:ce:5c:03:76:aa:a2:02:
         c0:59:9e:18:1e:d7:29:c1:eb:ae:be:92:0e:5d:1a:f1:0d:fb:
         bb:d6:5a:60:26:67:2a:e8:c7:78:88:5a:f0:27:d8:0d:ea:a6:
         78:f2:9a:ad:ef:36:25:28:a9:19:89:ec:42:36:b2:f3:ad:37:
         d1:41:48:bb:ab:33:3b:09:55:19:1e:f8:24:a9:82:e2:01:02:
         28:e9:27:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7NmnYemZqcfDm2OcSvQKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjYwMTAxMjAxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmVjZDk0MDM2MTE5OWRhMGU2MDBjMDBhYWIwMzRmNDFlMjcwODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMqTvys4ba7DkzDAlIVQ5uQ0fj57
x0Y/g7SU0bZyoyjqcF6oQfwDmNCsUl9VNWco/vvAFuUXpTC+mvYy9u42pCbvSQU/
V/fCe0BM1gmvCDfaSVLOJa3rexAFbel2T64FggaZn50RTh1h1p6Dc/AQd2+ETwSZ
kJRqKAwPsmy97LOmgtZE0gQglQjK4VDCvTlOBntIhcKFbVnLKnuSh0y84vS1/ppT
NBoKex63zdL5ue5aypdMqJsHYiBOOK8sESq5eKFgZzL2VeS/C+k5X+j3CLtcQ/Op
xB/rCY4Tww9DRH7FebgZbG9n9hXyRMeQzhpF2eCQXEvQuXcsS4/aBDRYIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHLs2UA2EZnaDmAMAKqwNPQeJwgGMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvY3V6WlFEWVJtZG9PWUF3QXFyQTA5QjRuQ0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgCIYDAN
BgkqhkiG9w0BAQsFAAOCAQEAUWso2/pGP3wpyxTBBCo16jIrHRnAHYrZ3mfea4Px
sbgppIgTaRN52TkTXoN2813vDUovDei43cLWUpTG5VLagR80ykGFF8LuLRkzfNbW
PbrtDDCuwhnKYxKe7SuovFUgF+G5diZFA0KQadrgTr58sttt0vCD4mKxX7qJkrT7
iIEeSp8EbbWdetXKhjISBb6OkJx6hIYVUtcr46v+rXaGVfy9exkG1N3C+xMxkW/O
XAN2qqICwFmeGB7XKcHrrr6SDl0a8Q37u9ZaYCZnKujHeIha8CfYDeqmePKare82
JSipGYnsQjay86030UFIu6szOwlVGR74JKmC4gECKOknIw==
-----END CERTIFICATE-----