This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HQDeKJFGro8z_g4xaZDZNIglTGg.roa
File:                     HQDeKJFGro8z_g4xaZDZNIglTGg.roa (raw, json)
Hash identifier:          wo6239QcfZnEG5v1PjaphXI9T3iiF9eXRdQuQJimYJA=
Subject key identifier:   1D:00:DE:28:91:46:AE:8F:33:FE:0E:31:69:90:D9:34:88:25:4C:68
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019B797EB580EB25A490EF15D933E9CE7A41
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HQDeKJFGro8z_g4xaZDZNIglTGg.roa
Signing time:             Thu 01 Jan 2026 12:18:25 +0000
ROA not before:           Thu 01 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211162
IP address blocks:        2a0e:aa07:e01f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b5:80:eb:25:a4:90:ef:15:d9:33:e9:ce:7a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d00de289146ae8f33fe0e316990d93488254c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:98:a8:32:ba:82:67:ea:9c:21:84:8a:f9:fe:
                    12:56:83:48:66:4d:91:67:d6:ac:8a:94:02:7d:14:
                    fb:7c:24:65:97:8a:7f:1e:c1:35:7c:72:fb:dc:a9:
                    ad:f6:1e:ec:9d:e1:15:30:d2:31:ff:88:ca:62:9c:
                    da:d4:cc:e4:48:9f:20:e8:59:67:4a:fe:9b:72:ea:
                    8c:36:e6:66:1e:3b:6e:4f:df:bd:7a:10:9b:54:69:
                    08:f9:dc:9a:85:b0:a4:a3:0e:da:0d:45:b1:66:9e:
                    6c:28:73:1b:c7:12:76:a8:ea:9c:f7:d0:d6:25:dd:
                    7f:9a:a0:fa:d3:d0:c7:da:bc:3a:b3:90:ba:15:71:
                    60:db:33:10:b2:21:43:f9:c3:9d:04:4d:f1:ca:ed:
                    ab:2d:d4:46:37:66:48:42:99:e8:69:33:16:6e:d8:
                    77:33:5a:b9:67:58:a4:87:f1:fa:04:d9:ca:be:ba:
                    93:84:79:47:69:3a:06:30:1f:0d:14:bf:9b:25:98:
                    8f:31:d1:19:0c:ea:b8:95:18:73:f1:1a:6a:2d:66:
                    21:9b:83:36:a6:56:4f:8f:c2:d6:e4:d5:cc:ba:f2:
                    7a:9e:84:46:1e:8f:0b:8d:ba:92:5f:a7:0a:f4:17:
                    5b:00:98:9c:32:78:ff:80:de:1d:cd:ef:06:dd:8c:
                    c0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:00:DE:28:91:46:AE:8F:33:FE:0E:31:69:90:D9:34:88:25:4C:68
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HQDeKJFGro8z_g4xaZDZNIglTGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e01f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:28:69:b0:da:9c:a0:60:2e:4a:42:68:86:95:2b:52:04:47:
         77:40:b2:06:00:3e:0e:eb:eb:28:04:75:6b:30:ef:15:2b:05:
         b7:f6:f6:2a:0e:5e:56:0f:9c:32:d9:63:68:98:db:80:db:35:
         a9:80:06:9a:1a:80:e6:54:21:5a:42:54:13:c5:00:2d:e0:bf:
         cd:2b:7b:b3:cb:81:b3:da:a2:da:9f:85:2c:fe:0f:6a:1b:b5:
         20:63:20:88:07:e4:a0:02:69:ed:89:8b:41:e0:ba:4d:b7:0a:
         90:d3:18:37:2e:b3:53:67:dc:b8:b2:9a:42:1e:69:e3:55:d1:
         3a:11:f3:23:6f:ba:59:f8:07:01:cf:b9:ad:91:56:0d:96:29:
         61:b6:2b:b2:12:a3:7e:3a:c4:72:94:2b:13:b1:af:91:20:95:
         98:97:34:26:a6:16:ed:ef:45:3e:8b:0e:3e:1a:be:15:7d:bc:
         bf:6c:e4:83:5f:2f:37:65:0d:f0:ef:ae:c4:80:54:bc:f2:60:
         fb:9e:01:20:c4:2f:e3:fa:68:1c:8e:ba:9b:2e:dc:5a:c7:c5:
         3a:3c:e6:ec:2b:9f:63:1e:23:3f:07:06:27:23:3e:f1:f1:79:
         08:6e:df:98:6d:15:c4:5a:78:f9:0c:09:aa:63:0d:8e:30:0f:
         77:bb:db:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5frWA6yWkkO8V2TPpznpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjYwMTAxMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAwZGUyODkxNDZhZThmMzNmZTBlMzE2OTkwZDkzNDg4MjU0YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5ioMrqCZ+qcIYSK+f4SVoNIZk2R
Z9asipQCfRT7fCRll4p/HsE1fHL73Kmt9h7sneEVMNIx/4jKYpza1MzkSJ8g6Fln
Sv6bcuqMNuZmHjtuT9+9ehCbVGkI+dyahbCkow7aDUWxZp5sKHMbxxJ2qOqc99DW
Jd1/mqD609DH2rw6s5C6FXFg2zMQsiFD+cOdBE3xyu2rLdRGN2ZIQpnoaTMWbth3
M1q5Z1ikh/H6BNnKvrqThHlHaToGMB8NFL+bJZiPMdEZDOq4lRhz8RpqLWYhm4M2
plZPj8LW5NXMuvJ6noRGHo8LjbqSX6cK9BdbAJicMnj/gN4dze8G3YzAYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0A3iiRRq6PM/4OMWmQ2TSIJUxoMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvSFFEZUtKRkdybzh6X2c0eGFaRFpOSWdsVEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Af
MA0GCSqGSIb3DQEBCwUAA4IBAQANKGmw2pygYC5KQmiGlStSBEd3QLIGAD4O6+so
BHVrMO8VKwW39vYqDl5WD5wy2WNomNuA2zWpgAaaGoDmVCFaQlQTxQAt4L/NK3uz
y4Gz2qLan4Us/g9qG7UgYyCIB+SgAmntiYtB4LpNtwqQ0xg3LrNTZ9y4sppCHmnj
VdE6EfMjb7pZ+AcBz7mtkVYNlilhtiuyEqN+OsRylCsTsa+RIJWYlzQmphbt70U+
iw4+Gr4Vfby/bOSDXy83ZQ3w767EgFS88mD7ngEgxC/j+mgcjrqbLtxax8U6PObs
K59jHiM/BwYnIz7x8XkIbt+YbRXEWnj5DAmqYw2OMA93u9tk
-----END CERTIFICATE-----