This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/mrFztnv8Kfb7yJhZvxUSHMp__q8.roa
File:                     mrFztnv8Kfb7yJhZvxUSHMp__q8.roa (raw, json)
Hash identifier:          QVL/wxxs5Db8S0AcSXC68a3V1OrVioU5o6PR478XfGo=
Subject key identifier:   9A:B1:73:B6:7B:FC:29:F6:FB:C8:98:59:BF:15:12:1C:CA:7F:FE:AF
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019C114FD506A71BBCBA123DEEF0BE0833DE
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/mrFztnv8Kfb7yJhZvxUSHMp__q8.roa
Signing time:             Fri 30 Jan 2026 23:49:30 +0000
ROA not before:           Fri 30 Jan 2026 23:49:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56802
IP address blocks:        2a01:ecc0:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:11:4f:d5:06:a7:1b:bc:ba:12:3d:ee:f0:be:08:33:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan 30 23:49:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ab173b67bfc29f6fbc89859bf15121cca7ffeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2d:55:77:53:94:8c:82:f0:dd:ac:d3:c2:69:
                    63:fb:fc:0c:fa:a8:c6:91:af:c3:d8:9b:00:99:41:
                    df:5f:cb:ac:de:9f:97:e9:de:1d:16:69:db:01:bd:
                    bb:06:b7:47:43:1f:c1:ff:1a:dd:5f:5d:74:9b:a1:
                    ff:c7:6d:eb:f7:59:c9:7f:6c:7e:4b:d5:60:b6:fe:
                    3f:f9:0c:ee:ac:9f:f4:1c:94:c0:3e:89:5f:e6:7c:
                    cb:70:50:4a:4a:da:02:27:46:d1:6b:a0:b7:16:39:
                    79:c5:fa:d0:5b:07:8a:83:c6:da:11:ef:3c:a6:2f:
                    24:6c:c5:36:2f:36:ee:d4:81:d3:78:d2:8a:8e:c2:
                    a0:d0:24:55:0b:7c:67:82:84:4a:3a:ea:95:1f:9c:
                    e4:44:20:60:1c:f0:7a:7f:9b:d9:97:2f:28:93:51:
                    6f:ff:c4:34:34:4d:9b:50:55:6a:8b:82:cf:48:30:
                    97:f5:4f:68:63:9e:25:4c:73:f8:0f:de:21:91:54:
                    52:be:e6:85:3d:d7:b1:16:27:14:7d:34:61:8b:b1:
                    11:18:74:db:51:45:aa:e3:7c:3b:44:ee:6c:9c:12:
                    63:44:77:4c:81:02:1e:21:75:76:db:88:0f:ec:08:
                    73:3c:c8:e3:ad:8d:5a:e9:18:a1:f0:bc:f0:be:0c:
                    f5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B1:73:B6:7B:FC:29:F6:FB:C8:98:59:BF:15:12:1C:CA:7F:FE:AF
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/mrFztnv8Kfb7yJhZvxUSHMp__q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:c5:6f:dd:7c:f7:1b:dd:d1:7a:5a:d9:c6:49:01:19:bd:91:
         c8:10:34:df:d3:6d:10:ae:66:63:c9:4d:f0:02:40:e0:ab:2b:
         da:b9:48:a7:90:32:24:77:45:42:8b:13:d6:f0:ad:e4:47:61:
         a0:49:6e:9e:99:a9:a3:2b:88:a9:d6:4f:98:e1:e0:8d:3d:c2:
         68:2e:ab:f4:ca:ca:c6:71:6f:43:8a:14:ae:97:e8:44:7a:2e:
         26:37:b4:b9:66:48:79:a5:2e:bb:1f:07:8d:37:99:91:8d:81:
         57:3e:33:fc:97:3b:23:cc:47:81:64:80:20:58:ef:35:85:c8:
         8a:8f:16:53:91:9f:1f:2d:7d:5b:11:52:19:c1:97:77:4f:0b:
         a8:0f:dd:68:61:ac:95:eb:2c:d7:38:65:4b:32:19:ac:70:5f:
         e4:1c:39:a2:15:0f:4f:37:89:0f:76:7a:16:21:4d:7c:fd:2a:
         d0:01:7a:1e:59:1e:c9:a2:76:90:39:37:94:2d:e4:e4:0e:0c:
         57:d0:ca:e1:4d:f1:3c:49:42:87:62:4c:f5:64:57:86:e3:01:
         1a:97:58:08:dd:5f:ca:32:27:1b:73:86:37:87:48:e6:2b:fb:
         26:9d:7b:f7:e8:59:4e:b9:a5:76:9e:4f:be:19:25:6c:72:cf:
         3a:6b:fe:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwRT9UGpxu8uhI97vC+CDPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwMTMwMjM0OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWIxNzNiNjdiZmMyOWY2ZmJjODk4NTliZjE1MTIxY2NhN2ZmZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui1Vd1OUjILw3azTwmlj+/wM+qjG
ka/D2JsAmUHfX8us3p+X6d4dFmnbAb27BrdHQx/B/xrdX110m6H/x23r91nJf2x+
S9Vgtv4/+QzurJ/0HJTAPolf5nzLcFBKStoCJ0bRa6C3Fjl5xfrQWweKg8baEe88
pi8kbMU2Lzbu1IHTeNKKjsKg0CRVC3xngoRKOuqVH5zkRCBgHPB6f5vZly8ok1Fv
/8Q0NE2bUFVqi4LPSDCX9U9oY54lTHP4D94hkVRSvuaFPdexFicUfTRhi7ERGHTb
UUWq43w7RO5snBJjRHdMgQIeIXV224gP7AhzPMjjrY1a6Rih8Lzwvgz1bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJqxc7Z7/Cn2+8iYWb8VEhzKf/6vMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvbXJGenRudjhLZmI3eUpoWnZ4VVNITXBfX3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHswAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQCNxW/dfPcb3dF6WtnGSQEZvZHIEDTf020QrmZj
yU3wAkDgqyvauUinkDIkd0VCixPW8K3kR2GgSW6emamjK4ip1k+Y4eCNPcJoLqv0
ysrGcW9DihSul+hEei4mN7S5Zkh5pS67HweNN5mRjYFXPjP8lzsjzEeBZIAgWO81
hciKjxZTkZ8fLX1bEVIZwZd3TwuoD91oYayV6yzXOGVLMhmscF/kHDmiFQ9PN4kP
dnoWIU18/SrQAXoeWR7JonaQOTeULeTkDgxX0MrhTfE8SUKHYkz1ZFeG4wEal1gI
3V/KMicbc4Y3h0jmK/smnXv36FlOuaV2nk++GSVscs86a/7I
-----END CERTIFICATE-----