This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/paD1BPZjWTHybcQ4vrsY_ps4XCI.roa
File:                     paD1BPZjWTHybcQ4vrsY_ps4XCI.roa (raw, json)
Hash identifier:          lQg77lyx9OAdTCrugz62otTkN8DkRaywe+CQcDmWoEo=
Subject key identifier:   A5:A0:F5:04:F6:63:59:31:F2:6D:C4:38:BE:BB:18:FE:9B:38:5C:22
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019B7EA70B0A18E7F2B21223F2AB3AC6AA6D
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/paD1BPZjWTHybcQ4vrsY_ps4XCI.roa
Signing time:             Fri 02 Jan 2026 12:20:35 +0000
ROA not before:           Fri 02 Jan 2026 12:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210457
IP address blocks:        2a01:ecc0:5c0::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:0b:0a:18:e7:f2:b2:12:23:f2:ab:3a:c6:aa:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan  2 12:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5a0f504f6635931f26dc438bebb18fe9b385c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:c9:79:a9:98:cf:20:b3:29:07:b5:1f:b0:
                    cb:c7:cf:d9:92:86:13:f2:01:f5:89:64:c9:f9:8e:
                    62:f6:3a:a8:d5:30:bf:63:46:95:7e:55:aa:3f:7c:
                    49:60:39:fd:61:91:59:74:84:3b:7a:a8:e1:4d:a2:
                    41:58:d9:12:07:32:57:d5:26:67:a3:f2:ce:87:25:
                    75:15:7b:46:b5:62:f1:63:32:a5:bf:60:48:d7:f5:
                    c3:b9:8c:c4:b8:c6:59:1a:1c:36:f1:59:06:74:24:
                    16:6a:06:29:e1:18:82:63:68:e3:82:68:be:65:4c:
                    34:bb:28:58:cf:f1:28:57:67:d3:ef:12:21:c4:1e:
                    5c:99:11:c3:99:6c:5e:4b:a9:a9:a9:c7:cc:f7:4b:
                    89:4a:4d:c6:9a:e6:51:de:b1:5f:bf:6b:0f:5c:ef:
                    05:a4:68:89:a9:b7:bf:45:df:7b:94:5f:ad:68:08:
                    a6:45:b2:2b:0c:2e:42:9f:6b:94:7a:ae:0b:3d:1d:
                    88:80:9e:42:48:99:67:58:99:15:d4:e1:a4:59:69:
                    d8:a2:23:80:e2:ef:a7:55:21:88:3b:2f:49:c9:cd:
                    e9:4c:a9:05:e0:b3:04:23:49:04:b9:df:14:83:e7:
                    70:84:cb:d7:49:98:18:14:c5:f8:f9:ae:a1:22:ab:
                    56:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A0:F5:04:F6:63:59:31:F2:6D:C4:38:BE:BB:18:FE:9B:38:5C:22
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/paD1BPZjWTHybcQ4vrsY_ps4XCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:5c0::/42

    Signature Algorithm: sha256WithRSAEncryption
         6e:99:59:db:73:db:0a:6f:28:8a:70:20:37:4b:f3:d3:0c:b1:
         e8:d0:ca:39:a0:58:92:dd:c7:46:d8:68:1d:55:d6:2b:3c:de:
         04:9f:f9:e6:3d:ac:25:5f:6a:83:ec:71:84:5e:7c:44:97:01:
         d6:0e:94:76:7e:d9:3e:f1:46:d8:8f:29:7b:26:1d:ac:6f:4e:
         c9:01:4e:ec:e4:fc:4e:c1:7e:67:ce:6e:b6:e9:10:84:98:33:
         a6:cd:70:c9:a7:03:f6:5c:16:c3:dc:b7:47:42:a5:ee:fe:24:
         a4:0e:29:3f:3e:83:77:0a:96:99:a5:c3:38:ae:4b:38:3d:73:
         f6:f1:c1:3b:1b:78:02:04:c6:3e:c8:e2:ec:f1:65:c4:b4:dd:
         09:18:1f:fc:54:83:38:86:57:45:2d:ac:23:b6:c6:d4:33:c9:
         62:a6:9a:ee:72:4b:bc:3d:cb:32:aa:a0:b0:2c:e1:39:97:25:
         b3:6c:8e:c0:c1:98:de:64:b9:59:45:8a:b7:45:67:0a:dc:92:
         ef:7d:45:07:ee:f2:77:a5:af:02:d4:37:81:16:52:40:69:2e:
         52:64:4a:19:b5:b2:8c:e1:c6:b6:2f:89:82:30:45:f7:f5:53:
         3f:16:15:4d:b8:62:ec:1b:34:9a:57:21:e2:52:f7:aa:80:8f:
         44:b4:d3:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pwsKGOfyshIj8qs6xqptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwMTAyMTIyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWEwZjUwNGY2NjM1OTMxZjI2ZGM0MzhiZWJiMThmZTliMzg1YzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1nJeamYzyCzKQe1H7DLx8/ZkoYT
8gH1iWTJ+Y5i9jqo1TC/Y0aVflWqP3xJYDn9YZFZdIQ7eqjhTaJBWNkSBzJX1SZn
o/LOhyV1FXtGtWLxYzKlv2BI1/XDuYzEuMZZGhw28VkGdCQWagYp4RiCY2jjgmi+
ZUw0uyhYz/EoV2fT7xIhxB5cmRHDmWxeS6mpqcfM90uJSk3GmuZR3rFfv2sPXO8F
pGiJqbe/Rd97lF+taAimRbIrDC5Cn2uUeq4LPR2IgJ5CSJlnWJkV1OGkWWnYoiOA
4u+nVSGIOy9Jyc3pTKkF4LMEI0kEud8Ug+dwhMvXSZgYFMX4+a6hIqtWkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKWg9QT2Y1kx8m3EOL67GP6bOFwiMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvcGFEMUJQWmpXVEh5YmNRNHZyc1lfcHM0WENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAXA
MA0GCSqGSIb3DQEBCwUAA4IBAQBumVnbc9sKbyiKcCA3S/PTDLHo0Mo5oFiS3cdG
2GgdVdYrPN4En/nmPawlX2qD7HGEXnxElwHWDpR2ftk+8UbYjyl7Jh2sb07JAU7s
5PxOwX5nzm626RCEmDOmzXDJpwP2XBbD3LdHQqXu/iSkDik/PoN3CpaZpcM4rks4
PXP28cE7G3gCBMY+yOLs8WXEtN0JGB/8VIM4hldFLawjtsbUM8lipprucku8Pcsy
qqCwLOE5lyWzbI7AwZjeZLlZRYq3RWcK3JLvfUUH7vJ3pa8C1DeBFlJAaS5SZEoZ
tbKM4ca2L4mCMEX39VM/FhVNuGLsGzSaVyHiUveqgI9EtNO2
-----END CERTIFICATE-----