This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/hsKcvSWPO1CU4HkLHvqJIY4FgNA.roa
File:                     hsKcvSWPO1CU4HkLHvqJIY4FgNA.roa (raw, json)
Hash identifier:          jjrjI4HfCwNCsIc0HV5NXcWDcLbMHhmdxzYAyvFBJTo=
Subject key identifier:   86:C2:9C:BD:25:8F:3B:50:94:E0:79:0B:1E:FA:89:21:8E:05:80:D0
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019B783457A31A19B4D156E13B669BB01ED7
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/hsKcvSWPO1CU4HkLHvqJIY4FgNA.roa
Signing time:             Thu 01 Jan 2026 06:17:34 +0000
ROA not before:           Thu 01 Jan 2026 06:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205758
IP address blocks:        2a09:7:2006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 09:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:57:a3:1a:19:b4:d1:56:e1:3b:66:9b:b0:1e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 06:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86c29cbd258f3b5094e0790b1efa89218e0580d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8a:34:30:31:72:8e:c3:0a:fb:3e:a0:f2:9b:
                    0a:fb:87:d5:e0:f5:b8:b6:de:a6:4f:28:e1:44:c4:
                    1b:18:cb:c4:ba:e0:c3:e0:8e:11:47:63:1a:e2:92:
                    fd:58:7b:16:aa:91:aa:ae:f4:ce:64:50:5c:53:79:
                    22:c1:ca:73:ba:a8:cb:f3:3f:68:5f:fa:d3:a8:6f:
                    8a:55:70:50:16:92:8d:8e:3e:dd:c2:c3:61:37:20:
                    c8:0d:b6:f4:9b:cc:73:cb:ee:f8:4f:6f:0f:b9:8e:
                    40:6e:23:5e:93:27:c8:de:53:17:19:f6:76:a3:a8:
                    12:ae:91:2a:6d:42:e0:fc:de:e3:a5:23:d3:15:09:
                    00:3d:17:82:51:7c:a8:53:c8:d1:45:6b:87:6d:cb:
                    62:22:29:97:16:76:f5:6c:ad:4f:77:9a:31:35:76:
                    c1:6c:ba:4e:b0:fd:f0:91:1d:0a:da:ff:c3:43:f6:
                    5e:a3:01:5b:6f:d7:c4:43:a7:dd:e2:4d:d8:bb:2b:
                    b8:95:89:0b:d3:50:3b:31:86:86:c8:bf:61:cf:2a:
                    68:fa:e8:0c:d8:9e:12:5e:16:34:15:8b:40:7e:70:
                    15:2d:9b:0b:94:47:b9:e5:dc:bd:bb:ca:f8:0c:7e:
                    62:38:90:c7:b9:5c:40:b4:99:2c:5a:b8:37:a0:0f:
                    92:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C2:9C:BD:25:8F:3B:50:94:E0:79:0B:1E:FA:89:21:8E:05:80:D0
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/hsKcvSWPO1CU4HkLHvqJIY4FgNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:2006::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:3d:c6:fd:ab:5b:d9:58:a6:4f:1b:d6:25:78:35:59:bc:84:
         24:e0:37:86:2f:7d:56:9c:1e:b4:1a:25:2b:5e:5d:bc:d5:ae:
         ba:55:72:ca:74:47:80:c2:8a:4f:1c:fb:a7:6c:1d:6a:dd:e1:
         59:1b:5e:87:cf:a2:9b:60:97:64:47:fc:00:47:77:29:b6:97:
         fb:d8:f4:11:a3:22:98:37:46:bc:46:e9:12:1e:ab:00:5d:82:
         6c:d9:c0:ec:ab:67:fb:68:b2:4c:26:84:cd:8a:9f:e1:0f:c9:
         52:54:49:09:ca:53:06:6d:e8:86:35:88:15:3d:85:8a:76:51:
         a4:25:b8:1e:51:f5:db:c8:90:36:f8:e8:0a:91:2f:63:a3:7c:
         7c:28:6a:ea:ad:22:18:af:cb:48:48:32:25:e2:58:8a:c3:80:
         1e:bb:c3:8f:a9:22:fe:85:77:7e:54:70:40:98:fc:c5:a8:12:
         31:12:bb:ed:3d:52:5e:d7:9d:2e:a8:dd:1f:70:8a:3b:e5:00:
         ae:f9:6a:5c:fb:e1:b8:b9:4d:9d:9e:1d:3e:38:cb:8b:91:90:
         8d:d9:13:b4:7e:19:68:cb:d5:1d:96:0a:42:ec:5b:94:41:a7:
         9b:f0:cf:a0:58:f6:15:66:71:0a:60:5f:1f:4a:fb:62:e0:9a:
         6c:1e:b9:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NFejGhm00VbhO2absB7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjYwMTAxMDYxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmMyOWNiZDI1OGYzYjUwOTRlMDc5MGIxZWZhODkyMThlMDU4MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYo0MDFyjsMK+z6g8psK+4fV4PW4
tt6mTyjhRMQbGMvEuuDD4I4RR2Ma4pL9WHsWqpGqrvTOZFBcU3kiwcpzuqjL8z9o
X/rTqG+KVXBQFpKNjj7dwsNhNyDIDbb0m8xzy+74T28PuY5AbiNekyfI3lMXGfZ2
o6gSrpEqbULg/N7jpSPTFQkAPReCUXyoU8jRRWuHbctiIimXFnb1bK1Pd5oxNXbB
bLpOsP3wkR0K2v/DQ/ZeowFbb9fEQ6fd4k3Yuyu4lYkL01A7MYaGyL9hzypo+ugM
2J4SXhY0FYtAfnAVLZsLlEe55dy9u8r4DH5iOJDHuVxAtJksWrg3oA+SkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIbCnL0ljztQlOB5Cx76iSGOBYDQMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvaHNLY3ZTV1BPMUNVNEhrTEh2cUpJWTRGZ05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAsPcb9q1vZWKZPG9YleDVZvIQk4DeGL31WnB60
GiUrXl281a66VXLKdEeAwopPHPunbB1q3eFZG16Hz6KbYJdkR/wAR3cptpf72PQR
oyKYN0a8RukSHqsAXYJs2cDsq2f7aLJMJoTNip/hD8lSVEkJylMGbeiGNYgVPYWK
dlGkJbgeUfXbyJA2+OgKkS9jo3x8KGrqrSIYr8tISDIl4liKw4Aeu8OPqSL+hXd+
VHBAmPzFqBIxErvtPVJe150uqN0fcIo75QCu+Wpc++G4uU2dnh0+OMuLkZCN2RO0
fhloy9UdlgpC7FuUQaeb8M+gWPYVZnEKYF8fSvti4JpsHrnb
-----END CERTIFICATE-----