This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FoI8RbVuD0PMpOMLpDgoVtwMM1U.roa
File:                     FoI8RbVuD0PMpOMLpDgoVtwMM1U.roa (raw, json)
Hash identifier:          mrx6UV6YyT/qry9orzWwCTHRE6BstWnqYoxd1mImP6k=
Subject key identifier:   16:82:3C:45:B5:6E:0F:43:CC:A4:E3:0B:A4:38:28:56:DC:0C:33:55
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910A39EB1962BFFB805747F08E7F1D4
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FoI8RbVuD0PMpOMLpDgoVtwMM1U.roa
Signing time:             Thu 01 Jan 2026 10:18:12 +0000
ROA not before:           Thu 01 Jan 2026 10:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208328
IP address blocks:        2a12:bec0:fc0::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:a3:9e:b1:96:2b:ff:b8:05:74:7f:08:e7:f1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16823c45b56e0f43cca4e30ba4382856dc0c3355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f4:67:3a:f5:b2:ff:21:5f:a4:5b:c1:f6:39:
                    88:85:34:ce:9f:8b:14:fa:3f:e2:27:70:f8:a8:3b:
                    f2:05:22:85:1b:27:5e:3f:13:78:c9:38:34:0f:83:
                    69:5a:4c:9a:72:19:b6:2b:87:d6:86:99:93:d7:c2:
                    2b:3a:8b:88:8c:7b:fe:bd:26:f8:7a:29:ed:5f:72:
                    ca:cb:7e:0e:02:4e:12:93:b1:48:72:cd:5f:4a:20:
                    58:38:c3:ed:36:19:50:d4:47:58:26:07:08:d1:8e:
                    e7:16:9b:55:9f:8b:e6:01:77:cd:da:bf:ad:ea:35:
                    5b:b3:29:c1:b7:ea:c5:68:98:50:d4:db:88:26:5e:
                    d1:1b:59:78:49:d4:97:e1:7b:af:de:05:b1:7a:c9:
                    be:97:82:9b:e1:7c:07:b6:07:6c:a3:20:ea:c7:7e:
                    d4:4d:48:ec:8c:8f:cb:f9:a6:f8:89:30:37:33:83:
                    f9:e4:b1:a2:9a:11:ec:40:4d:e9:c7:5c:a3:1c:4d:
                    89:05:8e:d7:e9:6f:7d:50:7d:dd:0a:bf:aa:73:74:
                    b1:06:c1:37:fa:18:24:02:f7:cb:07:3d:92:23:60:
                    d6:a8:bd:69:03:8b:95:50:91:51:df:6f:41:f6:1d:
                    52:fe:63:b2:0a:51:85:b7:d0:14:98:63:b7:ad:fe:
                    d1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:82:3C:45:B5:6E:0F:43:CC:A4:E3:0B:A4:38:28:56:DC:0C:33:55
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FoI8RbVuD0PMpOMLpDgoVtwMM1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:fc0::/42

    Signature Algorithm: sha256WithRSAEncryption
         60:ac:f5:da:c6:46:09:78:bd:f3:65:3d:c0:25:25:72:ac:79:
         74:00:ec:f0:42:5b:f6:90:a6:7a:ba:93:bb:ef:9c:cd:2c:4b:
         f8:1d:d1:37:dd:e8:34:81:06:e8:7e:72:87:9c:fd:26:bc:e7:
         4c:cb:3c:8d:df:67:34:61:32:29:f5:ed:a7:32:f7:15:90:57:
         c0:28:67:85:f0:0a:38:20:c9:8c:ff:de:6d:2d:e8:a7:09:c6:
         3e:b0:84:39:c2:a2:89:53:1e:f7:28:fb:80:28:5f:36:31:d3:
         1d:d6:3c:0b:fe:44:c5:df:67:85:23:ae:26:6a:a5:23:08:fc:
         af:07:80:42:c0:04:15:ff:da:09:c6:06:d1:8f:84:61:b3:5e:
         5b:23:5a:3f:a6:86:b1:fb:90:f0:84:1e:ee:02:c4:78:ec:a4:
         ca:d3:ed:94:91:93:1a:4f:b7:de:51:91:f2:5d:4e:f1:f9:49:
         3e:89:c4:fb:08:4b:3b:d5:94:8a:d2:2d:af:89:4a:e4:cf:03:
         79:00:96:72:75:ff:0f:48:b3:0e:8d:66:c5:89:00:e8:1b:de:
         25:72:cf:89:fc:6b:58:32:9f:d3:5e:3b:81:5e:52:19:7b:31:
         ec:a3:d8:4e:ff:fa:6b:9f:4a:1e:56:f1:e2:4c:fa:29:d6:28:
         a0:2f:72:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EKOesZYr/7gFdH8I5/HUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjgyM2M0NWI1NmUwZjQzY2NhNGUzMGJhNDM4Mjg1NmRjMGMzMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fRnOvWy/yFfpFvB9jmIhTTOn4sU
+j/iJ3D4qDvyBSKFGydePxN4yTg0D4NpWkyachm2K4fWhpmT18IrOouIjHv+vSb4
eintX3LKy34OAk4Sk7FIcs1fSiBYOMPtNhlQ1EdYJgcI0Y7nFptVn4vmAXfN2r+t
6jVbsynBt+rFaJhQ1NuIJl7RG1l4SdSX4Xuv3gWxesm+l4Kb4XwHtgdsoyDqx37U
TUjsjI/L+ab4iTA3M4P55LGimhHsQE3px1yjHE2JBY7X6W99UH3dCr+qc3SxBsE3
+hgkAvfLBz2SI2DWqL1pA4uVUJFR329B9h1S/mOyClGFt9AUmGO3rf7RgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaCPEW1bg9DzKTjC6Q4KFbcDDNVMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRm9JOFJiVnVEMFBNcE9NTHBEZ29WdHdNTTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKhK+wA/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBgrPXaxkYJeL3zZT3AJSVyrHl0AOzwQlv2kKZ6
upO775zNLEv4HdE33eg0gQbofnKHnP0mvOdMyzyN32c0YTIp9e2nMvcVkFfAKGeF
8Ao4IMmM/95tLeinCcY+sIQ5wqKJUx73KPuAKF82MdMd1jwL/kTF32eFI64maqUj
CPyvB4BCwAQV/9oJxgbRj4Rhs15bI1o/poax+5DwhB7uAsR47KTK0+2UkZMaT7fe
UZHyXU7x+Uk+icT7CEs71ZSK0i2viUrkzwN5AJZydf8PSLMOjWbFiQDoG94lcs+J
/GtYMp/TXjuBXlIZezHso9hO//prn0oeVvHiTPop1iigL3Ku
-----END CERTIFICATE-----