This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PIf7BCJGCf-p_WF38GLjPBe1mTk.roa
File:                     PIf7BCJGCf-p_WF38GLjPBe1mTk.roa (raw, json)
Hash identifier:          DnYQu1M0PKlo1FWzm4RkGJP2yDZYfcegz+y+t2RYHZY=
Subject key identifier:   3C:87:FB:04:22:46:09:FF:A9:FD:61:77:F0:62:E3:3C:17:B5:99:39
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B791089CBBF12A55B67D9696DCFFB6F90
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PIf7BCJGCf-p_WF38GLjPBe1mTk.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60298
IP address blocks:        2a12:bec0:2a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:89:cb:bf:12:a5:5b:67:d9:69:6d:cf:fb:6f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c87fb04224609ffa9fd6177f062e33c17b59939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:94:a3:69:a5:cf:cd:85:85:63:e9:27:58:ed:
                    0c:7e:26:ad:f7:13:df:65:24:5a:66:37:98:21:04:
                    d3:cc:3c:bd:04:6c:62:eb:15:b0:6f:94:92:8a:ce:
                    04:bc:43:64:e4:11:e7:e9:3e:67:ad:1e:4d:48:78:
                    a4:2d:60:1a:2c:de:f3:e1:f8:d2:3e:d2:a3:3d:0a:
                    3a:10:f4:fb:60:d9:7e:13:4d:17:18:e5:ad:da:d5:
                    8a:cb:dc:4b:bb:ae:1f:2c:5a:58:60:0f:a3:af:35:
                    fa:04:eb:e9:d1:9c:75:ff:52:97:73:c1:01:63:32:
                    44:78:c4:cc:e2:0d:08:0f:4c:91:67:a5:b4:6a:86:
                    d0:af:63:82:c6:42:6a:c0:19:c8:53:25:0e:84:31:
                    b5:4f:05:59:f3:e2:6c:94:3e:c7:4f:2a:d0:ed:98:
                    5e:7b:92:6f:bf:a1:67:7c:e7:11:67:94:46:05:87:
                    ca:9b:0f:75:5f:e6:78:b3:0d:48:b4:ca:28:68:1e:
                    00:a5:bb:7d:c1:02:fd:46:dc:05:de:40:52:43:e8:
                    ad:4c:92:a3:0f:67:75:4d:3b:f7:a2:27:3f:da:15:
                    04:fb:f9:20:be:da:dc:7c:43:fa:c6:8e:f2:c5:c1:
                    08:78:a4:36:f7:09:9e:f3:13:e2:ce:c5:b5:17:a3:
                    6d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:87:FB:04:22:46:09:FF:A9:FD:61:77:F0:62:E3:3C:17:B5:99:39
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PIf7BCJGCf-p_WF38GLjPBe1mTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:2a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:f0:f0:46:52:75:20:fd:4f:3a:5f:52:c7:ad:49:13:22:0f:
         f9:1b:4e:2d:b1:bc:ab:cc:6d:1e:09:0e:0e:82:14:99:8c:80:
         d2:0a:19:3d:ea:43:af:21:b6:ce:00:b7:b3:24:ca:c2:b8:95:
         d4:bf:f2:37:ab:ac:84:83:9f:85:97:33:ea:fb:2a:48:31:a2:
         eb:d3:5a:bb:56:93:6c:d5:bb:e0:84:7d:16:7a:ff:a0:b7:a3:
         1e:25:15:d3:1c:4a:63:48:fc:29:c9:88:9b:1f:c2:78:b9:19:
         38:1f:54:a6:fc:e5:56:f0:08:6d:eb:42:66:f8:8f:26:91:c9:
         9a:5c:c7:73:21:7e:3e:e8:b4:e6:36:3e:13:da:84:4c:9b:ca:
         c7:b6:c4:59:b5:ce:98:8d:7e:fc:68:bc:2c:6e:55:1f:61:1f:
         1c:4f:b5:c5:21:19:4b:47:2e:22:40:2c:7b:12:a1:61:87:76:
         1f:2d:d7:dd:a8:99:8f:69:42:9e:01:6e:b4:5c:1c:d3:8c:2f:
         7d:12:52:2f:04:eb:83:0d:0e:39:03:49:f5:e0:ab:54:28:90:
         66:db:df:86:5e:cf:80:16:f6:ec:90:ec:06:7d:7b:c7:19:d6:
         3a:55:31:71:c8:27:72:35:6d:d9:67:2a:09:62:da:34:bd:f6:
         c9:e5:f9:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EInLvxKlW2fZaW3P+2+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzg3ZmIwNDIyNDYwOWZmYTlmZDYxNzdmMDYyZTMzYzE3YjU5OTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZSjaaXPzYWFY+knWO0Mfiat9xPf
ZSRaZjeYIQTTzDy9BGxi6xWwb5SSis4EvENk5BHn6T5nrR5NSHikLWAaLN7z4fjS
PtKjPQo6EPT7YNl+E00XGOWt2tWKy9xLu64fLFpYYA+jrzX6BOvp0Zx1/1KXc8EB
YzJEeMTM4g0ID0yRZ6W0aobQr2OCxkJqwBnIUyUOhDG1TwVZ8+JslD7HTyrQ7Zhe
e5Jvv6FnfOcRZ5RGBYfKmw91X+Z4sw1ItMooaB4Apbt9wQL9RtwF3kBSQ+itTJKj
D2d1TTv3oic/2hUE+/kgvtrcfEP6xo7yxcEIeKQ29wme8xPizsW1F6NtvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDyH+wQiRgn/qf1hd/Bi4zwXtZk5MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUElmN0JDSkdDZi1wX1dGMzhHTGpQQmUxbVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAKg
MA0GCSqGSIb3DQEBCwUAA4IBAQCn8PBGUnUg/U86X1LHrUkTIg/5G04tsbyrzG0e
CQ4OghSZjIDSChk96kOvIbbOALezJMrCuJXUv/I3q6yEg5+FlzPq+ypIMaLr01q7
VpNs1bvghH0Wev+gt6MeJRXTHEpjSPwpyYibH8J4uRk4H1Sm/OVW8Aht60Jm+I8m
kcmaXMdzIX4+6LTmNj4T2oRMm8rHtsRZtc6YjX78aLwsblUfYR8cT7XFIRlLRy4i
QCx7EqFhh3YfLdfdqJmPaUKeAW60XBzTjC99ElIvBOuDDQ45A0n14KtUKJBm29+G
Xs+AFvbskOwGfXvHGdY6VTFxyCdyNW3ZZyoJYto0vfbJ5flD
-----END CERTIFICATE-----