This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WxDf2pHdURBY-4FUo0XntI2GAAM.roa
File:                     WxDf2pHdURBY-4FUo0XntI2GAAM.roa (raw, json)
Hash identifier:          bprf6tuBf+gCKFjCFhGaWYJ/CuAKCZd4ROswjaB62jI=
Subject key identifier:   5B:10:DF:DA:91:DD:51:10:58:FB:81:54:A3:45:E7:B4:8D:86:00:03
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910C8BFE0AF3BF230E1A7D92A3EEFB6
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WxDf2pHdURBY-4FUo0XntI2GAAM.roa
Signing time:             Thu 01 Jan 2026 10:18:21 +0000
ROA not before:           Thu 01 Jan 2026 10:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216220
IP address blocks:        2a12:bec0:520::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:c8:bf:e0:af:3b:f2:30:e1:a7:d9:2a:3e:ef:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b10dfda91dd511058fb8154a345e7b48d860003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d3:03:2d:38:ec:4a:a4:7a:16:73:fb:8a:d6:
                    82:e1:71:e6:c8:41:5f:17:ef:bf:97:b6:fa:1b:d1:
                    8c:ea:38:21:e4:77:9f:29:a6:b3:67:9d:42:d2:50:
                    0a:5c:f6:99:a2:f7:c7:f6:4e:57:9d:aa:cf:de:03:
                    1c:c9:2d:d7:bb:82:0c:7e:bc:a9:4d:14:26:11:1f:
                    23:96:e2:e5:d1:c9:d9:16:af:20:ff:e0:37:91:3a:
                    8a:fc:a0:1b:af:1f:bf:da:95:fc:5d:0d:a6:1c:9f:
                    3f:8b:ed:87:3b:73:df:6d:1e:ec:d5:41:2f:07:7b:
                    21:89:ee:83:d9:d5:42:52:29:91:c1:dc:27:31:bb:
                    cc:f9:4b:91:ff:bc:f8:37:3f:aa:d6:1b:12:e2:4c:
                    8e:15:67:0d:d2:2c:61:cf:3a:6f:22:01:b1:4a:fb:
                    62:1c:1f:59:63:7f:7d:d9:f7:6c:ff:cd:54:11:b7:
                    16:aa:36:58:f0:c5:a9:69:c1:cf:ad:87:08:c7:74:
                    74:58:8b:02:2d:90:53:6a:9a:80:44:1f:b1:52:65:
                    8a:9e:6f:e2:fb:d1:97:96:a1:4a:c3:f3:47:3a:81:
                    96:6c:31:2c:67:a3:04:0f:e2:c1:15:e9:e1:e1:06:
                    dc:0b:02:8a:4c:c5:3a:88:d1:73:56:8a:f9:9b:80:
                    8b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:10:DF:DA:91:DD:51:10:58:FB:81:54:A3:45:E7:B4:8D:86:00:03
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WxDf2pHdURBY-4FUo0XntI2GAAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:15:e8:07:69:fb:56:34:af:bc:b6:33:32:19:25:c9:d6:df:
         9e:bc:ff:11:f0:dc:1d:e8:31:dd:cf:cc:c9:10:91:bd:d4:01:
         9c:77:68:9f:9e:09:9b:d4:68:6e:45:bb:06:d5:0a:60:d2:60:
         8a:f7:e3:1f:84:a9:77:b2:65:fd:93:30:d3:49:0e:71:4d:c3:
         37:a9:ef:2b:52:42:74:96:1b:68:46:79:de:46:ff:47:45:d4:
         2f:48:3c:d1:1d:00:95:84:51:3a:0f:fd:c4:53:7c:ae:3c:10:
         d1:ad:e0:9f:57:4d:7d:f1:80:a3:36:08:d5:a2:7a:0c:7f:25:
         20:d8:8a:c2:49:96:58:65:09:8a:0f:00:0d:67:4e:da:20:89:
         79:21:c5:cf:b0:be:ac:8f:c9:d5:c9:d4:24:b6:3b:3b:ff:53:
         27:70:c7:87:fc:14:cc:f9:24:7f:9a:22:53:57:2f:1a:03:56:
         34:55:a5:f7:a0:4b:6a:ad:97:84:70:40:d5:45:71:ef:41:59:
         e0:16:b4:7b:f5:0e:69:ff:e8:3b:21:78:5f:fe:61:7d:e5:ba:
         e8:ec:52:f9:a3:db:1f:fc:58:52:1b:6a:94:07:f5:c0:be:b2:
         48:6a:46:9e:5b:9f:e1:f4:d8:a1:51:eb:02:f9:f5:f6:56:ef:
         fe:17:e4:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EMi/4K878jDhp9kqPu+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjEwZGZkYTkxZGQ1MTEwNThmYjgxNTRhMzQ1ZTdiNDhkODYwMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldMDLTjsSqR6FnP7itaC4XHmyEFf
F++/l7b6G9GM6jgh5HefKaazZ51C0lAKXPaZovfH9k5XnarP3gMcyS3Xu4IMfryp
TRQmER8jluLl0cnZFq8g/+A3kTqK/KAbrx+/2pX8XQ2mHJ8/i+2HO3PfbR7s1UEv
B3shie6D2dVCUimRwdwnMbvM+UuR/7z4Nz+q1hsS4kyOFWcN0ixhzzpvIgGxSvti
HB9ZY3992fds/81UEbcWqjZY8MWpacHPrYcIx3R0WIsCLZBTapqARB+xUmWKnm/i
+9GXlqFKw/NHOoGWbDEsZ6MED+LBFenh4QbcCwKKTMU6iNFzVor5m4CL2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFsQ39qR3VEQWPuBVKNF57SNhgADMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvV3hEZjJwSGRVUkJZLTRGVW8wWG50STJHQUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAUg
MA0GCSqGSIb3DQEBCwUAA4IBAQAjFegHaftWNK+8tjMyGSXJ1t+evP8R8Nwd6DHd
z8zJEJG91AGcd2ifngmb1GhuRbsG1Qpg0mCK9+MfhKl3smX9kzDTSQ5xTcM3qe8r
UkJ0lhtoRnneRv9HRdQvSDzRHQCVhFE6D/3EU3yuPBDRreCfV0198YCjNgjVonoM
fyUg2IrCSZZYZQmKDwANZ07aIIl5IcXPsL6sj8nVydQktjs7/1MncMeH/BTM+SR/
miJTVy8aA1Y0VaX3oEtqrZeEcEDVRXHvQVngFrR79Q5p/+g7IXhf/mF95bro7FL5
o9sf/FhSG2qUB/XAvrJIakaeW5/h9NihUesC+fX2Vu/+F+RK
-----END CERTIFICATE-----