This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dAR_hzGidU2FGwP0X3n7vXiINok.roa
File:                     dAR_hzGidU2FGwP0X3n7vXiINok.roa (raw, json)
Hash identifier:          v6ROv4TVozgRlTXfoWOtb107dLinU2e6RbpTqscZoaI=
Subject key identifier:   74:04:7F:87:31:A2:75:4D:85:1B:03:F4:5F:79:FB:BD:78:88:36:89
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B79109F32B9058D2B540D93090750EAD4
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dAR_hzGidU2FGwP0X3n7vXiINok.roa
Signing time:             Thu 01 Jan 2026 10:18:11 +0000
ROA not before:           Thu 01 Jan 2026 10:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205421
IP address blocks:        2a12:bec0:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:9f:32:b9:05:8d:2b:54:0d:93:09:07:50:ea:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74047f8731a2754d851b03f45f79fbbd78883689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7e:e4:b8:a0:0a:da:44:a7:e0:1c:cf:53:f3:
                    51:4b:a5:a5:f2:b6:83:8a:dc:0a:05:c3:6a:f4:70:
                    3c:65:13:96:61:d7:58:90:7f:49:2e:bd:5d:4d:10:
                    2c:59:2c:07:5c:2a:64:63:94:5f:55:26:09:40:26:
                    7c:9b:28:f4:2b:a6:ad:f5:88:da:74:3c:ba:ab:af:
                    8f:9c:d9:fb:e1:fe:29:76:84:9b:1e:ca:49:4e:01:
                    2a:2e:55:bb:dc:98:c8:3f:0f:3f:36:6c:8e:98:ad:
                    8b:c2:1c:72:af:74:33:42:74:bc:65:3f:51:ef:99:
                    88:af:4d:86:f5:62:15:d1:91:7c:92:24:21:74:d6:
                    02:a6:03:ca:c8:e6:68:f2:0f:09:bc:84:2f:48:fb:
                    f4:59:d6:87:f7:e4:6c:80:9c:cb:11:39:57:ca:4e:
                    c5:b6:9c:cb:cf:6d:97:3a:bc:db:fe:eb:82:8b:32:
                    c4:e0:f6:1b:ee:be:9d:df:9d:c9:74:d6:31:14:58:
                    cd:78:3c:e9:71:e1:ff:0b:63:60:1f:3b:7f:51:0f:
                    c0:62:0a:73:b3:58:6f:7b:ff:05:1c:f4:46:2f:e2:
                    c4:07:b3:36:d7:8a:1f:7d:53:6a:76:67:be:a3:95:
                    bd:83:73:d5:36:97:16:10:7f:5a:29:85:10:f4:2c:
                    9a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:04:7F:87:31:A2:75:4D:85:1B:03:F4:5F:79:FB:BD:78:88:36:89
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dAR_hzGidU2FGwP0X3n7vXiINok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:df:ff:03:23:84:53:98:07:13:2e:2f:70:1f:39:41:27:58:
         64:56:5f:e8:6b:eb:48:a7:9e:4d:cf:7e:28:93:c0:9a:23:62:
         50:71:ad:51:3e:23:a7:77:68:dc:fc:c7:b0:4a:3f:97:ea:07:
         ef:15:6f:ef:e0:5b:5d:31:a4:ea:fa:b1:ca:09:0b:15:19:50:
         33:db:9d:d5:ad:f1:1c:2f:08:75:51:24:02:80:d6:c8:0b:0d:
         a9:0b:b0:8d:44:d8:7a:e2:2d:16:66:4d:ed:e2:55:28:9f:60:
         fd:a4:46:f6:33:2b:97:5b:0e:ab:3e:f2:b0:53:c1:e7:0a:b2:
         e3:44:db:3c:c3:7e:67:c0:30:f9:4a:f9:f1:00:5b:74:0b:4e:
         59:6d:3f:0e:09:df:7a:bf:4b:a7:12:a2:2f:58:53:17:e9:c6:
         b5:f5:a9:51:3b:3b:e3:da:8f:65:78:c6:d0:48:61:98:94:7b:
         ed:fc:55:f6:a8:b3:c7:a8:e5:e3:cd:8d:af:00:f5:79:12:40:
         af:a6:97:2b:59:8a:48:59:a5:5e:fa:12:f2:09:22:af:a5:55:
         b2:64:47:16:2b:b0:11:be:a8:5f:ee:b1:46:ae:98:00:c1:e2:
         b5:a3:11:f3:93:f7:35:cd:d3:93:c1:17:f2:d7:b9:94:13:a9:
         b3:b3:79:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EJ8yuQWNK1QNkwkHUOrUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDA0N2Y4NzMxYTI3NTRkODUxYjAzZjQ1Zjc5ZmJiZDc4ODgzNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn7kuKAK2kSn4BzPU/NRS6Wl8raD
itwKBcNq9HA8ZROWYddYkH9JLr1dTRAsWSwHXCpkY5RfVSYJQCZ8myj0K6at9Yja
dDy6q6+PnNn74f4pdoSbHspJTgEqLlW73JjIPw8/NmyOmK2Lwhxyr3QzQnS8ZT9R
75mIr02G9WIV0ZF8kiQhdNYCpgPKyOZo8g8JvIQvSPv0WdaH9+RsgJzLETlXyk7F
tpzLz22XOrzb/uuCizLE4PYb7r6d353JdNYxFFjNeDzpceH/C2NgHzt/UQ/AYgpz
s1hve/8FHPRGL+LEB7M214offVNqdme+o5W9g3PVNpcWEH9aKYUQ9CyaKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQEf4cxonVNhRsD9F95+714iDaJMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZEFSX2h6R2lkVTJGR3dQMFgzbjd2WGlJTm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBq3/8DI4RTmAcTLi9wHzlBJ1hkVl/oa+tIp55N
z34ok8CaI2JQca1RPiOnd2jc/MewSj+X6gfvFW/v4FtdMaTq+rHKCQsVGVAz253V
rfEcLwh1USQCgNbICw2pC7CNRNh64i0WZk3t4lUon2D9pEb2MyuXWw6rPvKwU8Hn
CrLjRNs8w35nwDD5SvnxAFt0C05ZbT8OCd96v0unEqIvWFMX6ca19alROzvj2o9l
eMbQSGGYlHvt/FX2qLPHqOXjzY2vAPV5EkCvppcrWYpIWaVe+hLyCSKvpVWyZEcW
K7ARvqhf7rFGrpgAweK1oxHzk/c1zdOTwRfy17mUE6mzs3ln
-----END CERTIFICATE-----