This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rAeXFU4deKrloEIKH1_S9UUoRQM.roa
File:                     rAeXFU4deKrloEIKH1_S9UUoRQM.roa (raw, json)
Hash identifier:          kGjxGD8hKl67oXVdu0StVj5GYGUYcGrBDwwXChVHiBI=
Subject key identifier:   AC:07:97:15:4E:1D:78:AA:E5:A0:42:0A:1F:5F:D2:F5:45:28:45:03
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910914E062B8096CEC6850F3587683D
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rAeXFU4deKrloEIKH1_S9UUoRQM.roa
Signing time:             Thu 01 Jan 2026 10:18:07 +0000
ROA not before:           Thu 01 Jan 2026 10:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199187
IP address blocks:        2a12:bec0:1c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:91:4e:06:2b:80:96:ce:c6:85:0f:35:87:68:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac0797154e1d78aae5a0420a1f5fd2f545284503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:21:19:cf:1b:61:25:c2:c3:ba:c9:51:88:3e:
                    9d:66:ab:d6:33:82:41:9c:62:d3:63:c5:ef:68:92:
                    9a:8e:14:a2:6d:ae:b4:a2:e6:31:e3:fc:98:e9:2d:
                    b7:fd:b2:55:13:d6:11:30:0a:fa:c1:52:0f:40:87:
                    27:e7:65:cf:2b:70:fd:f0:c4:36:09:7f:ef:73:ac:
                    9d:15:bd:48:d6:69:37:4d:75:9a:28:46:28:a1:55:
                    78:cf:59:78:d6:ce:ac:9b:95:ce:ae:ac:cc:f1:19:
                    bf:2c:b6:8b:02:08:21:c5:25:7b:9a:c8:7a:35:07:
                    72:23:e7:de:7b:68:18:cb:d2:d1:93:06:60:1d:d5:
                    a1:70:08:2b:4d:5c:33:61:b5:4a:fc:f8:75:41:ad:
                    79:2c:f5:ac:e3:57:80:33:f3:0f:04:54:e7:98:dc:
                    1e:6d:9d:d8:9f:19:81:1f:4d:8a:dc:24:0f:9e:5e:
                    0d:da:9b:f5:b9:30:7b:bd:51:77:42:5c:96:d4:d4:
                    2d:56:cb:f8:b4:66:a9:8a:b7:3c:45:e8:3d:98:b4:
                    6f:7f:04:82:82:78:c6:0b:79:85:06:5d:d6:88:46:
                    20:c3:d5:c6:30:15:a7:67:28:63:eb:d4:aa:e6:d0:
                    eb:77:8a:9e:a8:d5:d4:ce:d3:1b:81:98:03:68:87:
                    cb:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:07:97:15:4E:1D:78:AA:E5:A0:42:0A:1F:5F:D2:F5:45:28:45:03
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rAeXFU4deKrloEIKH1_S9UUoRQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:d1:79:3a:13:90:c1:ef:ad:ae:cb:d4:21:a6:3e:36:0f:dd:
         d8:72:fd:24:40:94:bd:1f:08:01:eb:24:1d:ac:06:e0:c6:a7:
         f1:e7:a7:25:41:81:e8:28:6a:c5:e0:ca:97:90:7b:bb:ae:6d:
         25:2d:67:2d:b5:62:28:bb:eb:0f:7f:99:0e:76:78:23:a8:34:
         d4:b5:87:b4:3f:73:bd:02:c5:5a:fc:35:85:6e:41:00:2d:47:
         9e:10:fb:2e:d3:94:8e:3b:fb:6b:89:7c:63:f5:4e:14:5b:3f:
         2d:84:f1:a5:45:f3:c4:90:39:9c:77:27:e9:0f:33:7e:df:2a:
         d4:9a:46:07:a4:ee:43:75:52:5a:c6:be:4f:d7:df:fd:08:db:
         3e:e3:6d:cb:ee:84:b0:20:21:29:8d:c7:0b:77:45:9e:9a:09:
         41:fa:6c:1b:de:71:f9:85:34:81:9d:d4:41:0a:98:f2:86:34:
         d5:db:99:bc:00:10:ca:8b:dd:b1:86:d3:b0:cb:75:28:34:d5:
         37:e8:03:58:73:7c:d9:46:12:a0:9a:63:35:c4:1a:82:73:dc:
         f4:e5:57:4f:4e:99:6d:e4:5e:27:13:24:99:64:1a:e7:f5:04:
         f6:b2:6e:74:d4:c9:93:38:c1:11:24:49:cd:07:c0:c1:54:a7:
         ba:c6:7f:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EJFOBiuAls7GhQ81h2g9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA3OTcxNTRlMWQ3OGFhZTVhMDQyMGExZjVmZDJmNTQ1Mjg0NTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyEZzxthJcLDuslRiD6dZqvWM4JB
nGLTY8XvaJKajhSiba60ouYx4/yY6S23/bJVE9YRMAr6wVIPQIcn52XPK3D98MQ2
CX/vc6ydFb1I1mk3TXWaKEYooVV4z1l41s6sm5XOrqzM8Rm/LLaLAgghxSV7msh6
NQdyI+fee2gYy9LRkwZgHdWhcAgrTVwzYbVK/Ph1Qa15LPWs41eAM/MPBFTnmNwe
bZ3YnxmBH02K3CQPnl4N2pv1uTB7vVF3QlyW1NQtVsv4tGapirc8Reg9mLRvfwSC
gnjGC3mFBl3WiEYgw9XGMBWnZyhj69Sq5tDrd4qeqNXUztMbgZgDaIfL6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKwHlxVOHXiq5aBCCh9f0vVFKEUDMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvckFlWEZVNGRlS3Jsb0VJS0gxX1M5VVVvUlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAHA
MA0GCSqGSIb3DQEBCwUAA4IBAQAG0Xk6E5DB762uy9Qhpj42D93Ycv0kQJS9HwgB
6yQdrAbgxqfx56clQYHoKGrF4MqXkHu7rm0lLWcttWIou+sPf5kOdngjqDTUtYe0
P3O9AsVa/DWFbkEALUeeEPsu05SOO/triXxj9U4UWz8thPGlRfPEkDmcdyfpDzN+
3yrUmkYHpO5DdVJaxr5P19/9CNs+423L7oSwICEpjccLd0WemglB+mwb3nH5hTSB
ndRBCpjyhjTV25m8ABDKi92xhtOwy3UoNNU36ANYc3zZRhKgmmM1xBqCc9z05VdP
Tplt5F4nEySZZBrn9QT2sm501MmTOMERJEnNB8DBVKe6xn9Z
-----END CERTIFICATE-----