This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/_CbAIha09b2vkLLLEt-SwHJvLtA.roa
File:                     _CbAIha09b2vkLLLEt-SwHJvLtA.roa (raw, json)
Hash identifier:          rgmnLA63aETJnEB0DGJbTZ0etZiRckyQobaM7PylTRU=
Subject key identifier:   FC:26:C0:22:16:B4:F5:BD:AF:90:B2:CB:12:DF:92:C0:72:6F:2E:D0
Certificate issuer:       /CN=d0041ff7980379b798049256868dff39819c2604
Certificate serial:       019B7E392EF06EB8B1FD30D6AE17F7A4D250
Authority key identifier: D0:04:1F:F7:98:03:79:B7:98:04:92:56:86:8D:FF:39:81:9C:26:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/_CbAIha09b2vkLLLEt-SwHJvLtA.roa
Signing time:             Fri 02 Jan 2026 10:20:35 +0000
ROA not before:           Fri 02 Jan 2026 10:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35804
IP address blocks:        2a00:ede0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:2e:f0:6e:b8:b1:fd:30:d6:ae:17:f7:a4:d2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0041ff7980379b798049256868dff39819c2604
        Validity
            Not Before: Jan  2 10:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc26c02216b4f5bdaf90b2cb12df92c0726f2ed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:b7:eb:45:6e:3d:4b:74:0d:58:aa:58:0d:32:
                    e3:e2:32:0e:15:11:0a:8d:7b:c3:f7:af:a8:1c:d3:
                    22:4c:e0:57:d6:8b:70:3e:26:5d:57:55:78:6a:65:
                    6e:38:74:99:a2:0c:a0:c0:ec:a2:22:40:de:59:79:
                    79:1b:71:c2:39:53:69:2a:fe:c5:e7:af:bc:b2:a1:
                    2c:09:8a:a3:45:3e:ae:be:a3:f8:f4:33:e7:92:8a:
                    41:3a:64:0c:f9:81:62:11:6c:49:07:3c:6a:fe:7c:
                    16:db:ff:9c:01:d8:ae:f7:5e:06:af:a9:81:63:d9:
                    10:8a:12:54:39:87:6a:24:6a:7c:a1:4e:03:5b:75:
                    15:85:ec:31:c4:cd:15:26:a1:84:65:1c:d9:4e:4b:
                    96:8e:52:9d:e3:65:c7:f7:5d:a9:c2:a5:a2:77:b8:
                    10:c5:72:f0:7a:d7:a1:56:1f:ee:aa:b5:d8:c5:aa:
                    ce:c9:c5:d7:e0:dc:62:2b:cf:04:13:67:51:4c:db:
                    e7:1a:b2:38:4e:b6:bd:31:3d:4e:37:7c:50:a8:d1:
                    4d:5e:02:8b:b9:79:19:3b:d4:da:78:1c:74:6a:07:
                    ec:79:b3:41:30:66:e2:f5:8a:eb:ce:3b:06:a4:4c:
                    76:ee:6a:ac:ad:6c:f8:c2:bd:2e:55:6f:77:77:5b:
                    f4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:26:C0:22:16:B4:F5:BD:AF:90:B2:CB:12:DF:92:C0:72:6F:2E:D0
            X509v3 Authority Key Identifier:
                keyid:D0:04:1F:F7:98:03:79:B7:98:04:92:56:86:8D:FF:39:81:9C:26:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/_CbAIha09b2vkLLLEt-SwHJvLtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ede0::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:7a:51:ca:ee:46:ae:42:e9:e9:82:e6:e5:9c:d7:9d:3a:bf:
         e3:4a:d5:24:87:96:d5:a9:c9:d2:0b:8a:5e:a9:fb:c8:7a:df:
         8a:a8:70:a5:3c:b9:31:64:be:d2:94:92:92:43:4e:35:52:78:
         68:82:c3:ee:c0:3a:64:9e:6a:1b:e1:73:2e:2a:57:69:38:08:
         03:e6:29:58:58:e9:c4:a1:40:26:db:f9:1b:cd:c4:a9:52:3f:
         05:46:0e:47:fd:3c:10:9b:d5:85:44:b3:f1:82:c8:15:7c:ab:
         b0:14:18:13:43:fa:43:01:2e:9b:c0:93:2d:79:30:8e:48:30:
         42:89:40:5c:c6:4b:aa:10:30:b1:f3:61:89:d1:b6:a8:52:06:
         ed:6f:71:49:d3:7b:b2:95:1d:6a:5c:fa:c7:89:01:c7:06:60:
         2e:eb:94:50:c9:51:8a:9f:4d:0f:d5:5a:22:e4:cb:9a:d6:ec:
         c9:1e:79:2e:ff:ce:06:df:88:fe:13:4a:ee:05:90:19:0a:e2:
         60:e8:b2:59:a1:2e:83:d2:ce:1d:b1:6f:7c:39:e1:58:43:87:
         4c:b0:13:9b:eb:3d:8c:01:c4:0c:ad:43:bd:7a:41:8c:07:33:
         51:10:de:2d:be:f6:05:d4:a5:cb:b9:35:d9:82:a8:db:23:ac:
         83:f8:03:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+OS7wbrix/TDWrhf3pNJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMDQxZmY3OTgwMzc5Yjc5ODA0OTI1Njg2OGRmZjM5ODE5
YzI2MDQwHhcNMjYwMTAyMTAyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzI2YzAyMjE2YjRmNWJkYWY5MGIyY2IxMmRmOTJjMDcyNmYyZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67frRW49S3QNWKpYDTLj4jIOFREK
jXvD96+oHNMiTOBX1otwPiZdV1V4amVuOHSZogygwOyiIkDeWXl5G3HCOVNpKv7F
56+8sqEsCYqjRT6uvqP49DPnkopBOmQM+YFiEWxJBzxq/nwW2/+cAdiu914Gr6mB
Y9kQihJUOYdqJGp8oU4DW3UVhewxxM0VJqGEZRzZTkuWjlKd42XH912pwqWid7gQ
xXLwetehVh/uqrXYxarOycXX4NxiK88EE2dRTNvnGrI4Tra9MT1ON3xQqNFNXgKL
uXkZO9TaeBx0agfsebNBMGbi9YrrzjsGpEx27mqsrWz4wr0uVW93d1v0lQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPwmwCIWtPW9r5CyyxLfksByby7QMB8GA1UdIwQY
MBaAFNAEH/eYA3m3mASSVoaN/zmBnCYEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFRZjk1Z0RlYmVZQkpKV2hvM19PWUdjSmdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lOGY0NTItYmU3MC00MTc2LTlkYTAt
ZTY4OWJmNTdkZDI3LzEvX0NiQUloYTA5YjJ2a0xMTEV0LVN3SEp2THRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lOGY0NTItYmU3MC00MTc2LTlkYTAtZTY4OWJmNTdkZDI3
LzEvMEFRZjk1Z0RlYmVZQkpKV2hvM19PWUdjSmdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDt4DAN
BgkqhkiG9w0BAQsFAAOCAQEAYnpRyu5GrkLp6YLm5ZzXnTq/40rVJIeW1anJ0guK
Xqn7yHrfiqhwpTy5MWS+0pSSkkNONVJ4aILD7sA6ZJ5qG+FzLipXaTgIA+YpWFjp
xKFAJtv5G83EqVI/BUYOR/08EJvVhUSz8YLIFXyrsBQYE0P6QwEum8CTLXkwjkgw
QolAXMZLqhAwsfNhidG2qFIG7W9xSdN7spUdalz6x4kBxwZgLuuUUMlRip9ND9Va
IuTLmtbsyR55Lv/OBt+I/hNK7gWQGQriYOiyWaEug9LOHbFvfDnhWEOHTLATm+s9
jAHEDK1DvXpBjAczURDeLb72BdSly7k12YKo2yOsg/gDeA==
-----END CERTIFICATE-----