This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/ERektKYX8bQYLZ6hhAfOvva6TN0.roa
File:                     ERektKYX8bQYLZ6hhAfOvva6TN0.roa (raw, json)
Hash identifier:          BUZ494WA2RKIxudCXcjO8KHU4mHDrQO+xeY/KFK20Bk=
Subject key identifier:   11:17:A4:B4:A6:17:F1:B4:18:2D:9E:A1:84:07:CE:BE:F6:BA:4C:DD
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       019B7C120ACF04B2433A20AC148B0FBB774B
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/ERektKYX8bQYLZ6hhAfOvva6TN0.roa
Signing time:             Fri 02 Jan 2026 00:18:35 +0000
ROA not before:           Fri 02 Jan 2026 00:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209527
IP address blocks:        2a0c:d041::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:0a:cf:04:b2:43:3a:20:ac:14:8b:0f:bb:77:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  2 00:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1117a4b4a617f1b4182d9ea18407cebef6ba4cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:90:2c:56:bd:4f:5a:24:25:1f:49:43:6d:
                    77:03:21:00:c4:e2:68:bf:d8:e0:9d:9d:7a:b8:8b:
                    7d:28:c9:3d:f5:dd:36:bb:96:81:9c:40:64:d3:ac:
                    93:07:a0:ae:d0:4f:6a:91:da:54:5c:3c:14:d5:e6:
                    c6:6d:7b:bc:4f:1b:6e:30:4e:92:9c:76:a2:fb:d1:
                    f7:18:74:4d:c3:47:60:82:2b:72:70:1e:0b:89:5d:
                    9f:f5:1e:43:06:29:38:cb:24:54:b2:bb:76:45:f3:
                    23:f3:df:7c:6e:ba:1e:9d:f7:d1:b3:6a:13:d7:e8:
                    09:8c:91:13:01:2f:58:53:4a:0c:9d:be:68:56:25:
                    f9:a2:3c:71:25:a7:aa:35:bf:0f:64:7d:73:0f:c0:
                    a7:fd:b2:58:22:2c:27:88:86:d4:86:1e:06:1b:2e:
                    3b:ab:96:cd:9e:25:b6:f2:0c:15:f7:90:4e:76:0c:
                    8b:b1:d6:de:24:ac:2f:be:7f:1b:5c:dc:88:2d:42:
                    c8:d8:c6:0e:38:9f:d2:2b:57:e5:59:ae:94:5a:ad:
                    2b:22:3f:f6:dc:a1:c8:84:4c:db:3a:72:b9:98:99:
                    fc:03:6b:47:55:09:12:c3:0b:f2:e1:c3:92:81:6e:
                    9f:e0:4c:39:30:b6:b5:58:df:69:a5:f5:aa:4e:ee:
                    49:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:17:A4:B4:A6:17:F1:B4:18:2D:9E:A1:84:07:CE:BE:F6:BA:4C:DD
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/ERektKYX8bQYLZ6hhAfOvva6TN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d041::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:ae:b9:48:6a:cb:9f:82:ba:8c:ab:b2:c3:cf:03:0f:00:5f:
         83:fa:67:25:50:9b:ae:88:61:6e:1c:9e:e0:a9:0c:48:09:b5:
         67:48:31:24:a2:ab:c1:3f:58:77:01:e2:ab:02:b6:cd:f1:0b:
         7c:b3:be:b0:6b:5f:49:be:92:48:e4:42:29:3e:00:81:f8:12:
         63:9d:eb:34:eb:8e:da:fb:ec:eb:63:81:a1:7c:d6:f1:f7:19:
         67:56:6d:6d:fd:53:2b:2f:c3:82:72:a0:c2:bf:ed:61:04:18:
         b7:c3:3d:f8:7e:f6:3f:ac:32:15:6a:da:ba:9a:14:b7:fa:35:
         d1:08:df:f5:ad:79:bb:83:71:b3:9d:bd:f4:54:3e:7e:38:90:
         0b:e0:38:6d:cb:3e:44:bb:7c:9e:a0:8b:6e:8e:bc:30:e9:95:
         d2:28:f7:95:f6:4a:3d:58:6d:f7:a6:31:92:95:dd:10:5e:57:
         2c:95:0a:40:8d:8c:13:1c:60:08:8e:c6:0b:e6:0b:77:08:38:
         b9:26:6d:90:98:13:90:3a:76:86:fe:d2:74:04:44:24:21:b3:
         72:ec:34:ed:0c:f8:50:b1:2a:b8:0d:21:9b:62:b5:c2:3b:20:
         10:99:dc:f7:0d:e4:aa:18:d4:bf:50:f6:1b:82:f0:2f:f2:9b:
         76:54:e2:f6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8EgrPBLJDOiCsFIsPu3dLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjYwMTAyMDAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE3YTRiNGE2MTdmMWI0MTgyZDllYTE4NDA3Y2ViZWY2YmE0Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbeQLFa9T1okJR9JQ213AyEAxOJo
v9jgnZ16uIt9KMk99d02u5aBnEBk06yTB6Cu0E9qkdpUXDwU1ebGbXu8TxtuME6S
nHai+9H3GHRNw0dggitycB4LiV2f9R5DBik4yyRUsrt2RfMj8998broenffRs2oT
1+gJjJETAS9YU0oMnb5oViX5ojxxJaeqNb8PZH1zD8Cn/bJYIiwniIbUhh4GGy47
q5bNniW28gwV95BOdgyLsdbeJKwvvn8bXNyILULI2MYOOJ/SK1flWa6UWq0rIj/2
3KHIhEzbOnK5mJn8A2tHVQkSwwvy4cOSgW6f4Ew5MLa1WN9ppfWqTu5JXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBEXpLSmF/G0GC2eoYQHzr72ukzdMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvRVJla3RLWVg4YlFZTFo2aGhBZk92dmE2VE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzQQTAN
BgkqhkiG9w0BAQsFAAOCAQEAfa65SGrLn4K6jKuyw88DDwBfg/pnJVCbrohhbhye
4KkMSAm1Z0gxJKKrwT9YdwHiqwK2zfELfLO+sGtfSb6SSORCKT4AgfgSY53rNOuO
2vvs62OBoXzW8fcZZ1Ztbf1TKy/DgnKgwr/tYQQYt8M9+H72P6wyFWraupoUt/o1
0Qjf9a15u4Nxs5299FQ+fjiQC+A4bcs+RLt8nqCLbo68MOmV0ij3lfZKPVht96Yx
kpXdEF5XLJUKQI2MExxgCI7GC+YLdwg4uSZtkJgTkDp2hv7SdAREJCGzcuw07Qz4
ULEquA0hm2K1wjsgEJnc9w3kqhjUv1D2G4LwL/KbdlTi9g==
-----END CERTIFICATE-----