This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/sQ-8x48Ep1WS3twqy1J4_OTWMmY.roa
File:                     sQ-8x48Ep1WS3twqy1J4_OTWMmY.roa (raw, json)
Hash identifier:          l3jPEDwSn0P6BHcza22rairxFhC7gu9uXyzjbUobCl8=
Subject key identifier:   B1:0F:BC:C7:8F:04:A7:55:92:DE:DC:2A:CB:52:78:FC:E4:D6:32:66
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       019B7A5AF530FA932911A2CCC6A8F709A320
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/sQ-8x48Ep1WS3twqy1J4_OTWMmY.roa
Signing time:             Thu 01 Jan 2026 16:18:59 +0000
ROA not before:           Thu 01 Jan 2026 16:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a0f:3787::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:09:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f5:30:fa:93:29:11:a2:cc:c6:a8:f7:09:a3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Jan  1 16:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b10fbcc78f04a75592dedc2acb5278fce4d63266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:60:b5:03:cf:aa:82:bd:20:fb:d9:88:0e:b3:
                    05:f0:59:00:38:19:e9:bb:8c:be:f1:52:01:52:73:
                    97:dc:d7:5a:57:35:05:60:c3:6c:94:bf:0f:df:b9:
                    6a:b1:8d:37:6f:f1:e1:1d:8b:9b:44:12:2e:cc:65:
                    72:98:2e:35:fd:68:b9:90:bd:e1:4a:d5:2f:18:70:
                    cc:54:e3:36:6e:ec:c0:46:2e:5f:f4:02:02:c7:15:
                    41:8c:6f:c4:2c:fd:61:b8:c3:86:38:c1:91:d7:c4:
                    5f:1c:9f:f0:5c:68:3e:36:44:9c:c8:59:70:39:d6:
                    42:49:17:33:13:c8:2e:c0:46:7e:2c:49:9a:f3:8f:
                    41:70:77:d6:f1:a3:70:a2:a0:b8:26:55:b3:f2:ef:
                    e7:9c:c6:de:3d:24:0b:bd:ce:2f:39:73:fc:22:aa:
                    96:2f:f0:89:bf:c8:bf:6c:b5:b0:50:15:f1:83:1b:
                    66:b4:bc:03:d7:5b:3d:1a:7a:83:1e:4c:3c:c9:23:
                    28:42:f2:b9:7b:65:20:6a:50:e1:1f:c5:d3:f2:c0:
                    f7:cf:e2:59:a3:c7:b9:64:32:88:58:13:75:47:e8:
                    30:bf:51:66:08:27:8f:4f:6a:e8:ca:df:42:fe:84:
                    3d:0e:4b:63:84:dc:c6:bb:38:22:ad:c5:54:bb:7a:
                    4f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:0F:BC:C7:8F:04:A7:55:92:DE:DC:2A:CB:52:78:FC:E4:D6:32:66
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/sQ-8x48Ep1WS3twqy1J4_OTWMmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3787::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:5f:d9:fe:90:ea:9b:74:11:bc:19:9c:bd:d8:0e:6a:4d:20:
         5b:59:06:91:b0:cf:f5:1e:45:0f:a3:d7:9f:51:d3:87:9c:0a:
         23:c2:be:d1:6f:9e:ff:b9:3b:70:9f:56:b9:ca:bc:b9:b3:df:
         06:aa:b2:47:55:31:fb:45:07:e4:86:a9:b4:f0:f2:0f:32:77:
         7d:bf:6c:c9:86:fe:c6:48:2d:f8:6e:38:ae:41:82:d4:62:1f:
         f8:5e:a1:c5:e8:71:ad:a0:b8:f4:27:e4:72:53:7c:65:76:1a:
         f9:5b:ae:11:76:45:58:83:00:75:13:31:3a:b9:29:e0:b4:b3:
         d0:f6:e5:af:37:4b:46:95:93:03:c5:7b:53:da:ae:bb:ef:25:
         11:2c:0b:a6:c5:fd:0e:16:b9:73:81:7d:aa:d6:b0:29:3c:44:
         72:33:85:51:66:b5:26:89:17:8a:9f:6c:4a:3d:a8:42:95:8c:
         44:cf:46:9b:e3:62:c6:e2:15:65:66:65:63:08:89:b2:26:90:
         a0:45:f6:33:e4:6e:5b:75:7a:42:d2:ef:6c:c8:89:91:cf:38:
         48:86:47:14:50:01:4c:97:df:0c:f1:99:52:6a:c0:77:1a:d1:
         b2:22:2d:fd:cb:e4:ad:a1:ba:bc:4e:91:8d:06:ca:fb:f7:bc:
         48:6f:5c:3f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6WvUw+pMpEaLMxqj3CaMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjYwMTAxMTYxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTBmYmNjNzhmMDRhNzU1OTJkZWRjMmFjYjUyNzhmY2U0ZDYzMjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2C1A8+qgr0g+9mIDrMF8FkAOBnp
u4y+8VIBUnOX3NdaVzUFYMNslL8P37lqsY03b/HhHYubRBIuzGVymC41/Wi5kL3h
StUvGHDMVOM2buzARi5f9AICxxVBjG/ELP1huMOGOMGR18RfHJ/wXGg+NkScyFlw
OdZCSRczE8guwEZ+LEma849BcHfW8aNwoqC4JlWz8u/nnMbePSQLvc4vOXP8IqqW
L/CJv8i/bLWwUBXxgxtmtLwD11s9GnqDHkw8ySMoQvK5e2UgalDhH8XT8sD3z+JZ
o8e5ZDKIWBN1R+gwv1FmCCePT2royt9C/oQ9DktjhNzGuzgircVUu3pPKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLEPvMePBKdVkt7cKstSePzk1jJmMB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEvc1EtOHg0OEVwMVdTM3R3cXkxSjRfT1RXTW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg83hzAN
BgkqhkiG9w0BAQsFAAOCAQEAwF/Z/pDqm3QRvBmcvdgOak0gW1kGkbDP9R5FD6PX
n1HTh5wKI8K+0W+e/7k7cJ9Wucq8ubPfBqqyR1Ux+0UH5IaptPDyDzJ3fb9syYb+
xkgt+G44rkGC1GIf+F6hxehxraC49CfkclN8ZXYa+VuuEXZFWIMAdRMxOrkp4LSz
0PblrzdLRpWTA8V7U9quu+8lESwLpsX9Dha5c4F9qtawKTxEcjOFUWa1JokXip9s
Sj2oQpWMRM9Gm+NixuIVZWZlYwiJsiaQoEX2M+RuW3V6QtLvbMiJkc84SIZHFFAB
TJffDPGZUmrAdxrRsiIt/cvkraG6vE6RjQbK+/e8SG9cPw==
-----END CERTIFICATE-----