This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/X9PkKl2cefOx63qVtTaYdrkzxd0.roa
File:                     X9PkKl2cefOx63qVtTaYdrkzxd0.roa (raw, json)
Hash identifier:          giM5kvZJx533XVrawIuRkLj+sL+9hAPHNii8Ak6qshk=
Subject key identifier:   5F:D3:E4:2A:5D:9C:79:F3:B1:EB:7A:95:B5:36:98:76:B9:33:C5:DD
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       019B7BA367477F986512F5232B3AB1658A9A
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/X9PkKl2cefOx63qVtTaYdrkzxd0.roa
Signing time:             Thu 01 Jan 2026 22:17:44 +0000
ROA not before:           Thu 01 Jan 2026 22:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a01:e900:f1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:67:47:7f:98:65:12:f5:23:2b:3a:b1:65:8a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Jan  1 22:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fd3e42a5d9c79f3b1eb7a95b5369876b933c5dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3f:75:c4:05:1d:15:44:a4:86:66:2a:86:21:
                    67:85:3d:53:91:5f:9d:de:42:12:3e:1b:91:7d:5f:
                    b1:b2:91:63:fa:d0:18:4a:79:0a:a3:ab:4d:d9:01:
                    6e:bd:f9:31:2c:b2:5a:f0:c8:15:e7:1f:5f:e0:17:
                    33:2e:d5:f5:7e:20:48:8d:ae:2e:af:10:f4:d3:66:
                    74:04:42:94:8e:25:05:7d:e3:b7:ac:68:4e:f1:9d:
                    f6:a5:f2:d6:07:fb:ed:25:92:12:f2:36:ce:36:c2:
                    ed:99:41:d8:90:5d:3f:3c:c2:2a:48:8c:2e:d3:b2:
                    49:ae:5d:ad:81:ec:4f:5b:41:a6:ce:8e:2f:71:6e:
                    97:01:91:d7:20:f0:8f:cf:78:b7:22:d8:2a:c7:78:
                    94:87:ce:2f:5f:9f:39:c1:9c:14:23:34:82:fb:c9:
                    91:09:f5:da:6a:9c:31:a9:f8:99:00:5d:39:ab:ec:
                    a4:67:85:48:ab:2a:7b:19:3c:fb:11:8e:04:88:80:
                    17:76:b6:fc:27:32:75:54:8c:5a:43:e3:5f:0d:95:
                    e4:dc:9e:25:4a:6b:7c:89:6c:e5:42:fe:4a:f1:f4:
                    01:e7:a0:53:4d:18:a7:66:03:ca:bb:f9:c7:bb:da:
                    1b:52:f6:f4:f2:e1:01:55:a0:cd:e9:d1:29:ab:d4:
                    33:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D3:E4:2A:5D:9C:79:F3:B1:EB:7A:95:B5:36:98:76:B9:33:C5:DD
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/X9PkKl2cefOx63qVtTaYdrkzxd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e900:f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:d8:8c:a2:94:18:b7:80:61:e3:2c:5d:c7:25:40:5e:bd:73:
         64:53:15:9e:e7:4f:1e:0a:a0:42:75:30:99:bb:e2:3c:3f:cd:
         cc:1e:a0:10:e9:c0:d4:4b:1e:d1:da:d9:7c:34:05:17:66:01:
         f7:d6:fd:3f:be:0c:67:50:c1:a0:92:2c:d2:6d:a9:fd:da:48:
         6a:fd:0e:9b:88:bb:79:12:29:c6:97:85:3a:13:7f:c7:27:dd:
         01:51:89:38:cb:53:84:58:0e:3a:a7:5a:3f:66:84:8a:bf:eb:
         c1:c3:54:a9:c2:98:3a:20:75:cf:03:85:94:e3:35:1c:11:ec:
         8b:2e:aa:ce:ae:e3:7b:58:02:2a:10:3d:38:0c:09:a3:00:2b:
         45:31:9c:d3:68:c1:1d:1e:e7:19:f3:58:0e:21:6c:db:aa:06:
         f2:cd:31:7e:6e:bf:76:1e:95:8d:83:77:2b:19:12:a0:60:09:
         8b:74:ea:50:ef:35:02:67:a6:ac:41:4d:75:d4:e4:2a:50:b0:
         25:7c:94:ec:97:bd:ef:00:6b:33:f6:7d:2e:9c:b8:11:fc:33:
         5b:26:c8:a7:d5:df:d9:6f:35:f9:44:1b:6d:ba:fe:51:6e:aa:
         7a:a1:74:b4:ea:9a:93:50:08:aa:db:9c:b2:b1:29:2e:74:92:
         1d:d6:fc:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7o2dHf5hlEvUjKzqxZYqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjYwMTAxMjIxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQzZTQyYTVkOWM3OWYzYjFlYjdhOTViNTM2OTg3NmI5MzNjNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7D91xAUdFUSkhmYqhiFnhT1TkV+d
3kISPhuRfV+xspFj+tAYSnkKo6tN2QFuvfkxLLJa8MgV5x9f4BczLtX1fiBIja4u
rxD002Z0BEKUjiUFfeO3rGhO8Z32pfLWB/vtJZIS8jbONsLtmUHYkF0/PMIqSIwu
07JJrl2tgexPW0Gmzo4vcW6XAZHXIPCPz3i3Itgqx3iUh84vX585wZwUIzSC+8mR
CfXaapwxqfiZAF05q+ykZ4VIqyp7GTz7EY4EiIAXdrb8JzJ1VIxaQ+NfDZXk3J4l
Smt8iWzlQv5K8fQB56BTTRinZgPKu/nHu9obUvb08uEBVaDN6dEpq9Qz3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/T5CpdnHnzset6lbU2mHa5M8XdMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvWDlQa0tsMmNlZk94NjNxVnRUYVlkcmt6eGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHpAADx
MA0GCSqGSIb3DQEBCwUAA4IBAQA32IyilBi3gGHjLF3HJUBevXNkUxWe508eCqBC
dTCZu+I8P83MHqAQ6cDUSx7R2tl8NAUXZgH31v0/vgxnUMGgkizSban92khq/Q6b
iLt5EinGl4U6E3/HJ90BUYk4y1OEWA46p1o/ZoSKv+vBw1Spwpg6IHXPA4WU4zUc
EeyLLqrOruN7WAIqED04DAmjACtFMZzTaMEdHucZ81gOIWzbqgbyzTF+br92HpWN
g3crGRKgYAmLdOpQ7zUCZ6asQU111OQqULAlfJTsl73vAGsz9n0unLgR/DNbJsin
1d/ZbzX5RBttuv5Rbqp6oXS06pqTUAiq25yysSkudJId1vxY
-----END CERTIFICATE-----