This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/U1OgyFWpYB0xgt1zUe_Xabq5QUk.roa
File:                     U1OgyFWpYB0xgt1zUe_Xabq5QUk.roa (raw, json)
Hash identifier:          FE6pVOLnYWKz4tHW+KV6wVdY9LEvvCCMY15EnpTO5NU=
Subject key identifier:   53:53:A0:C8:55:A9:60:1D:31:82:DD:73:51:EF:D7:69:BA:B9:41:49
Certificate issuer:       /CN=53129d048deb2e0bf62271399a090b9010160b39
Certificate serial:       019B76EB29BD6365621E4BBEF994F333FEA2
Authority key identifier: 53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/U1OgyFWpYB0xgt1zUe_Xabq5QUk.roa
Signing time:             Thu 01 Jan 2026 00:18:01 +0000
ROA not before:           Thu 01 Jan 2026 00:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2001:3580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:29:bd:63:65:62:1e:4b:be:f9:94:f3:33:fe:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53129d048deb2e0bf62271399a090b9010160b39
        Validity
            Not Before: Jan  1 00:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5353a0c855a9601d3182dd7351efd769bab94149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1f:ae:86:b5:29:20:12:fb:37:ae:0a:87:34:
                    a6:47:a8:f1:b0:13:13:ee:4a:85:b3:24:31:52:9b:
                    9f:c7:61:dc:42:56:8b:8f:ef:3a:7a:b0:90:9f:22:
                    31:0c:cf:6b:4a:f0:c1:4a:d2:d9:8e:04:1e:ec:be:
                    15:7b:43:03:82:d5:a7:93:38:0b:e4:ea:9d:90:ef:
                    04:de:25:2f:12:ea:ff:82:aa:21:f4:9b:a5:a4:74:
                    7a:ab:30:37:af:e9:b0:4b:63:ab:07:18:30:00:bb:
                    fa:d5:8f:5f:96:49:3f:c4:8b:26:57:85:9d:a2:39:
                    45:32:67:57:48:7f:b7:6e:0c:92:cd:73:ab:62:39:
                    8f:05:9b:eb:b6:6a:c6:a9:b9:54:ea:9b:d1:a0:46:
                    cc:f0:34:4d:2b:fa:d4:75:97:e3:49:af:e5:ee:fd:
                    8e:1a:9e:cb:17:8c:c6:a1:fc:12:f6:fc:8e:4b:5f:
                    28:be:58:b7:15:94:8a:e8:ab:7c:76:9c:6f:98:4a:
                    30:4f:c5:a8:59:ec:14:e8:ee:4b:32:3c:6c:a0:64:
                    ed:d8:42:95:2d:aa:03:34:62:d4:44:77:ee:9e:a4:
                    e4:18:f5:be:ef:b5:0c:28:a2:b4:14:20:7f:ac:37:
                    f5:40:59:e1:87:01:f5:59:f1:07:0f:c1:95:d4:09:
                    ed:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:53:A0:C8:55:A9:60:1D:31:82:DD:73:51:EF:D7:69:BA:B9:41:49
            X509v3 Authority Key Identifier:
                keyid:53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/U1OgyFWpYB0xgt1zUe_Xabq5QUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:f6:57:d6:6e:9f:cd:04:2c:b0:de:84:dd:41:b4:0c:69:df:
         71:22:df:74:dd:e1:0e:7e:6b:a9:5b:3a:e8:7f:2a:f9:52:e8:
         27:0d:31:28:5a:c9:31:6c:a2:af:04:82:37:c9:cc:62:89:80:
         13:3e:ef:1d:0f:ba:99:6d:5a:ee:0f:6a:56:32:67:9b:5f:fa:
         ee:02:f2:e7:7f:4d:e9:9d:fc:06:98:8e:9e:21:11:6c:30:8a:
         61:a8:a8:5d:c8:3a:b5:7f:b8:6c:aa:63:fb:05:a6:53:4e:9e:
         9b:7d:59:60:9b:eb:fb:62:ac:8f:87:40:9b:4d:e7:2e:99:b6:
         71:f9:f3:cd:83:35:71:a9:98:80:f2:f1:1b:a3:09:27:81:34:
         3e:b6:e4:dd:de:97:fd:20:71:b0:d9:45:61:e1:15:f4:40:f1:
         5a:da:b7:3f:0a:4b:c9:b4:33:16:0d:cf:69:da:15:d9:c7:e5:
         80:df:ee:0e:45:4a:44:9e:70:c2:19:3a:fb:ab:04:c5:4a:ce:
         78:1f:08:86:7e:0e:0f:30:61:46:67:97:8f:49:79:3c:04:f5:
         7f:a3:ae:3b:45:62:84:d2:30:2e:49:4c:21:ae:70:ce:b4:96:
         d0:eb:c5:83:a6:af:28:8e:fa:3b:aa:96:95:ce:7f:7a:37:67:
         2d:1a:41:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt26ym9Y2ViHku++ZTzM/6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTI5ZDA0OGRlYjJlMGJmNjIyNzEzOTlhMDkwYjkwMTAx
NjBiMzkwHhcNMjYwMTAxMDAxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzUzYTBjODU1YTk2MDFkMzE4MmRkNzM1MWVmZDc2OWJhYjk0MTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB+uhrUpIBL7N64KhzSmR6jxsBMT
7kqFsyQxUpufx2HcQlaLj+86erCQnyIxDM9rSvDBStLZjgQe7L4Ve0MDgtWnkzgL
5OqdkO8E3iUvEur/gqoh9JulpHR6qzA3r+mwS2OrBxgwALv61Y9flkk/xIsmV4Wd
ojlFMmdXSH+3bgySzXOrYjmPBZvrtmrGqblU6pvRoEbM8DRNK/rUdZfjSa/l7v2O
Gp7LF4zGofwS9vyOS18ovli3FZSK6Kt8dpxvmEowT8WoWewU6O5LMjxsoGTt2EKV
LaoDNGLURHfunqTkGPW+77UMKKK0FCB/rDf1QFnhhwH1WfEHD8GV1AntawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFNToMhVqWAdMYLdc1Hv12m6uUFJMB8GA1UdIwQY
MBaAFFMSnQSN6y4L9iJxOZoJC5AQFgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMt
N2FlNjM1OWQzMTEwLzEvVTFPZ3lGV3BZQjB4Z3QxelVlX1hhYnE1UVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMtN2FlNjM1OWQzMTEw
LzEvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAO/ZX1m6fzQQssN6E3UG0DGnfcSLfdN3hDn5rqVs6
6H8q+VLoJw0xKFrJMWyirwSCN8nMYomAEz7vHQ+6mW1a7g9qVjJnm1/67gLy539N
6Z38BpiOniERbDCKYaioXcg6tX+4bKpj+wWmU06em31ZYJvr+2Ksj4dAm03nLpm2
cfnzzYM1camYgPLxG6MJJ4E0Prbk3d6X/SBxsNlFYeEV9EDxWtq3PwpLybQzFg3P
adoV2cflgN/uDkVKRJ5wwhk6+6sExUrOeB8Ihn4ODzBhRmeXj0l5PAT1f6OuO0Vi
hNIwLklMIa5wzrSW0OvFg6avKI76O6qWlc5/ejdnLRpBEQ==
-----END CERTIFICATE-----