This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/I1s63daDxmdSUkoW3y6FqwGC_kI.roa
File:                     I1s63daDxmdSUkoW3y6FqwGC_kI.roa (raw, json)
Hash identifier:          2cA/q0JWCQ+iKL0Tgi1c5YHyZkG1aHs+6TYtD4toyos=
Subject key identifier:   23:5B:3A:DD:D6:83:C6:67:52:52:4A:16:DF:2E:85:AB:01:82:FE:42
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       019B76EB8A03E1C89D0807EC6F9A715F66BF
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/I1s63daDxmdSUkoW3y6FqwGC_kI.roa
Signing time:             Thu 01 Jan 2026 00:18:26 +0000
ROA not before:           Thu 01 Jan 2026 00:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204094
IP address blocks:        2a11:840:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:8a:03:e1:c8:9d:08:07:ec:6f:9a:71:5f:66:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=235b3addd683c66752524a16df2e85ab0182fe42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:33:28:3f:ce:76:44:00:94:e5:57:6c:06:ac:
                    66:5a:9c:7d:1e:6b:40:72:95:d4:e4:b6:e9:53:b2:
                    ef:d6:84:99:a5:7f:d3:59:6c:f3:8d:83:20:62:6f:
                    3d:6e:68:4e:73:e7:02:f9:02:65:47:4f:87:dc:4e:
                    7e:ed:d8:a0:5b:fc:45:07:ca:af:5e:67:31:2b:36:
                    ee:42:94:d6:77:d6:12:d8:de:e8:5a:fd:5d:98:f3:
                    b2:bb:d8:c8:14:d6:9d:48:78:67:93:f1:46:33:d7:
                    ac:76:31:43:2f:75:ef:3a:c2:2c:ee:b3:ca:13:97:
                    9b:4c:36:f3:86:74:5b:09:10:27:2b:38:4c:fa:53:
                    9d:69:fc:30:72:4f:7b:e7:76:fb:8e:4e:6c:93:8e:
                    ec:4b:c8:f7:1b:d5:22:b4:a3:4d:bc:9d:72:db:05:
                    e3:bc:6d:22:bb:4e:99:96:24:9f:b8:57:2c:1d:8b:
                    51:b9:74:65:e8:f7:03:20:68:69:18:62:ed:e6:d3:
                    ad:c8:f9:ba:a7:83:65:25:9f:2f:75:b3:ad:e9:fc:
                    67:9a:b3:bb:93:a8:ea:e4:ab:90:f3:da:2a:7b:28:
                    00:de:4b:17:a3:85:81:d8:91:4c:fe:dc:9b:de:6f:
                    b1:cc:14:e3:27:dc:ed:a1:c2:8e:49:0f:81:1d:32:
                    47:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:5B:3A:DD:D6:83:C6:67:52:52:4A:16:DF:2E:85:AB:01:82:FE:42
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/I1s63daDxmdSUkoW3y6FqwGC_kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:81:44:ba:6a:94:66:8a:7d:2a:bb:43:e3:b8:5c:f2:a6:45:
         26:d1:5f:47:87:c6:9e:4a:1d:96:af:22:c7:bc:eb:90:49:67:
         fa:39:59:6a:bd:97:2f:83:ae:77:b5:a6:6d:17:81:81:99:cb:
         eb:ac:76:b0:0d:ea:4c:2e:12:21:92:aa:b6:36:39:ea:3e:21:
         4e:c9:51:da:53:23:17:2b:05:c8:cb:b0:ce:94:96:ca:e8:0a:
         4f:a4:a1:fa:5a:81:fc:50:53:2e:85:33:f9:5c:d0:e5:0a:5e:
         68:74:9a:71:24:32:61:cd:ac:cf:06:fa:5e:64:62:73:01:c9:
         d1:00:a3:25:89:68:c6:dc:f2:48:de:67:3d:8b:ac:9e:9f:a7:
         50:e7:33:03:a5:7f:57:0d:6a:95:80:a2:d4:eb:bd:44:b1:f4:
         e9:3f:c3:5a:8b:2c:7e:85:8b:c1:9c:e6:20:a8:7b:6d:d7:8d:
         4b:6a:a2:90:d1:38:29:f3:ee:1f:1e:8a:a9:57:c8:27:31:d4:
         d0:23:a8:0d:a6:37:e0:85:f4:c5:6e:e7:c7:91:7f:f5:dc:69:
         f2:81:4c:76:a1:8f:aa:d0:ff:24:b7:ef:51:23:10:2f:f9:5f:
         cd:bb:98:52:68:ec:f8:73:14:7e:b0:67:29:cf:61:68:d8:5e:
         6a:60:c6:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt264oD4cidCAfsb5pxX2a/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjYwMTAxMDAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzViM2FkZGQ2ODNjNjY3NTI1MjRhMTZkZjJlODVhYjAxODJmZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujMoP852RACU5VdsBqxmWpx9HmtA
cpXU5LbpU7Lv1oSZpX/TWWzzjYMgYm89bmhOc+cC+QJlR0+H3E5+7digW/xFB8qv
XmcxKzbuQpTWd9YS2N7oWv1dmPOyu9jIFNadSHhnk/FGM9esdjFDL3XvOsIs7rPK
E5ebTDbzhnRbCRAnKzhM+lOdafwwck9753b7jk5sk47sS8j3G9UitKNNvJ1y2wXj
vG0iu06ZliSfuFcsHYtRuXRl6PcDIGhpGGLt5tOtyPm6p4NlJZ8vdbOt6fxnmrO7
k6jq5KuQ89oqeygA3ksXo4WB2JFM/tyb3m+xzBTjJ9ztocKOSQ+BHTJHBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCNbOt3Wg8ZnUlJKFt8uhasBgv5CMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvSTFzNjNkYUR4bWRTVWtvVzN5NkZxd0dDX2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAi
MA0GCSqGSIb3DQEBCwUAA4IBAQAmgUS6apRmin0qu0PjuFzypkUm0V9Hh8aeSh2W
ryLHvOuQSWf6OVlqvZcvg653taZtF4GBmcvrrHawDepMLhIhkqq2NjnqPiFOyVHa
UyMXKwXIy7DOlJbK6ApPpKH6WoH8UFMuhTP5XNDlCl5odJpxJDJhzazPBvpeZGJz
AcnRAKMliWjG3PJI3mc9i6yen6dQ5zMDpX9XDWqVgKLU671EsfTpP8Naiyx+hYvB
nOYgqHtt141LaqKQ0Tgp8+4fHoqpV8gnMdTQI6gNpjfghfTFbufHkX/13GnygUx2
oY+q0P8kt+9RIxAv+V/Nu5hSaOz4cxR+sGcpz2Fo2F5qYMYs
-----END CERTIFICATE-----