This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/kHBXqwhaHY9YgoftEomJM-YmPQM.roa
File:                     kHBXqwhaHY9YgoftEomJM-YmPQM.roa (raw, json)
Hash identifier:          Fv2HJ19zHGdY+cirM1+n1J1pjKCaMFvflEkbxIMaw+U=
Subject key identifier:   90:70:57:AB:08:5A:1D:8F:58:82:87:ED:12:89:89:33:E6:26:3D:03
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       019B76EB80F35CB3547D48BFF64DAFE63E2C
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/kHBXqwhaHY9YgoftEomJM-YmPQM.roa
Signing time:             Thu 01 Jan 2026 00:18:24 +0000
ROA not before:           Thu 01 Jan 2026 00:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30900
IP address blocks:        2a11:840:27::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:80:f3:5c:b3:54:7d:48:bf:f6:4d:af:e6:3e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=907057ab085a1d8f588287ed12898933e6263d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:10:54:27:50:6d:42:47:ac:06:3a:7a:6d:
                    25:41:2d:4c:e8:0e:7a:a7:55:aa:0e:93:03:6d:ef:
                    39:46:69:41:f2:f3:a4:57:34:c9:e1:d5:62:d9:25:
                    34:f9:83:c0:78:dd:51:e4:13:6a:27:60:7d:42:58:
                    2c:a3:46:8c:4a:0e:14:44:0e:90:c7:57:d7:ef:73:
                    68:1b:d0:52:f7:3d:ec:d3:21:6b:12:11:52:52:04:
                    0e:48:c6:aa:ce:ca:df:80:73:af:1e:29:c1:a6:77:
                    0f:f0:30:2e:0a:b1:5a:f4:86:86:c1:7e:8e:ee:5e:
                    61:8f:21:4e:14:ce:15:e7:87:08:f0:63:fb:06:b0:
                    7d:a9:93:2c:a1:92:86:95:8d:01:81:b5:fb:5f:46:
                    9d:78:c2:a1:7d:9d:76:a0:68:80:8f:a4:25:69:6e:
                    10:97:1c:88:d9:af:d4:6b:af:45:8b:00:7b:b9:70:
                    3d:64:99:80:0e:01:32:56:8d:9e:37:34:2c:83:a8:
                    26:e7:79:7f:6b:76:83:c3:fb:12:1f:ca:d0:93:1f:
                    ec:6a:7c:1d:38:80:02:6c:9a:36:79:da:e6:c5:f3:
                    f1:7c:89:0f:34:81:17:c0:6c:d7:a1:57:df:8a:33:
                    17:00:21:ee:5e:e4:8e:33:f2:4b:61:a7:f7:a2:78:
                    42:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:70:57:AB:08:5A:1D:8F:58:82:87:ED:12:89:89:33:E6:26:3D:03
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/kHBXqwhaHY9YgoftEomJM-YmPQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:36:eb:29:9b:57:cf:1a:1a:28:ff:5d:0e:48:6a:ac:65:5d:
         53:82:86:f0:19:b8:d3:66:15:db:f1:70:18:f9:03:05:db:ad:
         de:72:55:67:21:96:45:b4:f1:f6:73:44:e0:9a:df:0c:96:36:
         d2:81:38:f1:5b:31:de:7e:1a:a9:88:67:73:a5:ab:ae:61:45:
         0f:e5:3a:0b:8f:e6:d1:99:89:76:09:70:2d:76:28:fa:1d:06:
         9a:75:13:23:f7:9c:89:3d:6b:5a:11:52:6c:9d:6a:02:c7:68:
         4a:da:d9:bd:db:ce:99:0d:82:e0:7b:fb:3a:33:f9:53:0d:e6:
         89:6b:4f:d3:4f:74:40:1b:1e:03:85:63:e4:82:03:a2:42:af:
         e7:d5:af:25:35:b5:3a:0a:50:3e:f0:43:fa:33:69:f1:54:6a:
         3d:f3:a5:84:cf:a9:8c:b3:97:d4:bc:d8:45:8b:f7:81:9a:b1:
         c2:01:c7:f4:2d:fd:29:d1:32:f2:11:31:de:9b:6a:40:7f:d7:
         cb:1c:d4:5b:90:22:14:e8:ec:e0:ab:ec:12:4c:af:a5:0a:b2:
         03:f9:6a:00:22:27:21:1a:0b:df:d3:33:e3:f5:96:ec:63:79:
         59:81:18:19:84:ff:5f:36:b2:89:c1:76:a1:32:87:4e:dc:a5:
         8d:85:c6:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt264DzXLNUfUi/9k2v5j4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjYwMTAxMDAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDcwNTdhYjA4NWExZDhmNTg4Mjg3ZWQxMjg5ODkzM2U2MjYzZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtEQVCdQbUJHrAY6em0lQS1M6A56
p1WqDpMDbe85RmlB8vOkVzTJ4dVi2SU0+YPAeN1R5BNqJ2B9Qlgso0aMSg4URA6Q
x1fX73NoG9BS9z3s0yFrEhFSUgQOSMaqzsrfgHOvHinBpncP8DAuCrFa9IaGwX6O
7l5hjyFOFM4V54cI8GP7BrB9qZMsoZKGlY0BgbX7X0adeMKhfZ12oGiAj6QlaW4Q
lxyI2a/Ua69FiwB7uXA9ZJmADgEyVo2eNzQsg6gm53l/a3aDw/sSH8rQkx/sanwd
OIACbJo2edrmxfPxfIkPNIEXwGzXoVffijMXACHuXuSOM/JLYaf3onhC9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJBwV6sIWh2PWIKH7RKJiTPmJj0DMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEva0hCWHF3aGFIWTlZZ29mdEVvbUpNLVltUFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAn
MA0GCSqGSIb3DQEBCwUAA4IBAQCINuspm1fPGhoo/10OSGqsZV1TgobwGbjTZhXb
8XAY+QMF263eclVnIZZFtPH2c0Tgmt8MljbSgTjxWzHefhqpiGdzpauuYUUP5ToL
j+bRmYl2CXAtdij6HQaadRMj95yJPWtaEVJsnWoCx2hK2tm9286ZDYLge/s6M/lT
DeaJa0/TT3RAGx4DhWPkggOiQq/n1a8lNbU6ClA+8EP6M2nxVGo986WEz6mMs5fU
vNhFi/eBmrHCAcf0Lf0p0TLyETHem2pAf9fLHNRbkCIU6Ozgq+wSTK+lCrID+WoA
IichGgvf0zPj9ZbsY3lZgRgZhP9fNrKJwXahModO3KWNhcaU
-----END CERTIFICATE-----