This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hTHvhbLj8w3QJBi8LY7Fpw8qUKc.roa
File:                     hTHvhbLj8w3QJBi8LY7Fpw8qUKc.roa (raw, json)
Hash identifier:          UUUcgORxiPRsDwcwCZ0yd5nudPJkPB7Q5eJzLmAB0Vo=
Subject key identifier:   85:31:EF:85:B2:E3:F3:0D:D0:24:18:BC:2D:8E:C5:A7:0F:2A:50:A7
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EADBF2F72A0C146F03785BF84B7387
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hTHvhbLj8w3QJBi8LY7Fpw8qUKc.roa
Signing time:             Thu 01 Jan 2026 00:17:41 +0000
ROA not before:           Thu 01 Jan 2026 00:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215420
IP address blocks:        2a11:f081::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 12:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:db:f2:f7:2a:0c:14:6f:03:78:5b:f8:4b:73:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8531ef85b2e3f30dd02418bc2d8ec5a70f2a50a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:54:76:01:67:4b:ed:cd:7b:0c:da:f0:32:fc:
                    1e:09:24:d5:44:ce:0a:60:5a:2c:8d:d4:8a:5d:3d:
                    bc:bc:12:40:ce:4d:ad:17:49:39:10:f3:f2:c8:dc:
                    47:3f:1f:3b:0b:a1:4c:c4:3c:cc:b0:27:9d:8b:36:
                    f5:1d:f1:ce:fe:40:df:85:64:0c:d6:f5:3d:86:a7:
                    9c:cf:7d:21:92:3f:89:99:4e:e6:f5:08:06:14:29:
                    86:76:a1:d1:24:9e:d1:40:67:2c:97:c5:b4:56:b1:
                    ad:19:a8:e8:ba:7f:70:a4:76:26:8c:6c:9e:6c:a5:
                    81:4b:04:20:78:7a:c1:51:86:76:d8:c4:fb:aa:cf:
                    86:ae:76:ad:e0:01:22:cb:b3:c2:b6:fd:fa:0b:7a:
                    69:eb:4f:66:c4:8b:2e:c8:7a:06:56:5e:ac:74:8c:
                    7f:cc:7e:0b:75:51:e4:a6:eb:b9:4f:c1:87:83:30:
                    c8:93:f0:1a:c9:d0:57:2d:d6:4c:ab:33:58:bf:02:
                    26:23:e4:a0:50:3e:2d:68:9d:45:a8:ee:ff:ba:28:
                    02:34:cc:ed:f4:b9:5c:73:cf:b2:8d:af:c1:ff:3b:
                    9f:10:71:11:f2:d7:c5:46:9a:43:44:47:94:34:5d:
                    97:cb:aa:54:ea:6c:3b:c5:72:1d:52:28:50:17:9b:
                    50:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:31:EF:85:B2:E3:F3:0D:D0:24:18:BC:2D:8E:C5:A7:0F:2A:50:A7
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/hTHvhbLj8w3QJBi8LY7Fpw8qUKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f081::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:de:76:9b:67:7c:69:5e:70:a5:4d:ab:2f:b0:e1:95:07:fd:
         13:01:1b:31:38:e2:0f:92:9c:9f:1d:fe:49:11:a5:78:57:4a:
         45:51:da:c5:78:16:a2:d0:e1:2e:4e:6c:ca:80:6d:70:4d:7a:
         22:90:59:67:c1:c5:2f:a2:cf:c4:96:70:2c:e9:ae:d9:fc:42:
         90:f4:d0:38:c2:77:4c:e7:00:32:d2:dc:29:0d:38:ae:4a:6b:
         7a:17:d3:44:49:40:64:de:ac:c7:61:b7:cf:cb:db:02:e0:43:
         ee:a2:19:57:b1:3b:32:e3:a7:a6:cb:5e:bc:75:ad:db:60:d6:
         b3:76:59:cc:e1:9b:c4:82:ac:35:70:e6:85:52:e7:c3:29:46:
         58:1f:22:4f:6a:9d:a3:0d:d8:fb:60:78:a4:41:14:bd:e2:25:
         58:f0:e9:46:f2:71:a5:35:47:17:ac:2e:5b:05:70:02:1e:8f:
         a9:a3:9e:6f:53:8a:c4:82:26:e0:98:f6:8b:6d:e0:31:9c:b5:
         79:d8:6c:60:98:ea:ba:50:fa:5f:ad:fb:86:d4:ab:14:89:22:
         64:de:c4:02:79:70:8c:e3:3f:ec:ec:92:79:a6:6f:ea:46:cf:
         ca:90:eb:e0:26:df:7e:87:6c:46:2c:bc:4e:62:67:29:3f:38:
         e6:26:0c:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt26tvy9yoMFG8DeFv4S3OHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTMxZWY4NWIyZTNmMzBkZDAyNDE4YmMyZDhlYzVhNzBmMmE1MGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FR2AWdL7c17DNrwMvweCSTVRM4K
YFosjdSKXT28vBJAzk2tF0k5EPPyyNxHPx87C6FMxDzMsCedizb1HfHO/kDfhWQM
1vU9hqecz30hkj+JmU7m9QgGFCmGdqHRJJ7RQGcsl8W0VrGtGajoun9wpHYmjGye
bKWBSwQgeHrBUYZ22MT7qs+Grnat4AEiy7PCtv36C3pp609mxIsuyHoGVl6sdIx/
zH4LdVHkpuu5T8GHgzDIk/AaydBXLdZMqzNYvwImI+SgUD4taJ1FqO7/uigCNMzt
9Llcc8+yja/B/zufEHER8tfFRppDREeUNF2Xy6pU6mw7xXIdUihQF5tQKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIUx74Wy4/MN0CQYvC2OxacPKlCnMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaFRIdmhiTGo4dzNRSkJpOExZN0ZwdzhxVUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHwgTAN
BgkqhkiG9w0BAQsFAAOCAQEAAt52m2d8aV5wpU2rL7DhlQf9EwEbMTjiD5Kcnx3+
SRGleFdKRVHaxXgWotDhLk5syoBtcE16IpBZZ8HFL6LPxJZwLOmu2fxCkPTQOMJ3
TOcAMtLcKQ04rkprehfTRElAZN6sx2G3z8vbAuBD7qIZV7E7MuOnpstevHWt22DW
s3ZZzOGbxIKsNXDmhVLnwylGWB8iT2qdow3Y+2B4pEEUveIlWPDpRvJxpTVHF6wu
WwVwAh6PqaOeb1OKxIIm4Jj2i23gMZy1edhsYJjqulD6X637htSrFIkiZN7EAnlw
jOM/7OySeaZv6kbPypDr4CbffodsRiy8TmJnKT845iYMlw==
-----END CERTIFICATE-----