This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/gPlEqEZzfnSTUwltcGMsedRBQ1E.roa
File:                     gPlEqEZzfnSTUwltcGMsedRBQ1E.roa (raw, json)
Hash identifier:          38esTkQDBO03GfM8yJINP0QbftSi3sYtaXAqJp+R6Ok=
Subject key identifier:   80:F9:44:A8:46:73:7E:74:93:53:09:6D:70:63:2C:79:D4:41:43:51
Certificate issuer:       /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial:       019B7F8327E24DF129A8599D516917D73308
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/gPlEqEZzfnSTUwltcGMsedRBQ1E.roa
Signing time:             Fri 02 Jan 2026 16:21:00 +0000
ROA not before:           Fri 02 Jan 2026 16:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8832
IP address blocks:        2a00:1498::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:27:e2:4d:f1:29:a8:59:9d:51:69:17:d7:33:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
        Validity
            Not Before: Jan  2 16:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80f944a846737e749353096d70632c79d4414351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:05:01:56:02:1f:c4:62:37:2d:84:67:7e:65:
                    8f:d3:eb:68:94:cd:1f:92:9b:21:43:1b:0a:dc:97:
                    8e:b8:50:2c:b9:a9:2e:36:a8:f2:5c:47:d4:ec:e7:
                    42:7a:d1:97:e4:4a:6a:3f:bc:4a:8f:da:7b:e3:76:
                    f4:c1:a0:5c:1f:82:bd:84:8f:1a:45:0f:42:44:33:
                    2b:b2:45:b1:24:a2:57:b3:88:cd:11:65:e9:ce:b9:
                    2e:3b:05:b5:cb:4a:21:11:e1:47:12:47:2d:7f:34:
                    5c:65:dc:46:4f:63:ac:14:a2:43:98:e2:03:67:31:
                    6f:bb:fe:52:fd:a7:3e:56:49:a3:8f:7b:4e:55:4d:
                    6f:c4:5b:02:19:54:94:23:e7:2e:bd:9e:eb:bc:c8:
                    8a:c1:87:a2:74:25:f1:86:e3:b4:d6:18:b0:45:42:
                    47:d8:28:0c:10:0b:ee:56:12:3f:65:e5:52:a4:01:
                    90:02:cb:c6:7e:86:bd:b3:65:7e:b7:b5:e6:c4:2f:
                    b7:c7:56:3d:7e:6a:34:0a:19:40:43:03:61:2f:38:
                    bc:1a:d4:a8:0f:89:f5:ec:a3:09:a4:66:79:07:ec:
                    cc:13:46:ef:02:9a:ea:1a:62:65:26:25:69:c3:55:
                    bf:55:3f:96:fe:b0:e2:70:f1:4f:a1:e6:0c:f7:e0:
                    91:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F9:44:A8:46:73:7E:74:93:53:09:6D:70:63:2C:79:D4:41:43:51
            X509v3 Authority Key Identifier:
                keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/gPlEqEZzfnSTUwltcGMsedRBQ1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1498::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:34:dc:ff:d7:f9:13:84:34:ed:f0:eb:e8:32:a6:e2:93:83:
         75:03:e7:3c:51:7c:ed:86:89:5b:a5:5f:f5:0d:8d:34:38:3a:
         70:4d:b0:c6:7f:c9:33:1b:a0:ff:84:a0:e1:2c:fa:d2:c5:2e:
         8e:16:9e:7f:01:ef:67:44:ef:fc:18:0d:79:e0:b4:3f:81:3f:
         cb:74:03:ad:17:49:d7:3e:96:77:ff:67:ca:5e:61:4d:73:36:
         ca:ae:51:d5:8b:37:af:d3:c8:d7:77:98:68:0f:04:c8:46:e5:
         41:61:9d:b7:57:8d:4c:1e:0f:c7:cd:ce:e4:a0:02:9b:ce:1e:
         87:9b:c3:06:ce:52:c6:49:b0:b4:a6:80:47:45:38:4d:f6:d5:
         4f:9c:12:99:46:a0:cf:5a:85:2d:c0:f6:a0:90:5a:4f:b2:f9:
         28:3a:6e:f2:10:e1:aa:cc:21:74:98:ce:0a:2c:8a:b5:0e:12:
         c9:0a:7a:42:21:1f:9c:c4:a9:64:7c:59:cc:90:57:cc:02:8c:
         ff:fb:a9:94:1f:11:b3:1c:3a:13:0e:07:5e:ba:81:56:b7:7a:
         b7:99:47:7b:36:68:fa:0a:d2:f8:e1:10:a2:70:6c:0c:07:c1:
         13:a2:51:83:4e:3d:4c:f4:f3:af:5c:46:a7:ad:08:04:bf:3d:
         da:77:93:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/gyfiTfEpqFmdUWkX1zMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjYwMTAyMTYyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGY5NDRhODQ2NzM3ZTc0OTM1MzA5NmQ3MDYzMmM3OWQ0NDE0MzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQUBVgIfxGI3LYRnfmWP0+tolM0f
kpshQxsK3JeOuFAsuakuNqjyXEfU7OdCetGX5EpqP7xKj9p743b0waBcH4K9hI8a
RQ9CRDMrskWxJKJXs4jNEWXpzrkuOwW1y0ohEeFHEkctfzRcZdxGT2OsFKJDmOID
ZzFvu/5S/ac+Vkmjj3tOVU1vxFsCGVSUI+cuvZ7rvMiKwYeidCXxhuO01hiwRUJH
2CgMEAvuVhI/ZeVSpAGQAsvGfoa9s2V+t7XmxC+3x1Y9fmo0ChlAQwNhLzi8GtSo
D4n17KMJpGZ5B+zME0bvAprqGmJlJiVpw1W/VT+W/rDicPFPoeYM9+CRjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFID5RKhGc350k1MJbXBjLHnUQUNRMB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvZ1BsRXFFWnpmblNUVXdsdGNHTXNlZFJCUTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAUmDAN
BgkqhkiG9w0BAQsFAAOCAQEAsDTc/9f5E4Q07fDr6DKm4pODdQPnPFF87YaJW6Vf
9Q2NNDg6cE2wxn/JMxug/4Sg4Sz60sUujhaefwHvZ0Tv/BgNeeC0P4E/y3QDrRdJ
1z6Wd/9nyl5hTXM2yq5R1Ys3r9PI13eYaA8EyEblQWGdt1eNTB4Px83O5KACm84e
h5vDBs5SxkmwtKaAR0U4TfbVT5wSmUagz1qFLcD2oJBaT7L5KDpu8hDhqswhdJjO
CiyKtQ4SyQp6QiEfnMSpZHxZzJBXzAKM//uplB8Rsxw6Ew4HXrqBVrd6t5lHezZo
+grS+OEQonBsDAfBE6JRg049TPTzr1xGp60IBL892neTow==
-----END CERTIFICATE-----