This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/nU4rPVtRfbItM-xzvt2LL0ELW38.roa
File:                     nU4rPVtRfbItM-xzvt2LL0ELW38.roa (raw, json)
Hash identifier:          T9mi4Gm/F4mY5KfCNJRr4hhRiSByxlKrMxz90hm0cLM=
Subject key identifier:   9D:4E:2B:3D:5B:51:7D:B2:2D:33:EC:73:BE:DD:8B:2F:41:0B:5B:7F
Certificate issuer:       /CN=a8246b88b829b4a3aadc280da145b63e99e92a0e
Certificate serial:       019B76EB03B870AB1804369EDBB6AF211CCF
Authority key identifier: A8:24:6B:88:B8:29:B4:A3:AA:DC:28:0D:A1:45:B6:3E:99:E9:2A:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/nU4rPVtRfbItM-xzvt2LL0ELW38.roa
Signing time:             Thu 01 Jan 2026 00:17:51 +0000
ROA not before:           Thu 01 Jan 2026 00:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28753
IP address blocks:        2a09:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:03:b8:70:ab:18:04:36:9e:db:b6:af:21:1c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8246b88b829b4a3aadc280da145b63e99e92a0e
        Validity
            Not Before: Jan  1 00:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d4e2b3d5b517db22d33ec73bedd8b2f410b5b7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:c9:92:43:87:d5:10:e9:9d:05:43:ed:5f:
                    9f:21:6d:0f:01:24:3e:97:58:19:30:67:9d:b3:85:
                    b2:d6:13:b9:d3:9e:9c:81:2c:49:bf:dd:1c:2b:e2:
                    38:d8:4b:ac:80:ea:d8:a7:56:ad:79:d7:be:1f:0d:
                    1d:02:a4:66:1f:36:fa:a6:e7:83:1d:07:df:a5:0a:
                    ad:c9:75:a2:ec:02:ed:5a:16:87:f4:67:c3:92:83:
                    0c:49:32:95:59:9b:2e:f5:64:38:68:03:6f:e8:64:
                    1d:36:a0:d2:a2:fe:ad:1e:ee:44:ce:3c:61:57:02:
                    18:91:b0:24:22:5b:80:84:e3:49:75:bf:80:30:5d:
                    4d:9e:57:7a:51:ee:00:16:f8:a7:04:70:14:74:23:
                    a1:1f:15:57:2f:c8:41:b2:55:5e:a9:89:6f:49:0a:
                    e3:59:c7:59:c9:3e:9a:f0:cc:f6:80:9e:31:59:0f:
                    fc:4f:e8:66:57:37:0e:cd:6a:17:26:7c:fa:d1:a9:
                    6a:97:f4:e3:9e:09:e6:39:2c:3e:fa:02:d5:1a:f2:
                    93:a5:05:5c:c4:32:88:0d:3f:0f:19:c9:fa:7f:80:
                    cf:b8:2a:1f:7f:0c:7b:20:ca:31:cd:16:3f:72:ab:
                    63:3f:eb:c6:22:d0:eb:ac:06:32:7e:d7:52:23:96:
                    2f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4E:2B:3D:5B:51:7D:B2:2D:33:EC:73:BE:DD:8B:2F:41:0B:5B:7F
            X509v3 Authority Key Identifier:
                keyid:A8:24:6B:88:B8:29:B4:A3:AA:DC:28:0D:A1:45:B6:3E:99:E9:2A:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/nU4rPVtRfbItM-xzvt2LL0ELW38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:56:f3:dd:80:32:7e:43:18:71:8d:e0:fd:af:99:4e:1e:6c:
         f8:53:d6:a3:d3:cc:af:2a:aa:f5:fe:30:05:e1:19:7f:c3:d7:
         d8:20:ae:3e:b2:8f:eb:4c:ef:bd:04:df:ef:6a:22:51:ee:ef:
         c6:14:9d:7d:ed:c8:a6:c4:12:2a:07:2a:1c:d5:28:8a:42:f4:
         55:61:b7:fc:10:9d:ea:59:25:28:23:77:24:b2:4d:e0:dc:5c:
         3a:d9:60:8a:82:ff:37:e0:5b:9d:ef:34:da:8a:03:d1:0c:6a:
         db:86:ec:81:a0:c4:16:77:25:8d:ac:d8:fb:98:63:19:8e:98:
         31:1a:35:b5:83:0e:5f:d4:95:71:fb:52:1f:7f:27:7f:ef:27:
         cc:02:55:86:55:f5:2e:09:ef:2a:fe:c0:f9:06:15:97:9b:c9:
         ce:5a:61:ea:5f:4b:da:d8:f5:73:59:93:2f:51:bf:e2:a4:eb:
         ea:96:b0:a9:85:6e:65:df:a5:0d:08:bb:ff:dd:b4:e8:4f:f2:
         13:9e:e2:a2:f8:bf:7a:4c:0d:af:bd:e5:f2:88:99:8a:b8:44:
         e7:3e:54:82:09:83:f5:d2:51:cc:a2:7a:33:b8:fe:9c:5f:f2:
         8b:a6:72:b4:47:c4:28:3f:db:74:76:13:e4:8b:94:af:18:15:
         a2:42:9e:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt26wO4cKsYBDae27avIRzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MjQ2Yjg4YjgyOWI0YTNhYWRjMjgwZGExNDViNjNlOTll
OTJhMGUwHhcNMjYwMTAxMDAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRlMmIzZDViNTE3ZGIyMmQzM2VjNzNiZWRkOGIyZjQxMGI1YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjjJkkOH1RDpnQVD7V+fIW0PASQ+
l1gZMGeds4Wy1hO5056cgSxJv90cK+I42EusgOrYp1atede+Hw0dAqRmHzb6pueD
HQffpQqtyXWi7ALtWhaH9GfDkoMMSTKVWZsu9WQ4aANv6GQdNqDSov6tHu5Ezjxh
VwIYkbAkIluAhONJdb+AMF1Nnld6Ue4AFvinBHAUdCOhHxVXL8hBslVeqYlvSQrj
WcdZyT6a8Mz2gJ4xWQ/8T+hmVzcOzWoXJnz60alql/TjngnmOSw++gLVGvKTpQVc
xDKIDT8PGcn6f4DPuCoffwx7IMoxzRY/cqtjP+vGItDrrAYyftdSI5YvqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ1OKz1bUX2yLTPsc77diy9BC1t/MB8GA1UdIwQY
MBaAFKgka4i4KbSjqtwoDaFFtj6Z6SoOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNScmlMZ3B0S09xM0NnTm9VVzJQcG5wS2c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hMzZmYjItZTYwZC00ZjhiLTljOGEt
NDkwYzg4MzAxZmNlLzEvblU0clBWdFJmYkl0TS14enZ0MkxMMEVMVzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hMzZmYjItZTYwZC00ZjhiLTljOGEtNDkwYzg4MzAxZmNl
LzEvcUNScmlMZ3B0S09xM0NnTm9VVzJQcG5wS2c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnRQDAN
BgkqhkiG9w0BAQsFAAOCAQEAjlbz3YAyfkMYcY3g/a+ZTh5s+FPWo9PMryqq9f4w
BeEZf8PX2CCuPrKP60zvvQTf72oiUe7vxhSdfe3IpsQSKgcqHNUoikL0VWG3/BCd
6lklKCN3JLJN4NxcOtlgioL/N+Bbne802ooD0Qxq24bsgaDEFncljazY+5hjGY6Y
MRo1tYMOX9SVcftSH38nf+8nzAJVhlX1LgnvKv7A+QYVl5vJzlph6l9L2tj1c1mT
L1G/4qTr6pawqYVuZd+lDQi7/9206E/yE57iovi/ekwNr73l8oiZirhE5z5UggmD
9dJRzKJ6M7j+nF/yi6ZytEfEKD/bdHYT5IuUrxgVokKezg==
-----END CERTIFICATE-----