This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/vnmU6Cd9_S29IUfATpx4bENZIJQ.roa
File:                     vnmU6Cd9_S29IUfATpx4bENZIJQ.roa (raw, json)
Hash identifier:          t0IEkx6uhF4HYE5SrByETF5eoW3uaTBFYKJ9CVbdgRA=
Subject key identifier:   BE:79:94:E8:27:7D:FD:2D:BD:21:47:C0:4E:9C:78:6C:43:59:20:94
Certificate issuer:       /CN=a8246b88b829b4a3aadc280da145b63e99e92a0e
Certificate serial:       019B76EB04483207CBDE7CDE14B96AEC79C8
Authority key identifier: A8:24:6B:88:B8:29:B4:A3:AA:DC:28:0D:A1:45:B6:3E:99:E9:2A:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/vnmU6Cd9_S29IUfATpx4bENZIJQ.roa
Signing time:             Thu 01 Jan 2026 00:17:52 +0000
ROA not before:           Thu 01 Jan 2026 00:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60781
IP address blocks:        2a0f:68c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:04:48:32:07:cb:de:7c:de:14:b9:6a:ec:79:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8246b88b829b4a3aadc280da145b63e99e92a0e
        Validity
            Not Before: Jan  1 00:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be7994e8277dfd2dbd2147c04e9c786c43592094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ff:c0:12:49:08:ae:ed:cf:0a:ce:99:de:fb:
                    71:a7:9a:97:6f:35:9e:00:9c:91:58:39:17:78:9b:
                    e1:79:55:ea:d0:e2:d7:1b:a5:b8:7a:d1:c8:29:6a:
                    81:29:bc:d6:9c:e5:bc:44:ef:45:69:3a:73:b5:c3:
                    54:d7:62:e3:6d:23:85:66:0f:2b:83:a9:a9:80:cc:
                    1c:d7:1e:81:1a:40:90:e3:26:af:2e:06:3a:8f:85:
                    c1:f2:93:e2:05:0f:6c:57:43:ea:cd:de:76:61:99:
                    18:cd:e1:79:6d:59:73:f8:f6:e6:de:ce:73:68:21:
                    aa:ec:a8:e6:fb:14:c5:81:54:9d:35:22:e4:70:ec:
                    bc:b3:cb:a6:6e:a8:47:72:a0:6e:aa:66:b1:a5:2f:
                    5d:97:4f:fd:79:60:08:9d:53:4d:e8:2c:84:5b:96:
                    1b:f4:69:3d:04:53:9f:66:dc:90:d8:fd:91:c1:24:
                    28:21:88:d6:85:b5:1a:ef:40:0d:96:9b:f3:65:5d:
                    06:92:61:0c:36:57:e9:d8:29:9c:3e:78:88:0e:02:
                    11:e0:4d:d3:ec:b4:76:37:91:7c:ef:79:41:bf:4c:
                    a8:b6:d6:1e:53:69:84:3d:c7:c6:2c:e3:98:e9:81:
                    04:04:e4:af:4f:14:bb:2d:10:ae:d4:35:bc:7f:31:
                    6f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:79:94:E8:27:7D:FD:2D:BD:21:47:C0:4E:9C:78:6C:43:59:20:94
            X509v3 Authority Key Identifier:
                keyid:A8:24:6B:88:B8:29:B4:A3:AA:DC:28:0D:A1:45:B6:3E:99:E9:2A:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCRriLgptKOq3CgNoUW2PpnpKg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/vnmU6Cd9_S29IUfATpx4bENZIJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36fb2-e60d-4f8b-9c8a-490c88301fce/1/qCRriLgptKOq3CgNoUW2PpnpKg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:68c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:9d:aa:5c:a4:12:50:53:3c:43:a2:0d:65:6e:fb:6b:ad:fc:
         5c:38:b7:e5:44:c3:52:b0:4e:71:0a:7f:51:9a:6f:a8:fb:bc:
         09:cd:79:6b:61:98:9e:cd:c8:98:8a:6e:39:f6:cc:ef:78:06:
         66:d3:2d:84:5c:94:65:d2:ed:1c:5f:b7:c7:23:24:82:26:53:
         d1:a3:07:c3:a7:4c:38:79:48:bc:df:1f:0d:e3:0a:ba:c9:89:
         b1:7e:5b:78:9c:a6:83:c7:b5:f3:a6:60:8a:40:25:48:ae:41:
         7f:c4:71:a2:a2:79:b0:e3:c4:80:84:36:eb:30:7c:dd:a5:47:
         f5:dc:af:06:e2:e7:e6:4b:83:6d:f1:32:e7:7d:0f:68:25:56:
         05:33:ba:64:ba:1e:0f:23:d2:0c:33:b5:a4:36:fc:c1:ee:5a:
         75:60:f0:eb:ee:8d:c4:e9:ea:14:13:88:cc:17:05:16:c7:c3:
         79:b4:7b:9a:cf:9f:4c:5b:e4:56:ec:6d:a6:eb:ec:fc:3b:fe:
         78:59:2e:6a:11:ae:94:ec:b4:5c:89:3f:bb:03:60:53:09:44:
         ac:5b:2b:1b:ed:a4:dc:e4:f4:be:10:b8:57:23:8d:25:57:fc:
         57:87:c9:87:6c:24:c6:c0:ed:f1:34:22:2d:85:fe:83:0f:30:
         fe:45:50:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt26wRIMgfL3nzeFLlq7HnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MjQ2Yjg4YjgyOWI0YTNhYWRjMjgwZGExNDViNjNlOTll
OTJhMGUwHhcNMjYwMTAxMDAxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc5OTRlODI3N2RmZDJkYmQyMTQ3YzA0ZTljNzg2YzQzNTkyMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP/AEkkIru3PCs6Z3vtxp5qXbzWe
AJyRWDkXeJvheVXq0OLXG6W4etHIKWqBKbzWnOW8RO9FaTpztcNU12LjbSOFZg8r
g6mpgMwc1x6BGkCQ4yavLgY6j4XB8pPiBQ9sV0Pqzd52YZkYzeF5bVlz+Pbm3s5z
aCGq7Kjm+xTFgVSdNSLkcOy8s8umbqhHcqBuqmaxpS9dl0/9eWAInVNN6CyEW5Yb
9Gk9BFOfZtyQ2P2RwSQoIYjWhbUa70ANlpvzZV0GkmEMNlfp2CmcPniIDgIR4E3T
7LR2N5F873lBv0yottYeU2mEPcfGLOOY6YEEBOSvTxS7LRCu1DW8fzFv7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL55lOgnff0tvSFHwE6ceGxDWSCUMB8GA1UdIwQY
MBaAFKgka4i4KbSjqtwoDaFFtj6Z6SoOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNScmlMZ3B0S09xM0NnTm9VVzJQcG5wS2c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hMzZmYjItZTYwZC00ZjhiLTljOGEt
NDkwYzg4MzAxZmNlLzEvdm5tVTZDZDlfUzI5SVVmQVRweDRiRU5aSUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hMzZmYjItZTYwZC00ZjhiLTljOGEtNDkwYzg4MzAxZmNl
LzEvcUNScmlMZ3B0S09xM0NnTm9VVzJQcG5wS2c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9owDAN
BgkqhkiG9w0BAQsFAAOCAQEAoZ2qXKQSUFM8Q6INZW77a638XDi35UTDUrBOcQp/
UZpvqPu8Cc15a2GYns3ImIpuOfbM73gGZtMthFyUZdLtHF+3xyMkgiZT0aMHw6dM
OHlIvN8fDeMKusmJsX5beJymg8e186ZgikAlSK5Bf8RxoqJ5sOPEgIQ26zB83aVH
9dyvBuLn5kuDbfEy530PaCVWBTO6ZLoeDyPSDDO1pDb8we5adWDw6+6NxOnqFBOI
zBcFFsfDebR7ms+fTFvkVuxtpuvs/Dv+eFkuahGulOy0XIk/uwNgUwlErFsrG+2k
3OT0vhC4VyONJVf8V4fJh2wkxsDt8TQiLYX+gw8w/kVQKw==
-----END CERTIFICATE-----