This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HFiVd4XrB-oPyIFaNs8E--lpa-Q.roa
File:                     HFiVd4XrB-oPyIFaNs8E--lpa-Q.roa (raw, json)
Hash identifier:          yz+QolZXCFEVLeXqg48MuQZwjFncmOFVzFvUgYsuizI=
Subject key identifier:   1C:58:95:77:85:EB:07:EA:0F:C8:81:5A:36:CF:04:FB:E9:69:6B:E4
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA48B122F3DF84D60E35244C5485398
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HFiVd4XrB-oPyIFaNs8E--lpa-Q.roa
Signing time:             Thu 01 Jan 2026 22:18:59 +0000
ROA not before:           Thu 01 Jan 2026 22:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29226
IP address blocks:        2a13:f084::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:8b:12:2f:3d:f8:4d:60:e3:52:44:c5:48:53:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c58957785eb07ea0fc8815a36cf04fbe9696be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:49:e9:74:84:a8:a0:d2:ec:8a:0e:38:50:ea:
                    f6:09:29:20:2d:0f:c7:9f:92:4c:96:52:c1:61:57:
                    80:e6:24:8d:49:44:f3:82:dd:b0:d9:5d:6b:9a:ce:
                    a7:5e:88:0b:43:00:c6:75:ab:eb:36:2b:d2:73:5c:
                    36:31:50:ee:25:f8:86:98:c9:a7:fe:67:85:b7:e9:
                    78:28:0f:58:ad:df:d8:d6:7e:11:bf:da:9f:60:34:
                    d0:2a:51:1b:27:7a:6a:48:fc:fb:73:10:f4:4b:64:
                    26:ff:6f:a8:83:e8:8b:f6:15:8d:5f:5f:73:7a:2e:
                    f2:85:0c:52:0b:7d:6b:db:91:57:bf:13:c5:9f:36:
                    e3:bf:60:d2:a5:fa:5a:bf:e4:a6:f8:f6:d4:b9:b0:
                    8f:27:0f:24:e8:e0:8d:47:01:d1:f9:f6:26:c8:68:
                    3f:ea:5e:f7:31:69:b0:7b:af:8b:50:e0:52:ec:db:
                    49:cb:dc:92:19:8f:d3:d1:04:57:e6:8f:d2:3b:f5:
                    56:fa:27:a8:4e:82:1e:ea:d7:b1:eb:5a:63:69:c2:
                    8a:85:81:24:b1:d2:65:2d:c1:1d:f3:a7:b3:79:d8:
                    18:ff:1f:96:67:84:fa:62:c6:7f:89:bb:24:b0:32:
                    90:f2:b9:75:78:0e:74:37:bf:33:7a:38:35:77:57:
                    13:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:58:95:77:85:EB:07:EA:0F:C8:81:5A:36:CF:04:FB:E9:69:6B:E4
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HFiVd4XrB-oPyIFaNs8E--lpa-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f084::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:55:36:37:2d:98:3e:22:31:55:fc:f9:22:99:bd:13:64:68:
         4e:58:39:5d:6d:45:59:1a:67:e8:fd:16:0a:e1:45:ad:0f:b9:
         f7:4b:2c:06:67:7e:48:be:f1:b8:b4:65:87:8e:ea:3e:6c:bc:
         c1:22:81:bd:17:e2:d0:b8:7a:27:9c:8e:66:6d:2e:2a:9e:ce:
         d3:c2:8d:06:13:d0:97:b2:a3:92:ba:89:c5:fa:97:8c:f8:75:
         f2:62:5f:07:3a:f2:63:8b:2a:7c:c7:e9:a3:d9:5e:f8:0f:66:
         ff:75:5c:b8:9a:6d:69:93:18:f0:d7:9d:e3:46:ab:f6:bb:b7:
         8a:59:1b:01:44:2f:e2:d3:a7:dc:ee:49:99:f3:3c:d5:cd:ab:
         7a:90:6d:f9:0c:28:ea:63:de:da:87:f1:c1:03:0f:87:33:75:
         ff:3d:96:5b:11:6f:97:84:10:bd:90:33:1b:2c:ac:ef:5d:53:
         53:69:68:e5:96:74:97:07:19:98:e3:8b:7a:3f:d9:f2:92:b2:
         74:94:c9:50:82:8c:35:05:4e:88:61:bb:04:82:3f:fc:d5:25:
         7a:a5:0d:b3:c3:b2:77:f6:09:e9:c8:1a:61:b6:d9:aa:87:e4:
         d3:65:56:2b:ff:95:e6:d0:ea:ac:22:3a:8e:c3:00:c5:3e:dc:
         16:f8:54:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7pIsSLz34TWDjUkTFSFOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU4OTU3Nzg1ZWIwN2VhMGZjODgxNWEzNmNmMDRmYmU5Njk2YmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUnpdISooNLsig44UOr2CSkgLQ/H
n5JMllLBYVeA5iSNSUTzgt2w2V1rms6nXogLQwDGdavrNivSc1w2MVDuJfiGmMmn
/meFt+l4KA9Yrd/Y1n4Rv9qfYDTQKlEbJ3pqSPz7cxD0S2Qm/2+og+iL9hWNX19z
ei7yhQxSC31r25FXvxPFnzbjv2DSpfpav+Sm+PbUubCPJw8k6OCNRwHR+fYmyGg/
6l73MWmwe6+LUOBS7NtJy9ySGY/T0QRX5o/SO/VW+ieoToIe6tex61pjacKKhYEk
sdJlLcEd86ezedgY/x+WZ4T6YsZ/ibsksDKQ8rl1eA50N78zejg1d1cTDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBxYlXeF6wfqD8iBWjbPBPvpaWvkMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvSEZpVmQ0WHJCLW9QeUlGYU5zOEUtLWxwYS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPwhDAN
BgkqhkiG9w0BAQsFAAOCAQEAalU2Ny2YPiIxVfz5Ipm9E2RoTlg5XW1FWRpn6P0W
CuFFrQ+590ssBmd+SL7xuLRlh47qPmy8wSKBvRfi0Lh6J5yOZm0uKp7O08KNBhPQ
l7KjkrqJxfqXjPh18mJfBzryY4sqfMfpo9le+A9m/3VcuJptaZMY8Ned40ar9ru3
ilkbAUQv4tOn3O5JmfM81c2repBt+Qwo6mPe2ofxwQMPhzN1/z2WWxFvl4QQvZAz
Gyys711TU2lo5ZZ0lwcZmOOLej/Z8pKydJTJUIKMNQVOiGG7BII//NUleqUNs8Oy
d/YJ6cgaYbbZqofk02VWK/+V5tDqrCI6jsMAxT7cFvhUnQ==
-----END CERTIFICATE-----