This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3GmH5kUQSFZ4B9WIIStJuu1hA8A.roa
File:                     3GmH5kUQSFZ4B9WIIStJuu1hA8A.roa (raw, json)
Hash identifier:          o51pLeG+ui4930qL9zA1LFSkZ1wxvRaSyJF3i3I1d/g=
Subject key identifier:   DC:69:87:E6:45:10:48:56:78:07:D5:88:21:2B:49:BA:ED:61:03:C0
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019B7FF1C6999249A73D016E91D815347CE4
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3GmH5kUQSFZ4B9WIIStJuu1hA8A.roa
Signing time:             Fri 02 Jan 2026 18:21:50 +0000
ROA not before:           Fri 02 Jan 2026 18:21:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207641
IP address blocks:        2a0f:3d86:44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:c6:99:92:49:a7:3d:01:6e:91:d8:15:34:7c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 18:21:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc6987e6451048567807d588212b49baed6103c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ae:21:ad:2d:ae:f2:cf:55:15:86:60:34:74:
                    30:d3:00:d2:f9:f6:7b:b5:c7:24:d9:f3:cd:a4:94:
                    cd:87:51:50:97:d0:33:93:5e:05:48:8e:7b:0e:b2:
                    d0:ed:ab:a5:c4:d5:ff:9d:21:74:0f:67:6a:76:ad:
                    1d:28:8b:c1:35:09:3a:66:4d:63:14:72:17:70:33:
                    e1:97:2b:aa:bb:8d:4a:57:37:3e:ac:4e:b0:bb:53:
                    e6:d3:bf:bd:02:19:e6:17:76:5d:0b:6a:b1:b5:28:
                    72:43:cb:e2:8d:72:b8:e9:5f:4e:66:fb:79:35:01:
                    bb:91:40:96:ea:98:e3:79:88:8c:f0:0b:e9:66:95:
                    95:61:27:6d:0e:f6:ae:ed:51:98:ea:e2:5b:48:65:
                    1f:ae:ec:19:ad:e2:96:ea:b3:43:71:d0:aa:e2:72:
                    b1:64:96:8a:de:27:52:71:87:36:d7:96:d2:89:58:
                    c1:6c:0b:91:0c:0a:3c:e7:d8:90:76:d0:0f:3d:11:
                    3d:a7:17:db:06:12:ce:4e:68:43:8a:3b:5e:9e:13:
                    e2:1d:6c:ff:95:1e:41:63:d7:f4:dd:00:d7:92:4b:
                    d0:cb:cc:29:90:5e:e0:10:ae:1c:97:12:01:da:69:
                    14:02:d5:c6:a7:69:6c:34:5f:f2:47:b9:9d:e3:75:
                    3e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:69:87:E6:45:10:48:56:78:07:D5:88:21:2B:49:BA:ED:61:03:C0
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3GmH5kUQSFZ4B9WIIStJuu1hA8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3d86:44::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:90:df:98:30:aa:4e:87:f3:21:aa:d0:44:ec:e4:b6:f2:23:
         11:0f:09:2d:44:07:b1:b1:73:4f:6f:f5:ad:d6:34:2d:9f:fa:
         3d:02:ee:a3:33:86:3b:c8:76:8e:02:4d:b3:24:0c:38:8e:51:
         aa:14:b5:42:30:b4:5a:a5:df:17:06:f7:56:d5:ee:07:7a:56:
         21:d4:4e:c3:4b:4f:23:ad:c6:b6:f8:82:35:38:41:30:ee:4b:
         a0:5e:5c:fc:24:a9:3e:ce:71:06:13:63:20:e4:36:55:fe:95:
         d6:02:72:b4:26:cb:43:74:1b:ca:49:8c:c4:3e:f8:3c:43:e3:
         88:25:76:1e:39:98:aa:ff:06:46:a3:65:1f:53:d4:22:4e:55:
         b6:78:78:89:27:af:69:4c:db:63:d5:e3:1f:e6:b0:f8:e8:87:
         83:14:24:01:2d:06:7b:8a:a8:f7:96:fe:a7:d1:7c:a4:c3:aa:
         2e:70:66:a1:c7:c7:72:27:67:0d:7b:71:d6:c4:92:5d:64:3c:
         c5:ac:4f:a0:f0:62:74:82:c2:ec:e9:0b:05:3c:2e:da:70:43:
         85:93:32:cb:49:d3:e0:5f:90:9e:95:eb:27:b8:bd:14:7a:5b:
         1a:21:08:c5:20:af:85:e1:40:7a:b6:1a:32:e6:13:36:b6:a6:
         fa:f6:71:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/8caZkkmnPQFukdgVNHzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMTAyMTgyMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY5ODdlNjQ1MTA0ODU2NzgwN2Q1ODgyMTJiNDliYWVkNjEwM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu64hrS2u8s9VFYZgNHQw0wDS+fZ7
tcck2fPNpJTNh1FQl9Azk14FSI57DrLQ7aulxNX/nSF0D2dqdq0dKIvBNQk6Zk1j
FHIXcDPhlyuqu41KVzc+rE6wu1Pm07+9AhnmF3ZdC2qxtShyQ8vijXK46V9OZvt5
NQG7kUCW6pjjeYiM8AvpZpWVYSdtDvau7VGY6uJbSGUfruwZreKW6rNDcdCq4nKx
ZJaK3idScYc215bSiVjBbAuRDAo859iQdtAPPRE9pxfbBhLOTmhDijtenhPiHWz/
lR5BY9f03QDXkkvQy8wpkF7gEK4clxIB2mkUAtXGp2lsNF/yR7md43U+6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNxph+ZFEEhWeAfViCErSbrtYQPAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvM0dtSDVrVVFTRlo0QjlXSUlTdEp1dTFoQThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg89hgBE
MA0GCSqGSIb3DQEBCwUAA4IBAQAQkN+YMKpOh/MhqtBE7OS28iMRDwktRAexsXNP
b/Wt1jQtn/o9Au6jM4Y7yHaOAk2zJAw4jlGqFLVCMLRapd8XBvdW1e4HelYh1E7D
S08jrca2+II1OEEw7kugXlz8JKk+znEGE2Mg5DZV/pXWAnK0JstDdBvKSYzEPvg8
Q+OIJXYeOZiq/wZGo2UfU9QiTlW2eHiJJ69pTNtj1eMf5rD46IeDFCQBLQZ7iqj3
lv6n0Xykw6oucGahx8dyJ2cNe3HWxJJdZDzFrE+g8GJ0gsLs6QsFPC7acEOFkzLL
SdPgX5CelesnuL0UelsaIQjFIK+F4UB6thoy5hM2tqb69nEO
-----END CERTIFICATE-----