This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/0fOlVdIS1WEADHFx-rX9EuojXD0.roa
File:                     0fOlVdIS1WEADHFx-rX9EuojXD0.roa (raw, json)
Hash identifier:          HVN1Ks0lRzr25kk3tVqnsRKtbl6GiFv09oBIP/8lLHs=
Subject key identifier:   D1:F3:A5:55:D2:12:D5:61:00:0C:71:71:FA:B5:FD:12:EA:23:5C:3D
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019B7A5B140E8E372BE05BF0425D9FE63904
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/0fOlVdIS1WEADHFx-rX9EuojXD0.roa
Signing time:             Thu 01 Jan 2026 16:19:07 +0000
ROA not before:           Thu 01 Jan 2026 16:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215496
IP address blocks:        2a05:9080:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:14:0e:8e:37:2b:e0:5b:f0:42:5d:9f:e6:39:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 16:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1f3a555d212d561000c7171fab5fd12ea235c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:34:c1:41:34:e1:8f:fb:f3:98:ad:59:fb:a5:
                    e1:46:e5:2c:e9:17:2b:a9:df:c5:76:e1:f9:21:15:
                    f3:11:35:e0:9e:d6:af:71:d4:47:3d:03:a0:55:76:
                    e0:09:4e:08:03:f3:b9:f6:f7:e7:cd:a4:7e:5f:71:
                    31:25:c8:3b:22:53:99:82:24:7a:6e:73:6d:f0:fb:
                    ef:a9:ac:94:f8:7b:b8:d5:42:ef:21:c3:82:8d:d4:
                    a4:21:4d:c0:33:8b:15:d8:5a:a3:32:80:3e:a3:29:
                    56:9b:13:6f:06:05:bf:f1:9a:70:1b:3b:14:81:17:
                    4c:c4:f1:34:70:8a:e2:17:15:cf:ce:28:41:2c:33:
                    b2:d9:9d:16:bb:b4:f0:c9:49:12:a9:da:08:72:f3:
                    6e:f2:b8:d6:03:3b:4d:70:4f:38:37:30:d3:12:d9:
                    cd:69:3d:69:48:27:4e:83:ce:c6:47:12:6e:77:c6:
                    53:c1:07:ea:40:9b:e5:4c:59:29:35:76:21:94:fc:
                    d9:d1:71:17:0f:03:92:82:32:35:f0:15:ab:88:d6:
                    5b:67:71:5a:7a:a0:8d:06:ae:6b:04:3e:f7:52:b9:
                    d4:42:a7:a7:a9:84:d6:2b:cb:75:83:39:c2:52:80:
                    64:a5:60:c5:9b:c1:b0:af:46:15:4a:91:47:82:82:
                    a9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:A5:55:D2:12:D5:61:00:0C:71:71:FA:B5:FD:12:EA:23:5C:3D
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/0fOlVdIS1WEADHFx-rX9EuojXD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:2f:45:68:f8:be:4c:24:85:f1:7e:74:ce:73:02:e0:74:35:
         43:e5:aa:30:32:ec:0f:c5:a1:a1:9d:90:a5:9d:a3:09:c8:ad:
         ed:ae:8d:13:a4:f5:95:56:7b:c3:60:58:27:b7:d8:de:64:19:
         66:34:06:00:bb:db:2c:72:c6:31:20:30:ad:32:89:85:2f:4d:
         70:cc:0a:73:bc:90:49:f6:1f:0a:85:77:64:d8:5e:3a:17:1e:
         d0:df:d0:e5:f4:9d:71:c8:3b:f8:c3:db:af:d4:b2:9c:b2:4e:
         c2:b3:ba:87:46:13:fd:d8:27:bd:7a:11:e3:e1:b9:b9:61:2f:
         65:af:29:31:c1:2f:b9:d3:18:6a:9b:08:79:46:05:15:14:d1:
         ad:5e:f4:3b:df:84:9f:5b:60:fb:92:1a:3f:91:47:e3:37:ea:
         b7:c0:07:2d:d8:47:5e:54:7f:ad:b1:11:51:f8:4e:a2:16:db:
         49:22:21:c6:77:97:cf:37:81:33:e2:a4:7e:ab:31:d9:e4:9c:
         8d:e4:9e:4a:c5:b9:68:7a:9c:b3:cd:4c:57:de:25:8e:bc:62:
         fa:3a:c6:3d:11:2c:a3:14:f8:a1:c6:5b:76:af:1a:91:a6:8d:
         7c:b1:0a:5f:55:79:40:f5:23:ae:ea:db:ac:a2:31:22:b7:d9:
         85:d2:07:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6WxQOjjcr4FvwQl2f5jkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwMTAxMTYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzYTU1NWQyMTJkNTYxMDAwYzcxNzFmYWI1ZmQxMmVhMjM1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDTBQTThj/vzmK1Z+6XhRuUs6Rcr
qd/FduH5IRXzETXgntavcdRHPQOgVXbgCU4IA/O59vfnzaR+X3ExJcg7IlOZgiR6
bnNt8PvvqayU+Hu41ULvIcOCjdSkIU3AM4sV2FqjMoA+oylWmxNvBgW/8ZpwGzsU
gRdMxPE0cIriFxXPzihBLDOy2Z0Wu7TwyUkSqdoIcvNu8rjWAztNcE84NzDTEtnN
aT1pSCdOg87GRxJud8ZTwQfqQJvlTFkpNXYhlPzZ0XEXDwOSgjI18BWriNZbZ3Fa
eqCNBq5rBD73UrnUQqenqYTWK8t1gznCUoBkpWDFm8Gwr0YVSpFHgoKpAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNHzpVXSEtVhAAxxcfq1/RLqI1w9MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvMGZPbFZkSVMxV0VBREhGeC1yWDlFdW9qWEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQCgL0Vo+L5MJIXxfnTOcwLgdDVD5aowMuwPxaGh
nZClnaMJyK3tro0TpPWVVnvDYFgnt9jeZBlmNAYAu9sscsYxIDCtMomFL01wzApz
vJBJ9h8KhXdk2F46Fx7Q39Dl9J1xyDv4w9uv1LKcsk7Cs7qHRhP92Ce9ehHj4bm5
YS9lrykxwS+50xhqmwh5RgUVFNGtXvQ734SfW2D7kho/kUfjN+q3wAct2EdeVH+t
sRFR+E6iFttJIiHGd5fPN4Ez4qR+qzHZ5JyN5J5KxbloepyzzUxX3iWOvGL6OsY9
ESyjFPihxlt2rxqRpo18sQpfVXlA9SOu6tusojEit9mF0gc+
-----END CERTIFICATE-----