This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/J66qhGQ2ju6qalfYOji_L-1eBsE.roa
File:                     J66qhGQ2ju6qalfYOji_L-1eBsE.roa (raw, json)
Hash identifier:          MMEe0y9jf7OElwZJ7NJIVqIJgRPFyVzT2AUoCkyCFXg=
Subject key identifier:   27:AE:AA:84:64:36:8E:EE:AA:6A:57:D8:3A:38:BF:2F:ED:5E:06:C1
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019B7F85A1A3694AD98A617DCB5C7636CAA4
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/J66qhGQ2ju6qalfYOji_L-1eBsE.roa
Signing time:             Fri 02 Jan 2026 16:23:42 +0000
ROA not before:           Fri 02 Jan 2026 16:23:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213579
IP address blocks:        2a0f:b240:7800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 02:24:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:a1:a3:69:4a:d9:8a:61:7d:cb:5c:76:36:ca:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan  2 16:23:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27aeaa8464368eeeaa6a57d83a38bf2fed5e06c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:94:8f:90:da:fd:1b:96:73:a7:03:72:24:53:
                    45:50:5e:09:eb:f9:4f:b5:63:e2:7a:9f:5f:62:2d:
                    5e:cd:00:2d:83:4a:a1:35:96:5e:a6:7b:fe:d3:60:
                    42:7b:db:aa:37:a7:7e:f9:16:bc:b6:ee:5d:f6:32:
                    33:b7:ee:59:f3:cc:10:09:7a:85:b0:15:1f:29:f0:
                    37:c1:e9:33:4a:43:20:e0:ea:57:29:d3:1c:7e:aa:
                    94:e8:46:79:ca:e5:09:d8:f5:41:56:ac:ff:2b:28:
                    58:2b:cc:8b:4b:25:24:2a:6f:1e:c1:fb:ad:73:8c:
                    83:f3:ba:0f:0f:27:bb:3d:a5:b0:00:d0:37:0b:db:
                    38:ae:0d:20:ff:25:18:b8:f7:82:0b:ad:c3:ba:08:
                    19:c1:42:35:1a:20:e2:65:57:53:a6:40:98:17:5f:
                    d1:db:89:a0:7c:4f:c5:d5:24:03:8a:f1:f3:87:59:
                    3a:d9:67:70:c3:ec:ff:5d:b2:f1:6a:55:ed:e1:4f:
                    52:08:b4:20:26:d7:26:bd:e5:ac:bf:0f:48:f7:05:
                    aa:63:e0:e7:d3:6c:83:b5:b7:b9:50:d4:2d:c6:21:
                    69:d4:9e:c1:b7:6a:4c:e6:fa:42:8c:f1:aa:3b:4d:
                    0c:e4:17:28:59:92:8e:46:97:35:0f:50:b6:3b:92:
                    c9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AE:AA:84:64:36:8E:EE:AA:6A:57:D8:3A:38:BF:2F:ED:5E:06:C1
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/J66qhGQ2ju6qalfYOji_L-1eBsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:7800::/40

    Signature Algorithm: sha256WithRSAEncryption
         29:42:50:a4:5f:00:30:35:4c:47:88:03:cc:38:3e:dc:c5:05:
         88:25:21:e8:fb:07:ba:cb:11:0f:06:9f:23:83:36:2e:03:93:
         1f:ec:5a:61:75:1e:7f:d8:c9:e5:b9:14:fd:c0:79:ed:b4:ac:
         1d:fe:8c:ab:3a:a4:4a:5b:11:a2:1f:2e:d7:aa:85:00:b8:28:
         d6:e9:96:58:7f:4e:f8:8e:2a:0e:68:83:61:de:30:66:28:27:
         bd:a6:3e:be:47:ea:9b:bb:61:93:84:c4:80:18:3e:f6:f9:10:
         b3:11:01:68:91:c2:b6:a4:7b:f9:0a:8f:c3:65:33:64:78:cc:
         1c:41:9b:d8:40:07:a0:02:59:e9:e6:0d:11:9b:97:f5:20:97:
         ec:62:7e:41:12:03:d5:8a:b3:43:84:b7:28:ac:e8:1a:56:a5:
         89:2e:44:77:c8:cf:47:02:c5:f2:c4:29:41:73:d5:60:5e:92:
         99:08:eb:6d:ac:45:50:d1:cf:29:99:e7:59:24:26:03:e2:24:
         6c:f2:c1:41:9d:9a:f1:87:ca:5a:b9:68:33:78:55:da:cf:36:
         44:07:71:0a:d3:e0:c2:f1:b4:5b:7c:2c:d5:68:8e:ee:34:ad:
         a2:f8:28:64:59:2c:c4:6a:4e:58:9c:a2:89:a7:b8:54:6c:7b:
         96:db:e0:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/haGjaUrZimF9y1x2NsqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwMTAyMTYyMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2FlYWE4NDY0MzY4ZWVlYWE2YTU3ZDgzYTM4YmYyZmVkNWUwNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JSPkNr9G5ZzpwNyJFNFUF4J6/lP
tWPiep9fYi1ezQAtg0qhNZZepnv+02BCe9uqN6d++Ra8tu5d9jIzt+5Z88wQCXqF
sBUfKfA3wekzSkMg4OpXKdMcfqqU6EZ5yuUJ2PVBVqz/KyhYK8yLSyUkKm8ewfut
c4yD87oPDye7PaWwANA3C9s4rg0g/yUYuPeCC63DuggZwUI1GiDiZVdTpkCYF1/R
24mgfE/F1SQDivHzh1k62Wdww+z/XbLxalXt4U9SCLQgJtcmveWsvw9I9wWqY+Dn
02yDtbe5UNQtxiFp1J7Bt2pM5vpCjPGqO00M5BcoWZKORpc1D1C2O5LJWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCeuqoRkNo7uqmpX2Do4vy/tXgbBMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvSjY2cWhHUTJqdTZxYWxmWU9qaV9MLTFlQnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQHgw
DQYJKoZIhvcNAQELBQADggEBAClCUKRfADA1TEeIA8w4PtzFBYglIej7B7rLEQ8G
nyODNi4Dkx/sWmF1Hn/YyeW5FP3Aee20rB3+jKs6pEpbEaIfLteqhQC4KNbpllh/
TviOKg5og2HeMGYoJ72mPr5H6pu7YZOExIAYPvb5ELMRAWiRwrake/kKj8NlM2R4
zBxBm9hAB6ACWenmDRGbl/Ugl+xifkESA9WKs0OEtyis6BpWpYkuRHfIz0cCxfLE
KUFz1WBekpkI622sRVDRzymZ51kkJgPiJGzywUGdmvGHylq5aDN4VdrPNkQHcQrT
4MLxtFt8LNVoju40raL4KGRZLMRqTlicoomnuFRse5bb4GM=
-----END CERTIFICATE-----