This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/KyF2W9a4l5vzNRIVc-LbM4GJZTc.roa
File:                     KyF2W9a4l5vzNRIVc-LbM4GJZTc.roa (raw, json)
Hash identifier:          Y9RIlf0gj08NyPSvlvhxiFIml/cCvCcWizfd0g/ImuU=
Subject key identifier:   2B:21:76:5B:D6:B8:97:9B:F3:35:12:15:73:E2:DB:33:81:89:65:37
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019BDE5E52F288A92A669051BAC679BB7C07
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/KyF2W9a4l5vzNRIVc-LbM4GJZTc.roa
Signing time:             Wed 21 Jan 2026 02:24:41 +0000
ROA not before:           Wed 21 Jan 2026 02:24:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61138
IP address blocks:        2a0f:b240:8::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 02:24:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:de:5e:52:f2:88:a9:2a:66:90:51:ba:c6:79:bb:7c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan 21 02:24:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b21765bd6b8979bf335121573e2db3381896537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fd:83:d0:9b:5a:c4:6e:20:43:cc:49:4a:82:
                    85:3f:ad:99:ef:cb:88:59:c7:58:72:c2:bf:11:f4:
                    e7:fb:f3:8a:9c:1d:ed:fd:a6:54:88:92:e5:9f:a8:
                    ea:f7:b3:1c:5f:dc:d9:5d:2f:af:0f:4f:a5:6c:cf:
                    ef:97:33:d1:67:2e:ee:a3:6d:ad:96:a4:7e:a3:91:
                    c3:be:98:35:64:18:5a:67:9a:fe:2d:d2:ed:c3:4b:
                    a4:b3:d5:be:0e:87:bb:79:eb:13:67:68:83:14:d9:
                    65:1e:78:2e:c9:59:7a:71:45:7b:66:d2:01:ac:db:
                    8f:a4:1f:24:5c:31:39:ec:f3:f9:0c:4b:1f:98:a2:
                    2b:f3:85:2e:36:99:f1:bb:1e:c6:8d:fc:97:6b:86:
                    3d:c4:4d:54:c5:5d:b1:a0:32:de:ca:c6:3b:d3:54:
                    e1:57:c9:5f:0c:2c:e5:83:29:29:8d:e0:60:8a:0f:
                    91:8a:fc:c5:3e:4b:af:db:0d:92:1d:e1:7a:37:a6:
                    3d:b8:a1:24:0b:40:00:42:b3:14:24:1f:54:d2:c5:
                    71:bc:0d:0e:68:2a:5b:8a:f9:04:88:2d:b6:8b:19:
                    02:02:72:79:08:e8:fc:3d:57:7e:f4:c4:8d:c9:11:
                    48:af:b0:09:33:f1:8a:39:d0:1a:5a:b7:a4:87:2f:
                    3f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:21:76:5B:D6:B8:97:9B:F3:35:12:15:73:E2:DB:33:81:89:65:37
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/KyF2W9a4l5vzNRIVc-LbM4GJZTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:8::/46

    Signature Algorithm: sha256WithRSAEncryption
         75:f2:85:ca:0a:2e:1c:b2:fe:d2:45:2c:20:56:59:c4:0d:49:
         ea:fb:9c:d8:2a:74:83:97:d6:7a:06:96:ed:f9:fc:ea:05:13:
         41:6a:45:e3:85:e9:55:19:fc:10:65:2c:7a:77:0a:a8:57:1a:
         a3:93:6c:7a:d1:df:d9:68:b2:fb:61:f1:dc:0f:9b:f6:c6:f5:
         98:5f:75:b1:39:e4:e6:83:6e:29:be:93:10:7b:03:80:f7:12:
         c3:de:7f:15:b2:8f:b5:c0:9d:12:a6:f9:34:4d:78:b0:67:60:
         32:35:5e:a6:c7:14:a9:d9:cb:4b:d4:a0:0d:9d:05:5d:20:a4:
         f5:b1:2d:4c:d7:13:55:f3:cd:4f:a0:c5:5a:88:ec:7e:f6:32:
         c3:18:b5:2c:76:84:48:e2:14:dd:01:a1:ca:e2:c5:56:69:53:
         cc:b6:3c:4c:fb:8e:1a:b8:6f:63:3b:ea:a9:a1:ea:0f:f2:ae:
         56:a2:e6:4a:de:02:eb:f6:05:f0:ca:68:c6:8c:c0:b6:ca:8a:
         19:cb:a4:40:04:1b:9b:55:e2:a0:4a:4d:28:90:64:1f:0e:4f:
         62:ad:29:64:64:59:2f:a0:7d:59:52:8b:8f:2e:a1:b5:3e:8a:
         f4:12:b9:65:a7:74:30:71:b5:7a:e4:7d:56:6a:58:89:ff:9b:
         69:b8:30:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZveXlLyiKkqZpBRusZ5u3wHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwMTIxMDIyNDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjIxNzY1YmQ2Yjg5NzliZjMzNTEyMTU3M2UyZGIzMzgxODk2NTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/2D0JtaxG4gQ8xJSoKFP62Z78uI
WcdYcsK/EfTn+/OKnB3t/aZUiJLln6jq97McX9zZXS+vD0+lbM/vlzPRZy7uo22t
lqR+o5HDvpg1ZBhaZ5r+LdLtw0uks9W+Doe7eesTZ2iDFNllHnguyVl6cUV7ZtIB
rNuPpB8kXDE57PP5DEsfmKIr84UuNpnxux7GjfyXa4Y9xE1UxV2xoDLeysY701Th
V8lfDCzlgykpjeBgig+RivzFPkuv2w2SHeF6N6Y9uKEkC0AAQrMUJB9U0sVxvA0O
aCpbivkEiC22ixkCAnJ5COj8PVd+9MSNyRFIr7AJM/GKOdAaWrekhy8/9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCshdlvWuJeb8zUSFXPi2zOBiWU3MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvS3lGMlc5YTRsNXZ6TlJJVmMtTGJNNEdKWlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg+yQAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQB18oXKCi4csv7SRSwgVlnEDUnq+5zYKnSDl9Z6
Bpbt+fzqBRNBakXjhelVGfwQZSx6dwqoVxqjk2x60d/ZaLL7YfHcD5v2xvWYX3Wx
OeTmg24pvpMQewOA9xLD3n8Vso+1wJ0Spvk0TXiwZ2AyNV6mxxSp2ctL1KANnQVd
IKT1sS1M1xNV881PoMVaiOx+9jLDGLUsdoRI4hTdAaHK4sVWaVPMtjxM+44auG9j
O+qpoeoP8q5WouZK3gLr9gXwymjGjMC2yooZy6RABBubVeKgSk0okGQfDk9irSlk
ZFkvoH1ZUouPLqG1Por0Erllp3QwcbV65H1WaliJ/5tpuDA3
-----END CERTIFICATE-----