This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/47ifkKzolp3We1XOZB7ABGdtz3o.roa
File:                     47ifkKzolp3We1XOZB7ABGdtz3o.roa (raw, json)
Hash identifier:          ZOzWEMjHn4XkxA4iw//kHkM6kX8r7Mzovz1lPBYdzEM=
Subject key identifier:   E3:B8:9F:90:AC:E8:96:9D:D6:7B:55:CE:64:1E:C0:04:67:6D:CF:7A
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019B79ED4ED1BB62F9CD5C4C7E0A1450EE59
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/47ifkKzolp3We1XOZB7ABGdtz3o.roa
Signing time:             Thu 01 Jan 2026 14:19:13 +0000
ROA not before:           Thu 01 Jan 2026 14:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212331
IP address blocks:        2a0f:607:1057::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:4e:d1:bb:62:f9:cd:5c:4c:7e:0a:14:50:ee:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 14:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3b89f90ace8969dd67b55ce641ec004676dcf7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:30:2f:af:7d:ea:fc:8a:fb:0c:9b:b0:0a:e9:
                    dd:83:27:66:3a:93:c4:69:15:a6:1f:2c:bf:56:78:
                    12:20:de:ad:f3:f5:80:6a:63:80:8f:19:73:a4:55:
                    2a:fe:84:d6:d5:9b:d4:a8:36:fc:e8:23:77:f0:ef:
                    70:fd:3b:24:22:68:68:38:84:09:02:6e:36:c5:5a:
                    98:67:50:b2:e4:b1:b6:d4:b2:66:0d:46:b5:fd:88:
                    c3:a2:a0:23:35:b2:45:dd:a3:79:f1:00:bb:37:32:
                    1a:fe:b7:7f:a6:02:1f:e9:e1:7c:c3:db:c6:a9:fd:
                    25:7d:f6:4d:09:44:e4:19:b8:08:4e:e7:45:9f:b7:
                    06:6e:cc:f9:57:22:3b:d0:5c:e9:5f:e9:8d:ea:c8:
                    d7:f8:d4:3a:a6:5a:b9:cf:b3:8d:ec:07:eb:78:53:
                    38:5b:fb:5d:29:53:8d:a7:0d:31:25:e9:66:2e:f6:
                    49:5a:a5:69:31:92:da:ed:4e:8b:4e:82:ae:d5:cf:
                    1e:6f:b7:89:23:93:af:16:72:e5:4d:de:3d:bd:fd:
                    4e:20:a1:49:e4:05:bb:f6:ea:6c:48:9a:12:93:a0:
                    04:b2:c5:a8:c4:8f:fd:87:06:06:8f:1e:0b:b8:98:
                    b1:9f:19:fc:1d:d4:63:09:71:0e:3b:e7:e7:15:5e:
                    28:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B8:9F:90:AC:E8:96:9D:D6:7B:55:CE:64:1E:C0:04:67:6D:CF:7A
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/47ifkKzolp3We1XOZB7ABGdtz3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1057::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:da:b2:b9:56:bb:8a:33:19:56:f1:e2:88:ae:d1:fa:63:3a:
         13:11:ea:ea:13:4a:d7:e6:ac:c9:21:51:a1:93:40:22:1a:f0:
         69:01:e5:35:66:af:8d:88:e0:08:8b:66:8b:8d:0d:32:fd:72:
         85:05:d6:aa:03:33:39:c5:c8:de:9e:89:6e:31:e3:03:37:bb:
         7d:86:ac:5d:e9:7f:a8:a5:97:ea:a8:5a:4a:1b:09:8c:5b:30:
         e1:d5:60:1d:88:b0:a8:76:0a:4c:19:c1:fb:08:fe:49:5f:ff:
         67:62:d8:fa:a5:9e:35:46:ea:5f:17:fe:ec:f7:e9:cf:61:b2:
         98:fc:98:9a:39:ec:3f:bd:7e:75:a4:84:8a:08:d4:58:ab:3e:
         9e:32:98:56:6a:6a:a3:da:98:7f:c7:6a:5b:66:ed:48:47:40:
         45:36:c2:68:ec:ff:59:6e:4c:a6:12:59:b0:d9:a2:a6:df:5f:
         43:92:1e:be:ac:ae:4e:47:1a:cf:47:3c:bc:0f:fa:52:36:e6:
         07:17:f0:b6:b7:cc:0f:30:76:cf:c2:c4:00:a6:37:7d:91:f2:
         1e:de:40:a4:a7:a1:7a:be:fd:b0:d5:a1:ab:eb:3d:13:7e:25:
         c4:63:87:df:41:82:96:df:d3:7b:47:ee:42:2f:d6:c4:90:b7:
         fe:77:ca:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57U7Ru2L5zVxMfgoUUO5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjYwMTAxMTQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2I4OWY5MGFjZTg5NjlkZDY3YjU1Y2U2NDFlYzAwNDY3NmRjZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzAvr33q/Ir7DJuwCundgydmOpPE
aRWmHyy/VngSIN6t8/WAamOAjxlzpFUq/oTW1ZvUqDb86CN38O9w/TskImhoOIQJ
Am42xVqYZ1Cy5LG21LJmDUa1/YjDoqAjNbJF3aN58QC7NzIa/rd/pgIf6eF8w9vG
qf0lffZNCUTkGbgITudFn7cGbsz5VyI70FzpX+mN6sjX+NQ6plq5z7ON7AfreFM4
W/tdKVONpw0xJelmLvZJWqVpMZLa7U6LToKu1c8eb7eJI5OvFnLlTd49vf1OIKFJ
5AW79upsSJoSk6AEssWoxI/9hwYGjx4LuJixnxn8HdRjCXEOO+fnFV4odQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOO4n5Cs6Jad1ntVzmQewARnbc96MB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvNDdpZmtLem9scDNXZTFYT1pCN0FCR2R0ejNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBX
MA0GCSqGSIb3DQEBCwUAA4IBAQAh2rK5VruKMxlW8eKIrtH6YzoTEerqE0rX5qzJ
IVGhk0AiGvBpAeU1Zq+NiOAIi2aLjQ0y/XKFBdaqAzM5xcjenoluMeMDN7t9hqxd
6X+opZfqqFpKGwmMWzDh1WAdiLCodgpMGcH7CP5JX/9nYtj6pZ41RupfF/7s9+nP
YbKY/JiaOew/vX51pISKCNRYqz6eMphWamqj2ph/x2pbZu1IR0BFNsJo7P9Zbkym
Elmw2aKm319Dkh6+rK5ORxrPRzy8D/pSNuYHF/C2t8wPMHbPwsQApjd9kfIe3kCk
p6F6vv2w1aGr6z0TfiXEY4ffQYKW39N7R+5CL9bEkLf+d8rQ
-----END CERTIFICATE-----