This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/wDhMGJ9NzXfEad9sT6Le_xs3iaE.roa
File:                     wDhMGJ9NzXfEad9sT6Le_xs3iaE.roa (raw, json)
Hash identifier:          zPKoEOiN3uariB64Rf296KkD/lWfDnDeFg2GGweepII=
Subject key identifier:   C0:38:4C:18:9F:4D:CD:77:C4:69:DF:6C:4F:A2:DE:FF:1B:37:89:A1
Certificate issuer:       /CN=5f0226a704cf620eb2000f27e7a919ce730991be
Certificate serial:       019B7B36C4F152DAC2B8F273B636BEE4312C
Authority key identifier: 5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/wDhMGJ9NzXfEad9sT6Le_xs3iaE.roa
Signing time:             Thu 01 Jan 2026 20:19:05 +0000
ROA not before:           Thu 01 Jan 2026 20:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47447
IP address blocks:        2a0c:b840:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 15:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:c4:f1:52:da:c2:b8:f2:73:b6:36:be:e4:31:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0226a704cf620eb2000f27e7a919ce730991be
        Validity
            Not Before: Jan  1 20:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0384c189f4dcd77c469df6c4fa2deff1b3789a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:74:46:b0:ce:12:42:f7:41:81:bc:16:23:bb:
                    af:93:53:d7:a4:9a:2e:68:3e:5e:c3:41:08:0d:10:
                    16:a3:b4:13:5f:13:31:8b:b5:a8:09:9d:ca:52:ba:
                    8a:c8:d0:b7:47:e5:9b:6d:d7:1d:82:0c:66:fd:d2:
                    14:f3:bc:2b:bc:d2:39:cb:ff:14:b4:25:e6:06:62:
                    3b:c8:1d:b0:fb:73:ab:47:b9:e8:2f:f6:5d:26:9e:
                    85:12:9e:1f:c5:b6:b8:c1:be:e2:61:69:e5:05:db:
                    3e:80:5f:cc:9f:c6:c0:83:33:64:f1:f7:8f:f2:87:
                    d9:e0:2e:5b:a7:4d:d6:c8:8b:1a:5a:1e:e1:d0:46:
                    44:f9:0c:75:e2:e2:fe:6a:1a:7b:ff:cc:5a:b9:2e:
                    ef:ea:32:3b:15:d3:12:a2:eb:5f:29:18:bf:fb:27:
                    0d:90:85:45:f3:4e:1d:42:65:1c:71:75:8e:de:8e:
                    b4:44:5a:be:15:5f:17:43:03:1c:71:2c:13:62:b4:
                    fc:a9:1d:e9:87:36:cd:34:b6:c2:c9:3f:d6:48:4e:
                    02:23:c2:75:b6:70:c1:fc:b1:76:8e:ba:a3:37:aa:
                    de:0b:78:35:a7:5a:d7:8a:49:dc:f2:30:e7:70:31:
                    9e:6f:b8:c0:21:35:c0:4e:14:26:82:fb:b2:60:b6:
                    11:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:38:4C:18:9F:4D:CD:77:C4:69:DF:6C:4F:A2:DE:FF:1B:37:89:A1
            X509v3 Authority Key Identifier:
                keyid:5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/wDhMGJ9NzXfEad9sT6Le_xs3iaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b840:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:6e:1a:22:77:59:1e:5b:93:93:6f:03:0a:5d:fa:81:7c:64:
         2e:89:40:51:12:d8:39:e9:32:fa:00:87:6e:1d:94:07:3e:f9:
         b3:29:e5:39:47:0c:bf:62:58:98:65:d0:4b:09:3c:35:62:bd:
         35:55:f9:47:63:43:48:a0:28:b7:5e:ae:91:4d:38:04:e4:1d:
         51:70:85:be:82:8d:0f:aa:9d:61:22:b4:2a:a7:c0:3e:be:5c:
         78:1d:54:84:78:5f:de:0f:96:c2:d4:2a:ec:e7:a4:61:2a:fe:
         79:4c:2e:01:5c:7b:3b:47:e0:9c:67:1d:2d:98:fe:16:5f:f5:
         53:bb:7a:e5:93:75:d9:b3:bf:b4:00:18:42:8c:df:e9:2d:fc:
         46:ab:55:72:8a:df:d3:f1:26:9a:46:88:b2:87:80:2c:66:0e:
         95:98:35:07:67:9f:1e:84:5f:87:08:88:0a:65:07:9a:65:1b:
         e2:0a:dd:8c:72:0e:12:33:8f:2d:a7:54:f1:b4:9c:ec:40:54:
         30:b7:f1:73:0e:63:3c:08:b0:86:19:dc:0f:63:12:45:20:3c:
         ab:a9:2c:8d:6d:ee:ee:a8:6b:6f:51:e5:12:43:8c:a5:21:d0:
         3f:1f:d9:3e:de:3d:c0:c3:97:90:6b:50:51:c6:cc:76:6c:90:
         d2:5c:83:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NsTxUtrCuPJztja+5DEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIyNmE3MDRjZjYyMGViMjAwMGYyN2U3YTkxOWNlNzMw
OTkxYmUwHhcNMjYwMTAxMjAxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDM4NGMxODlmNGRjZDc3YzQ2OWRmNmM0ZmEyZGVmZjFiMzc4OWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3RGsM4SQvdBgbwWI7uvk1PXpJou
aD5ew0EIDRAWo7QTXxMxi7WoCZ3KUrqKyNC3R+Wbbdcdggxm/dIU87wrvNI5y/8U
tCXmBmI7yB2w+3OrR7noL/ZdJp6FEp4fxba4wb7iYWnlBds+gF/Mn8bAgzNk8feP
8ofZ4C5bp03WyIsaWh7h0EZE+Qx14uL+ahp7/8xauS7v6jI7FdMSoutfKRi/+ycN
kIVF804dQmUccXWO3o60RFq+FV8XQwMccSwTYrT8qR3phzbNNLbCyT/WSE4CI8J1
tnDB/LF2jrqjN6reC3g1p1rXiknc8jDncDGeb7jAITXAThQmgvuyYLYRfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMA4TBifTc13xGnfbE+i3v8bN4mhMB8GA1UdIwQY
MBaAFF8CJqcEz2IOsgAPJ+epGc5zCZG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAt
NzVkOWNlNWI4ZDljLzEvd0RoTUdKOU56WGZFYWQ5c1Q2TGVfeHMzaWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAtNzVkOWNlNWI4ZDlj
LzEvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy4QAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQDLbhoid1keW5OTbwMKXfqBfGQuiUBREtg56TL6
AIduHZQHPvmzKeU5Rwy/YliYZdBLCTw1Yr01VflHY0NIoCi3Xq6RTTgE5B1RcIW+
go0Pqp1hIrQqp8A+vlx4HVSEeF/eD5bC1Crs56RhKv55TC4BXHs7R+CcZx0tmP4W
X/VTu3rlk3XZs7+0ABhCjN/pLfxGq1Vyit/T8SaaRoiyh4AsZg6VmDUHZ58ehF+H
CIgKZQeaZRviCt2Mcg4SM48tp1TxtJzsQFQwt/FzDmM8CLCGGdwPYxJFIDyrqSyN
be7uqGtvUeUSQ4ylIdA/H9k+3j3Aw5eQa1BRxsx2bJDSXIPH
-----END CERTIFICATE-----