This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/xthXgiM7QFg5g-QceY1y5f74Rds.roa
File:                     xthXgiM7QFg5g-QceY1y5f74Rds.roa (raw, json)
Hash identifier:          ov8Kweo+Ul8Z/hCjsozR/vUEJ009cmFNJtAjb/mVhe8=
Subject key identifier:   C6:D8:57:82:23:3B:40:58:39:83:E4:1C:79:8D:72:E5:FE:F8:45:DB
Certificate issuer:       /CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Certificate serial:       019B77C68310677C4301B8C54971511D6E81
Authority key identifier: B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/xthXgiM7QFg5g-QceY1y5f74Rds.roa
Signing time:             Thu 01 Jan 2026 04:17:36 +0000
ROA not before:           Thu 01 Jan 2026 04:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50994
IP address blocks:        2a02:4a40:108::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:83:10:67:7c:43:01:b8:c5:49:71:51:1d:6e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
        Validity
            Not Before: Jan  1 04:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6d85782233b40583983e41c798d72e5fef845db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d9:0f:54:89:53:85:d6:f2:5d:3e:a7:9e:9b:
                    22:18:64:47:06:4d:f1:33:78:c9:b1:c4:f2:b7:17:
                    e9:74:af:cf:b7:3e:1f:6e:4a:63:fb:db:70:04:03:
                    d5:6c:e5:a5:94:04:57:c7:23:85:e4:5d:ed:17:5e:
                    f3:ad:c1:22:db:72:19:2f:3a:65:b7:fe:af:53:9e:
                    be:8c:d6:10:d2:58:9c:66:c0:d2:74:50:53:61:f2:
                    62:68:d0:63:8d:b6:26:9c:0a:20:bd:37:80:df:02:
                    13:4f:10:77:7d:7d:07:7f:76:2a:33:c3:e3:96:1a:
                    5c:92:86:45:52:e6:71:80:14:fe:eb:51:21:6a:de:
                    b2:c9:e6:6d:7f:7b:e0:1e:25:8c:27:49:88:b8:08:
                    24:63:bb:ef:0e:0c:69:d8:9c:4e:7d:86:cd:02:f4:
                    b3:50:17:8d:56:68:31:3d:33:0b:7d:4b:18:d5:7a:
                    33:e2:da:c4:45:56:ee:b5:6a:9e:20:bd:f3:a2:31:
                    e3:9f:3d:ae:81:5a:18:9d:cf:41:1f:9a:73:0c:27:
                    88:70:dd:6c:22:3c:0d:82:e8:bc:d6:b5:4b:44:1a:
                    43:01:12:3a:23:c1:97:0b:30:ce:45:91:72:ae:5b:
                    7a:12:8e:e0:20:07:fc:f2:02:13:f3:ba:50:0d:78:
                    47:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D8:57:82:23:3B:40:58:39:83:E4:1C:79:8D:72:E5:FE:F8:45:DB
            X509v3 Authority Key Identifier:
                keyid:B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/xthXgiM7QFg5g-QceY1y5f74Rds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:4a40:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:93:63:a5:54:4f:10:41:c7:b6:7c:b5:c1:d6:ec:69:db:93:
         59:cb:c1:99:6f:8a:be:e4:94:f1:d8:b6:55:d1:e0:5b:17:46:
         61:54:97:b0:a7:56:f8:e0:15:29:96:69:69:b3:b7:9e:8c:cb:
         5e:59:ad:32:51:29:39:0a:9a:5f:2b:9a:4f:c3:6f:89:a2:85:
         33:a2:8f:9b:17:5f:0b:58:a1:7e:a4:3d:00:d9:ab:9b:8a:62:
         41:b9:1c:87:38:a3:ed:79:25:83:57:f5:f8:25:4e:d4:fd:df:
         cf:d4:8e:6f:38:b1:d1:f1:c7:ec:30:21:bc:d1:83:33:01:bd:
         4e:c4:a4:a9:1f:79:31:83:e1:ec:e7:12:fc:b6:aa:49:25:26:
         07:58:a6:7b:02:5a:3b:5d:f7:f8:36:da:93:f1:52:35:0b:33:
         81:98:db:43:b9:47:e7:e6:8f:4d:94:f2:25:ec:a2:52:0e:9c:
         b9:7f:91:f1:78:75:6c:0b:4c:bc:57:8a:67:47:09:c5:4e:47:
         92:7a:ed:9c:af:9b:b3:b3:3b:b3:60:c3:d5:f9:cd:a1:46:02:
         55:98:a1:99:88:46:c8:86:fb:f0:dc:f8:83:02:19:da:f2:43:
         1d:e0:76:f8:b2:cf:29:ce:0b:75:4a:0e:e8:57:e0:62:8b:2d:
         b5:00:60:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xoMQZ3xDAbjFSXFRHW6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Zjc0YTQ3YTZkMWEwYmY0YzIxNmU1ZmFiNGQ5MWZiMTI5
ZGYzZDYwHhcNMjYwMTAxMDQxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ4NTc4MjIzM2I0MDU4Mzk4M2U0MWM3OThkNzJlNWZlZjg0NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldkPVIlThdbyXT6nnpsiGGRHBk3x
M3jJscTytxfpdK/Ptz4fbkpj+9twBAPVbOWllARXxyOF5F3tF17zrcEi23IZLzpl
t/6vU56+jNYQ0licZsDSdFBTYfJiaNBjjbYmnAogvTeA3wITTxB3fX0Hf3YqM8Pj
lhpckoZFUuZxgBT+61Ehat6yyeZtf3vgHiWMJ0mIuAgkY7vvDgxp2JxOfYbNAvSz
UBeNVmgxPTMLfUsY1Xoz4trERVbutWqeIL3zojHjnz2ugVoYnc9BH5pzDCeIcN1s
IjwNgui81rVLRBpDARI6I8GXCzDORZFyrlt6Eo7gIAf88gIT87pQDXhHoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMbYV4IjO0BYOYPkHHmNcuX++EXbMB8GA1UdIwQY
MBaAFLn3Skem0aC/TCFuX6tNkfsSnfPWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2Qt
MzBmNjA4YWRlNDhkLzEveHRoWGdpTTdRRmc1Zy1RY2VZMXk1Zjc0UmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2QtMzBmNjA4YWRlNDhk
LzEvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJKQAEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCNk2OlVE8QQce2fLXB1uxp25NZy8GZb4q+5JTx
2LZV0eBbF0ZhVJewp1b44BUplmlps7eejMteWa0yUSk5CppfK5pPw2+JooUzoo+b
F18LWKF+pD0A2aubimJBuRyHOKPteSWDV/X4JU7U/d/P1I5vOLHR8cfsMCG80YMz
Ab1OxKSpH3kxg+Hs5xL8tqpJJSYHWKZ7Alo7Xff4NtqT8VI1CzOBmNtDuUfn5o9N
lPIl7KJSDpy5f5HxeHVsC0y8V4pnRwnFTkeSeu2cr5uzszuzYMPV+c2hRgJVmKGZ
iEbIhvvw3PiDAhna8kMd4Hb4ss8pzgt1Sg7oV+Biiy21AGD9
-----END CERTIFICATE-----