This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/jaGFsM0UBl8DRADBm27ud6fxPc4.roa
File:                     jaGFsM0UBl8DRADBm27ud6fxPc4.roa (raw, json)
Hash identifier:          B/rg1ki5B0ZrfcN/NiwVQUlyMUumL+prN8/wqDje5I8=
Subject key identifier:   8D:A1:85:B0:CD:14:06:5F:03:44:00:C1:9B:6E:EE:77:A7:F1:3D:CE
Certificate issuer:       /CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
Certificate serial:       019B7A5AE995E9CF0F4B8CBB471ECB891D33
Authority key identifier: DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/jaGFsM0UBl8DRADBm27ud6fxPc4.roa
Signing time:             Thu 01 Jan 2026 16:18:56 +0000
ROA not before:           Thu 01 Jan 2026 16:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0a:2b00:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e9:95:e9:cf:0f:4b:8c:bb:47:1e:cb:89:1d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
        Validity
            Not Before: Jan  1 16:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8da185b0cd14065f034400c19b6eee77a7f13dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:68:58:c5:ce:8a:34:66:48:f7:54:48:6e:9e:
                    c9:13:3b:c7:2a:17:05:95:b9:57:68:af:18:64:fb:
                    0f:16:3f:a0:6a:2b:22:76:92:7e:8a:c2:48:c4:3c:
                    e5:54:cf:5e:17:25:5a:3c:e9:66:67:6f:41:a6:a6:
                    30:de:0a:a9:cf:d8:8d:f9:9f:1b:f7:4a:de:39:30:
                    f8:05:19:6f:b1:41:97:c4:19:1a:8d:4a:d6:63:47:
                    eb:82:df:19:2d:25:81:d9:1f:5a:a0:97:2d:3e:35:
                    ab:39:0a:0b:6b:bc:72:9e:63:6a:c7:87:91:a3:b9:
                    42:7b:d6:cd:1b:80:c3:82:1f:ee:b8:dd:5c:0a:52:
                    52:e2:2f:b7:90:d7:0c:c5:54:33:ed:7f:5b:7f:48:
                    22:87:9f:3c:76:7c:bb:3f:86:28:a4:be:7d:1e:ec:
                    0f:0a:5a:4f:5c:b1:af:9f:2c:39:7e:e3:8a:81:69:
                    9d:43:80:d9:97:31:8e:3c:22:a4:4e:cb:7c:be:c2:
                    bf:c1:ce:94:5b:c3:38:1d:bd:ca:9f:99:0b:51:b7:
                    f2:ed:45:20:11:fd:64:2e:b9:a1:44:ca:0e:d5:6c:
                    c6:28:cf:65:ba:59:a2:bf:b7:da:fe:f8:11:1c:89:
                    85:77:44:af:5a:b6:fe:de:b5:3b:7c:ae:f2:9e:7b:
                    76:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A1:85:B0:CD:14:06:5F:03:44:00:C1:9B:6E:EE:77:A7:F1:3D:CE
            X509v3 Authority Key Identifier:
                keyid:DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/jaGFsM0UBl8DRADBm27ud6fxPc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2b00:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:89:62:a5:03:90:c0:d4:ef:8d:b9:fd:2d:50:5a:31:7b:5f:
         b3:57:3b:4b:13:3f:63:1e:80:7c:ce:37:e1:16:42:b8:e1:7a:
         7e:5e:a4:03:99:3f:56:e7:97:cb:8f:11:1f:5b:7c:81:67:3f:
         71:5d:cb:26:98:04:0f:7a:c1:5c:73:66:fa:ec:bb:01:7e:71:
         47:15:b2:1e:92:78:13:f5:a2:99:ab:22:9d:2d:0f:f4:55:8a:
         2d:04:8d:dd:c1:d6:f2:62:52:e9:cd:ae:7e:4e:0f:97:eb:7a:
         1d:ef:69:bb:ae:47:f0:b0:46:a1:bc:c6:2d:27:7c:28:30:29:
         f2:99:6a:33:ba:e6:61:91:4a:73:44:15:ae:df:7c:38:76:26:
         d5:d3:cf:07:9d:b2:1c:7a:fd:f6:b0:ac:4e:e7:dc:99:cf:d4:
         c3:99:9e:e2:2e:b9:3d:c6:59:3b:f1:7b:ee:77:14:c4:7c:ef:
         d9:62:51:41:63:2e:af:71:16:c7:13:96:68:35:5f:9c:71:aa:
         0a:8c:84:9a:b2:21:89:3a:d2:29:ec:e0:c4:ef:4e:de:aa:8e:
         5f:61:07:fa:44:b2:d5:90:fb:b6:33:5d:4f:cf:a9:31:0b:ba:
         d1:8a:62:7b:34:bc:fb:5d:a8:73:f8:b4:11:79:77:6c:88:23:
         9e:75:66:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6WumV6c8PS4y7Rx7LiR0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhmZjJmM2EwYmZjNDFlYWRjMThhZjllNTJhY2QxMDA1
MjQxNDkwHhcNMjYwMTAxMTYxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGExODViMGNkMTQwNjVmMDM0NDAwYzE5YjZlZWU3N2E3ZjEzZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWhYxc6KNGZI91RIbp7JEzvHKhcF
lblXaK8YZPsPFj+gaisidpJ+isJIxDzlVM9eFyVaPOlmZ29BpqYw3gqpz9iN+Z8b
90reOTD4BRlvsUGXxBkajUrWY0frgt8ZLSWB2R9aoJctPjWrOQoLa7xynmNqx4eR
o7lCe9bNG4DDgh/uuN1cClJS4i+3kNcMxVQz7X9bf0gih588dny7P4YopL59HuwP
ClpPXLGvnyw5fuOKgWmdQ4DZlzGOPCKkTst8vsK/wc6UW8M4Hb3Kn5kLUbfy7UUg
Ef1kLrmhRMoO1WzGKM9lulmiv7fa/vgRHImFd0SvWrb+3rU7fK7ynnt22QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI2hhbDNFAZfA0QAwZtu7nen8T3OMB8GA1UdIwQY
MBaAFN+4/y86C/xB6twYr55SrNEAUkFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqX0x6b0xfRUhxM0Jpdm5sS3MwUUJTUVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82Yjg3YWYtYTIxMi00ODBkLWE0ZDQt
YTNkZjNiNjljZTVhLzEvamFHRnNNMFVCbDhEUkFEQm0yN3VkNmZ4UGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82Yjg3YWYtYTIxMi00ODBkLWE0ZDQtYTNkZjNiNjljZTVh
LzEvMzdqX0x6b0xfRUhxM0Jpdm5sS3MwUUJTUVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgorAAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFiWKlA5DA1O+Nuf0tUFoxe1+zVztLEz9jHoB8
zjfhFkK44Xp+XqQDmT9W55fLjxEfW3yBZz9xXcsmmAQPesFcc2b67LsBfnFHFbIe
kngT9aKZqyKdLQ/0VYotBI3dwdbyYlLpza5+Tg+X63od72m7rkfwsEahvMYtJ3wo
MCnymWozuuZhkUpzRBWu33w4dibV088HnbIcev32sKxO59yZz9TDmZ7iLrk9xlk7
8XvudxTEfO/ZYlFBYy6vcRbHE5ZoNV+ccaoKjISasiGJOtIp7ODE707eqo5fYQf6
RLLVkPu2M11Pz6kxC7rRimJ7NLz7Xahz+LQReXdsiCOedWaE
-----END CERTIFICATE-----