This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/oLDa-CgOOZxBktUh5x01lNaT_CQ.roa
File:                     oLDa-CgOOZxBktUh5x01lNaT_CQ.roa (raw, json)
Hash identifier:          0e7mqlR9kXg777Q7Ih7D03e129ZehslnKxcXsAocg4Y=
Subject key identifier:   A0:B0:DA:F8:28:0E:39:9C:41:92:D5:21:E7:1D:35:94:D6:93:FC:24
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019B77C768884D28F42C9843324E0366B28B
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/oLDa-CgOOZxBktUh5x01lNaT_CQ.roa
Signing time:             Thu 01 Jan 2026 04:18:35 +0000
ROA not before:           Thu 01 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204968
IP address blocks:        2a0d:48c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:68:88:4d:28:f4:2c:98:43:32:4e:03:66:b2:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jan  1 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0b0daf8280e399c4192d521e71d3594d693fc24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c0:37:7e:58:7c:b0:75:89:19:78:83:01:6b:
                    d4:06:8c:61:95:e4:9b:65:fe:49:08:00:c6:b5:20:
                    c7:73:d9:b4:29:ba:12:95:8d:96:9d:29:5f:dd:4e:
                    86:6c:78:3b:bf:49:0a:77:19:e4:6a:88:b1:f2:c3:
                    1d:76:70:09:f2:de:7e:ea:7c:46:99:e9:33:1c:ba:
                    78:a8:39:14:5f:7a:b5:3e:5e:bf:57:15:2b:de:ba:
                    a8:95:64:4d:f8:a5:87:9b:aa:51:8a:eb:43:63:6a:
                    d6:42:c7:8c:60:3d:da:82:25:a3:a9:d2:5c:67:34:
                    8b:20:18:f1:27:2b:b0:a6:e9:ca:8c:f4:17:41:d1:
                    4e:71:de:1e:4c:fb:8c:49:37:a9:c0:ca:f5:54:0e:
                    33:9a:dd:27:9e:92:12:de:18:f2:01:92:89:3a:d6:
                    ee:57:e5:12:03:93:25:23:81:f1:1e:5a:31:48:3e:
                    59:cc:57:09:10:5e:6c:47:1e:54:41:2b:00:e8:43:
                    6b:b7:c4:9f:24:44:e3:ec:cc:8e:5a:d4:72:4a:3e:
                    f0:aa:ab:29:5f:dd:26:e6:49:ac:75:c7:39:d9:ab:
                    e6:ea:69:39:f2:11:0a:8a:3a:6b:25:f6:60:7f:c5:
                    8d:da:6a:a8:e9:96:91:dd:2b:ec:32:6d:54:ef:b7:
                    23:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B0:DA:F8:28:0E:39:9C:41:92:D5:21:E7:1D:35:94:D6:93:FC:24
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/oLDa-CgOOZxBktUh5x01lNaT_CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:48:48:cf:31:48:35:9c:1e:12:bf:6f:78:b4:fd:cb:28:f8:
         5d:a5:a2:02:3c:b6:3d:bc:8d:ef:cc:a6:60:dc:cf:64:59:3b:
         07:5b:76:95:05:af:8d:1b:dc:a6:48:6d:ce:13:5a:87:4f:30:
         c4:d0:17:48:e2:ea:cb:0c:b4:b9:6e:25:3b:cd:5e:e8:14:62:
         f0:f9:cf:f4:b8:67:2b:1b:82:22:3c:4e:61:dc:42:72:04:81:
         9b:bb:d2:1c:c0:78:61:48:aa:93:a0:40:4e:bb:fb:1b:99:93:
         23:8f:0a:96:1a:a3:b6:cb:ce:0b:d0:d5:9f:83:35:09:2a:28:
         0e:88:d9:41:77:f8:cf:a6:a9:a0:ab:7e:b3:1e:d5:3d:51:4d:
         48:4a:ef:8d:c0:ce:32:93:05:1a:ab:5e:8e:13:74:74:cb:5f:
         1e:53:c0:51:d5:49:d9:fd:5d:7c:fa:d6:d0:ea:20:04:87:99:
         7c:c9:3f:1e:fc:3a:75:51:c2:77:17:31:88:3a:56:55:1f:73:
         06:3b:38:d9:e1:51:72:f2:2f:9d:d3:a4:88:c3:5f:0c:97:a9:
         8f:e9:f2:83:68:81:a9:33:56:13:be:28:37:6b:1c:e6:94:de:
         31:2d:d6:1a:7c:cf:c9:d4:48:bb:8e:cb:91:4d:7b:e0:d4:b2:
         c6:97:8d:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3x2iITSj0LJhDMk4DZrKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMTAxMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGIwZGFmODI4MGUzOTljNDE5MmQ1MjFlNzFkMzU5NGQ2OTNmYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcA3flh8sHWJGXiDAWvUBoxhleSb
Zf5JCADGtSDHc9m0KboSlY2WnSlf3U6GbHg7v0kKdxnkaoix8sMddnAJ8t5+6nxG
mekzHLp4qDkUX3q1Pl6/VxUr3rqolWRN+KWHm6pRiutDY2rWQseMYD3agiWjqdJc
ZzSLIBjxJyuwpunKjPQXQdFOcd4eTPuMSTepwMr1VA4zmt0nnpIS3hjyAZKJOtbu
V+USA5MlI4HxHloxSD5ZzFcJEF5sRx5UQSsA6ENrt8SfJETj7MyOWtRySj7wqqsp
X90m5kmsdcc52avm6mk58hEKijprJfZgf8WN2mqo6ZaR3SvsMm1U77cjDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKCw2vgoDjmcQZLVIecdNZTWk/wkMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvb0xEYS1DZ09PWnhCa3RVaDV4MDFsTmFUX0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1IwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAUhIzzFINZweEr9veLT9yyj4XaWiAjy2PbyN78ym
YNzPZFk7B1t2lQWvjRvcpkhtzhNah08wxNAXSOLqywy0uW4lO81e6BRi8PnP9Lhn
KxuCIjxOYdxCcgSBm7vSHMB4YUiqk6BATrv7G5mTI48KlhqjtsvOC9DVn4M1CSoo
DojZQXf4z6apoKt+sx7VPVFNSErvjcDOMpMFGqtejhN0dMtfHlPAUdVJ2f1dfPrW
0OogBIeZfMk/Hvw6dVHCdxcxiDpWVR9zBjs42eFRcvIvndOkiMNfDJepj+nyg2iB
qTNWE74oN2sc5pTeMS3WGnzPydRIu47LkU174NSyxpeNuw==
-----END CERTIFICATE-----