This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/2fDUlbNk_TjJfNmL8k7Qpaq_A4k.roa
File:                     2fDUlbNk_TjJfNmL8k7Qpaq_A4k.roa (raw, json)
Hash identifier:          AoEFyUvMFK7WBCJaTliv+GG29q2nziZw8E359o15zN8=
Subject key identifier:   D9:F0:D4:95:B3:64:FD:38:C9:7C:D9:8B:F2:4E:D0:A5:AA:BF:03:89
Certificate issuer:       /CN=c1c20fbc48fa59a7d8dea57908f350a1b97459df
Certificate serial:       019B7D5D2A2283ECE906C8D06449C53DE97B
Authority key identifier: C1:C2:0F:BC:48:FA:59:A7:D8:DE:A5:79:08:F3:50:A1:B9:74:59:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/2fDUlbNk_TjJfNmL8k7Qpaq_A4k.roa
Signing time:             Fri 02 Jan 2026 06:20:16 +0000
ROA not before:           Fri 02 Jan 2026 06:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a02:668:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:2a:22:83:ec:e9:06:c8:d0:64:49:c5:3d:e9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c20fbc48fa59a7d8dea57908f350a1b97459df
        Validity
            Not Before: Jan  2 06:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9f0d495b364fd38c97cd98bf24ed0a5aabf0389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:99:6f:fb:cd:0a:39:c0:9d:cf:e9:0a:ee:45:
                    4f:d5:8f:fe:41:51:d6:f2:ca:52:4d:7c:ca:58:7b:
                    88:a8:a1:dc:50:17:cc:9d:ef:34:d6:97:f1:98:c0:
                    b8:c0:04:01:a1:64:50:27:95:77:0a:86:03:b8:65:
                    b9:74:65:04:39:aa:7f:63:11:6c:2a:a4:e0:77:d4:
                    e9:04:91:b4:d9:d6:bd:7f:f1:78:b4:25:d0:7a:0b:
                    d3:be:63:e3:db:f1:2b:86:84:e5:9b:19:79:32:36:
                    99:e5:41:7d:e5:2e:00:3f:fa:c7:27:b1:e9:7c:c2:
                    78:7f:a3:21:d9:46:bb:53:e9:ae:78:39:1d:79:5f:
                    e5:25:93:c9:db:d5:48:39:bb:f2:1a:04:fb:57:ed:
                    08:f1:72:65:c2:df:29:04:84:e1:3d:4b:e6:ba:1a:
                    56:b0:00:35:6d:8c:07:08:87:17:5d:a2:c3:d4:a3:
                    7c:75:68:1b:d4:9c:70:05:08:06:77:40:b2:fe:e3:
                    ed:6d:e7:c0:57:b3:40:48:6f:20:2b:af:db:ed:f6:
                    8a:83:c4:c3:69:65:05:fc:bb:59:d8:39:ec:6c:88:
                    cf:7f:5d:ab:9d:9f:9d:f6:c5:fa:77:8a:f8:49:89:
                    a1:93:8c:c3:a3:7f:d7:94:37:f6:f6:48:f3:b4:4c:
                    77:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F0:D4:95:B3:64:FD:38:C9:7C:D9:8B:F2:4E:D0:A5:AA:BF:03:89
            X509v3 Authority Key Identifier:
                keyid:C1:C2:0F:BC:48:FA:59:A7:D8:DE:A5:79:08:F3:50:A1:B9:74:59:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/2fDUlbNk_TjJfNmL8k7Qpaq_A4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:668:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6f:e1:23:d7:1b:19:97:0b:e1:d0:a4:eb:da:a7:b4:50:91:c7:
         a1:1d:ee:47:f9:e6:8f:28:4c:6e:95:a9:bd:2b:12:ac:7a:8d:
         f4:f7:f1:20:b0:26:46:91:4c:95:d4:6d:cc:0f:2e:d2:34:ef:
         63:70:de:e8:98:d3:e6:91:2e:22:04:11:4a:02:1e:92:62:63:
         84:7b:cf:be:0a:db:fe:bd:92:23:a5:32:d7:2a:fb:df:37:3e:
         7d:3e:1b:77:96:28:c4:12:c7:15:99:a8:1a:1f:ed:c1:eb:04:
         31:1b:66:29:a0:79:b7:69:78:8e:72:57:69:29:60:05:44:47:
         5c:ee:4a:b9:3c:67:1f:a7:e2:c4:5c:f0:4e:d9:19:c9:43:ad:
         95:35:27:2d:ae:fe:88:5a:bd:58:33:49:ec:9f:b1:04:48:fe:
         ef:2d:74:78:09:2a:b7:7c:9f:62:7d:e2:cf:5d:db:f5:78:7d:
         e8:9d:58:7c:a5:e3:13:af:c5:b7:e9:05:d2:1b:d4:da:33:58:
         53:66:3f:41:42:70:9a:21:0d:86:bb:11:72:39:7b:b1:0c:a3:
         56:98:a1:35:10:3a:eb:48:a6:3f:56:24:3b:fa:80:69:bc:8a:
         34:aa:8b:e0:13:ca:af:44:49:d8:a6:d8:2b:9e:9c:d4:02:99:
         59:24:ae:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9XSoig+zpBsjQZEnFPel7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzIwZmJjNDhmYTU5YTdkOGRlYTU3OTA4ZjM1MGExYjk3
NDU5ZGYwHhcNMjYwMTAyMDYyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWYwZDQ5NWIzNjRmZDM4Yzk3Y2Q5OGJmMjRlZDBhNWFhYmYwMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqplv+80KOcCdz+kK7kVP1Y/+QVHW
8spSTXzKWHuIqKHcUBfMne801pfxmMC4wAQBoWRQJ5V3CoYDuGW5dGUEOap/YxFs
KqTgd9TpBJG02da9f/F4tCXQegvTvmPj2/ErhoTlmxl5MjaZ5UF95S4AP/rHJ7Hp
fMJ4f6Mh2Ua7U+mueDkdeV/lJZPJ29VIObvyGgT7V+0I8XJlwt8pBIThPUvmuhpW
sAA1bYwHCIcXXaLD1KN8dWgb1JxwBQgGd0Cy/uPtbefAV7NASG8gK6/b7faKg8TD
aWUF/LtZ2DnsbIjPf12rnZ+d9sX6d4r4SYmhk4zDo3/XlDf29kjztEx3hwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNnw1JWzZP04yXzZi/JO0KWqvwOJMB8GA1UdIwQY
MBaAFMHCD7xI+lmn2N6leQjzUKG5dFnfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NJUHZFajZXYWZZM3FWNUNQTlFvYmwwV2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82Yzc4ZGEtYmRlZC00MWE5LWI1MDgt
MzAyY2UxYmM5OWMwLzEvMmZEVWxiTmtfVGpKZk5tTDhrN1FwYXFfQTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82Yzc4ZGEtYmRlZC00MWE5LWI1MDgtMzAyY2UxYmM5OWMw
LzEvd2NJUHZFajZXYWZZM3FWNUNQTlFvYmwwV2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgIGaPAw
DQYJKoZIhvcNAQELBQADggEBAG/hI9cbGZcL4dCk69qntFCRx6Ed7kf55o8oTG6V
qb0rEqx6jfT38SCwJkaRTJXUbcwPLtI072Nw3uiY0+aRLiIEEUoCHpJiY4R7z74K
2/69kiOlMtcq+983Pn0+G3eWKMQSxxWZqBof7cHrBDEbZimgebdpeI5yV2kpYAVE
R1zuSrk8Zx+n4sRc8E7ZGclDrZU1Jy2u/ohavVgzSeyfsQRI/u8tdHgJKrd8n2J9
4s9d2/V4feidWHyl4xOvxbfpBdIb1NozWFNmP0FCcJohDYa7EXI5e7EMo1aYoTUQ
OutIpj9WJDv6gGm8ijSqi+ATyq9ESdim2CuenNQCmVkkrvQ=
-----END CERTIFICATE-----