This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/tPs5y50TL-Gaj8ccNAGqlv7gruY.roa
File:                     tPs5y50TL-Gaj8ccNAGqlv7gruY.roa (raw, json)
Hash identifier:          yIDSmikGAGxtPGWmqnkdb5gGbPGe9+DVmGSD7UkZfDg=
Subject key identifier:   B4:FB:39:CB:9D:13:2F:E1:9A:8F:C7:1C:34:01:AA:96:FE:E0:AE:E6
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       019B78A211FCD6DBB9762F5171DF3028CC6A
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/tPs5y50TL-Gaj8ccNAGqlv7gruY.roa
Signing time:             Thu 01 Jan 2026 08:17:25 +0000
ROA not before:           Thu 01 Jan 2026 08:17:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0d:c980::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:11:fc:d6:db:b9:76:2f:51:71:df:30:28:cc:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Jan  1 08:17:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4fb39cb9d132fe19a8fc71c3401aa96fee0aee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:77:e1:0d:42:74:e8:26:83:46:1b:25:dd:98:
                    8e:e0:bd:8e:34:fb:9b:a1:b6:a6:ce:ce:a4:29:c3:
                    d4:5e:43:28:04:cc:60:44:36:36:73:b0:77:ea:1b:
                    b0:0e:e5:b2:c5:34:5c:c7:b8:64:bd:57:44:8b:90:
                    2e:bb:71:30:89:b2:a8:c0:c8:82:b8:ea:28:2e:b6:
                    fb:1f:5a:3e:24:19:a1:9f:f0:14:19:ef:4f:25:1b:
                    41:a4:cb:7e:52:b0:d0:a2:88:2b:89:e7:e6:ba:d8:
                    7f:ad:5f:9a:a1:a3:db:46:22:ad:2b:6f:ac:00:60:
                    2e:0c:7c:2c:1d:b0:52:91:ba:0f:cb:4e:e2:37:9b:
                    58:b9:8e:00:e8:0b:76:2b:47:3d:b8:14:0e:d5:d2:
                    85:ef:32:cd:a6:2c:41:8a:72:05:6b:4e:ab:d7:30:
                    23:23:db:cb:b5:c5:09:f9:a7:65:08:eb:24:6d:af:
                    11:fb:06:83:f1:6b:e8:03:c2:64:c6:ce:71:89:74:
                    08:38:77:7f:b9:56:40:d7:bc:95:f1:0e:59:97:37:
                    f0:48:c6:b0:4f:23:82:69:2e:b2:4e:28:e6:a4:f0:
                    0c:e4:87:64:6b:aa:65:1d:13:05:bb:3c:81:ad:7d:
                    95:b7:ec:a6:64:3a:62:ce:61:a3:e5:f8:b2:1b:51:
                    86:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:FB:39:CB:9D:13:2F:E1:9A:8F:C7:1C:34:01:AA:96:FE:E0:AE:E6
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/tPs5y50TL-Gaj8ccNAGqlv7gruY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:c980::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:c0:a0:6e:c9:35:d1:ef:18:bf:ca:ba:ba:c0:9f:08:3f:57:
         90:bb:98:14:4e:59:fe:5b:bc:77:ed:d1:62:18:ee:8d:37:a8:
         09:6b:eb:48:f0:8c:a9:e4:43:30:6a:f3:cc:44:f1:dd:f3:5b:
         a5:3b:5f:fc:5c:d4:39:86:33:4f:c6:26:10:f5:b2:37:4b:4e:
         53:72:61:e3:f1:5b:04:b6:27:4f:b2:7d:bf:c3:0a:b4:ed:1a:
         0d:bb:01:cc:dc:72:7f:21:17:07:ba:9c:f2:b9:c5:1c:4c:ad:
         9f:60:db:82:d7:a8:0d:0b:e1:dd:b3:b2:a7:1a:3c:92:52:b8:
         68:41:6e:a0:b2:a4:41:49:54:ee:a5:8d:a5:2c:3d:41:c1:87:
         a7:9b:55:76:f4:bc:77:8f:12:aa:37:7b:ab:c4:d7:03:77:62:
         14:71:10:64:f5:d7:1b:ae:a1:c9:2d:b9:9a:57:97:c6:be:22:
         07:21:c0:75:86:25:e3:cc:7d:15:20:1b:f9:19:5b:b2:88:9f:
         19:1a:6d:43:4b:d5:04:dc:f8:df:9a:a3:1d:12:2b:cd:a1:fc:
         79:cb:0b:d6:49:1f:1c:7b:ab:95:9a:6f:80:56:a1:fe:19:90:
         67:30:b3:72:5b:7c:b1:42:33:16:74:c4:45:93:bb:51:b3:f6:
         b4:a6:3a:bd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4ohH81tu5di9Rcd8wKMxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjYwMTAxMDgxNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGZiMzljYjlkMTMyZmUxOWE4ZmM3MWMzNDAxYWE5NmZlZTBhZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXfhDUJ06CaDRhsl3ZiO4L2ONPub
obamzs6kKcPUXkMoBMxgRDY2c7B36huwDuWyxTRcx7hkvVdEi5Auu3EwibKowMiC
uOooLrb7H1o+JBmhn/AUGe9PJRtBpMt+UrDQoogriefmuth/rV+aoaPbRiKtK2+s
AGAuDHwsHbBSkboPy07iN5tYuY4A6At2K0c9uBQO1dKF7zLNpixBinIFa06r1zAj
I9vLtcUJ+adlCOskba8R+waD8WvoA8Jkxs5xiXQIOHd/uVZA17yV8Q5ZlzfwSMaw
TyOCaS6yTijmpPAM5Idka6plHRMFuzyBrX2Vt+ymZDpizmGj5fiyG1GG+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLT7OcudEy/hmo/HHDQBqpb+4K7mMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvdFBzNXk1MFRMLUdhajhjY05BR3FsdjdncnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg3JgDAN
BgkqhkiG9w0BAQsFAAOCAQEAn8Cgbsk10e8Yv8q6usCfCD9XkLuYFE5Z/lu8d+3R
YhjujTeoCWvrSPCMqeRDMGrzzETx3fNbpTtf/FzUOYYzT8YmEPWyN0tOU3Jh4/Fb
BLYnT7J9v8MKtO0aDbsBzNxyfyEXB7qc8rnFHEytn2DbgteoDQvh3bOypxo8klK4
aEFuoLKkQUlU7qWNpSw9QcGHp5tVdvS8d48Sqjd7q8TXA3diFHEQZPXXG66hyS25
mleXxr4iByHAdYYl48x9FSAb+RlbsoifGRptQ0vVBNz435qjHRIrzaH8ecsL1kkf
HHurlZpvgFah/hmQZzCzclt8sUIzFnTERZO7UbP2tKY6vQ==
-----END CERTIFICATE-----