This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0mKPMQWV_Qy-vh6NIOs-vGzzkcs.roa
File:                     0mKPMQWV_Qy-vh6NIOs-vGzzkcs.roa (raw, json)
Hash identifier:          40hzdqt6UbwBLVWM2lystwa7D/FQ/GMdaZDwu9K4ql4=
Subject key identifier:   D2:62:8F:31:05:95:FD:0C:BE:BE:1E:8D:20:EB:3E:BC:6C:F3:91:CB
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       019B7F84FA13854CA082B876961C4E1DEF19
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0mKPMQWV_Qy-vh6NIOs-vGzzkcs.roa
Signing time:             Fri 02 Jan 2026 16:22:59 +0000
ROA not before:           Fri 02 Jan 2026 16:22:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216213
IP address blocks:        2a13:e0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:fa:13:85:4c:a0:82:b8:76:96:1c:4e:1d:ef:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Jan  2 16:22:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2628f310595fd0cbebe1e8d20eb3ebc6cf391cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:ae:f3:b1:7d:f3:ed:8f:67:52:fc:8c:ec:
                    db:36:e0:61:b3:02:c5:b7:ca:4a:ea:66:38:d6:54:
                    61:96:ce:e1:80:59:dd:c5:ef:80:3d:2e:55:0f:80:
                    e2:c2:8c:9b:02:1c:38:37:7c:f9:53:2e:dc:09:9b:
                    ab:6f:91:a1:bb:a3:8a:a9:34:05:0e:b1:99:17:c8:
                    04:70:e3:1b:d5:90:74:75:53:4c:83:c5:76:0b:9c:
                    c5:6d:db:e9:a6:0e:44:82:ad:40:08:8e:c8:eb:77:
                    dc:14:e6:48:f6:90:af:f3:1d:f9:f5:4f:a8:c1:47:
                    b9:b4:84:41:18:ea:ed:88:53:30:fa:22:bb:fc:2e:
                    81:40:86:c3:32:60:d0:4c:10:03:eb:b8:08:06:c2:
                    1d:0e:f5:f8:61:11:10:bd:a1:b1:0d:9b:ae:ca:6b:
                    ed:7f:80:26:6b:a3:5c:bb:c5:b7:1b:8c:7f:c0:34:
                    5d:c2:5a:7f:7c:63:6a:c1:42:03:ac:99:5c:48:dd:
                    9d:e2:cf:66:9b:d0:9b:de:5e:b0:de:96:fc:1c:4c:
                    c3:11:7d:d0:4c:9f:fd:61:ea:44:c3:a6:21:86:a3:
                    dc:3b:8f:e9:fc:40:1c:c1:78:5e:31:7b:ee:87:f8:
                    fb:e7:87:38:24:d2:ce:13:00:6f:02:ff:6a:92:98:
                    a8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:62:8F:31:05:95:FD:0C:BE:BE:1E:8D:20:EB:3E:BC:6C:F3:91:CB
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0mKPMQWV_Qy-vh6NIOs-vGzzkcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:4d:5a:d8:f2:62:bd:63:de:f1:4f:3f:11:4d:61:16:59:41:
         01:37:d3:fd:09:1a:d1:63:8c:d9:03:3c:04:dc:ec:3a:91:d0:
         19:36:8f:05:fd:4d:d7:ff:15:27:89:17:4f:fc:68:04:de:39:
         41:51:39:44:51:9c:d2:4a:5b:40:cc:31:b5:9d:14:7a:67:97:
         1b:e6:f9:ce:a6:44:e5:5d:1b:ab:98:83:07:c1:e6:fd:20:24:
         4d:d9:22:3e:01:af:bf:c7:62:fe:84:8b:f4:2f:f3:0b:0f:96:
         6e:28:84:d8:06:33:75:b2:6e:94:b1:5c:e8:60:79:94:5a:c5:
         9c:8b:41:02:c1:c7:ca:b9:02:63:ab:ef:ce:e1:9c:88:36:cc:
         a8:92:3a:3c:e6:99:14:61:07:e0:fb:a0:5b:5f:5b:78:93:b5:
         63:eb:9e:74:ca:76:b0:97:da:8c:19:bf:73:4e:0c:fd:29:ee:
         53:28:79:ae:93:4c:6e:4f:1c:6e:a3:a0:92:46:16:6a:03:e6:
         7a:04:1f:3e:17:b5:e4:39:3c:26:a7:d3:1f:17:8d:bc:21:11:
         40:80:0a:e8:0e:56:95:f7:78:e3:d1:08:9e:74:bd:f5:f7:de:
         da:52:43:31:2d:e1:60:ce:ba:38:8f:67:d7:47:5f:49:68:54:
         81:df:9e:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/hPoThUyggrh2lhxOHe8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjYwMTAyMTYyMjU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjYyOGYzMTA1OTVmZDBjYmViZTFlOGQyMGViM2ViYzZjZjM5MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjqu87F98+2PZ1L8jOzbNuBhswLF
t8pK6mY41lRhls7hgFndxe+APS5VD4DiwoybAhw4N3z5Uy7cCZurb5Ghu6OKqTQF
DrGZF8gEcOMb1ZB0dVNMg8V2C5zFbdvppg5Egq1ACI7I63fcFOZI9pCv8x359U+o
wUe5tIRBGOrtiFMw+iK7/C6BQIbDMmDQTBAD67gIBsIdDvX4YREQvaGxDZuuymvt
f4Ama6Ncu8W3G4x/wDRdwlp/fGNqwUIDrJlcSN2d4s9mm9Cb3l6w3pb8HEzDEX3Q
TJ/9YepEw6YhhqPcO4/p/EAcwXheMXvuh/j754c4JNLOEwBvAv9qkpio5wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNJijzEFlf0Mvr4ejSDrPrxs85HLMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvMG1LUE1RV1ZfUXktdmg2TklPcy12R3p6a2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAo01a2PJivWPe8U8/EU1hFllBATfT/Qka0WOM2QM8
BNzsOpHQGTaPBf1N1/8VJ4kXT/xoBN45QVE5RFGc0kpbQMwxtZ0UemeXG+b5zqZE
5V0bq5iDB8Hm/SAkTdkiPgGvv8di/oSL9C/zCw+WbiiE2AYzdbJulLFc6GB5lFrF
nItBAsHHyrkCY6vvzuGciDbMqJI6POaZFGEH4PugW19beJO1Y+uedMp2sJfajBm/
c04M/SnuUyh5rpNMbk8cbqOgkkYWagPmegQfPhe15Dk8JqfTHxeNvCERQIAK6A5W
lfd449EInnS99ffe2lJDMS3hYM66OI9n10dfSWhUgd+eMg==
-----END CERTIFICATE-----