This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/VnRtMDF4gysmlZSb59wJ0quLjuA.roa
File:                     VnRtMDF4gysmlZSb59wJ0quLjuA.roa (raw, json)
Hash identifier:          43Q8juPKAzS/kUi0MJPxgQYqYa6H7Jrksy06nYJpgec=
Subject key identifier:   56:74:6D:30:31:78:83:2B:26:95:94:9B:E7:DC:09:D2:AB:8B:8E:E0
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       019B7E39040A6CF5D76ACD8F2EEF898C546F
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/VnRtMDF4gysmlZSb59wJ0quLjuA.roa
Signing time:             Fri 02 Jan 2026 10:20:24 +0000
ROA not before:           Fri 02 Jan 2026 10:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:04:0a:6c:f5:d7:6a:cd:8f:2e:ef:89:8c:54:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Jan  2 10:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56746d303178832b2695949be7dc09d2ab8b8ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:67:a1:45:84:3d:4a:dd:4d:ed:07:ec:7a:f3:
                    70:e0:88:1b:65:42:44:b7:9d:c7:d8:39:cb:d1:a8:
                    84:de:e3:79:0b:b4:56:b4:b6:21:3f:53:84:32:67:
                    64:9b:ce:91:03:db:04:e3:b9:2b:58:96:62:a1:8d:
                    26:88:6e:34:31:5e:a0:13:fe:4d:e6:31:15:cd:5a:
                    6b:38:04:fc:45:06:a0:6f:4d:f2:00:d0:fd:99:53:
                    19:5e:1d:f7:17:23:5b:25:c4:51:97:0c:30:c1:7a:
                    51:88:74:14:78:0e:cf:72:c3:8a:af:ac:47:9c:2d:
                    5a:e8:33:6b:03:f0:7d:65:e9:e9:29:ad:e8:9d:93:
                    08:2e:d3:62:98:e7:92:fb:91:f3:01:16:89:c0:58:
                    e0:31:c9:de:05:be:df:58:2d:fe:7d:b2:39:60:af:
                    5f:b7:f7:0a:5b:75:54:0a:01:02:10:6e:90:01:a5:
                    45:c3:d6:b6:05:70:9d:c9:28:a1:fe:c2:67:5c:34:
                    f4:41:9d:c3:98:28:57:80:d1:a0:0d:fc:49:4d:01:
                    f6:a7:04:42:a7:66:24:2a:62:21:42:a5:58:e6:98:
                    90:bd:39:2e:0d:90:7e:92:71:c4:92:98:ea:34:0a:
                    db:02:1e:93:9c:de:9f:86:d1:d3:46:c3:dc:35:44:
                    93:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:74:6D:30:31:78:83:2B:26:95:94:9B:E7:DC:09:D2:AB:8B:8E:E0
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/VnRtMDF4gysmlZSb59wJ0quLjuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:b7:eb:d1:a7:fc:d9:73:7d:dd:9a:c3:81:df:55:be:49:33:
         61:7b:c8:b5:d5:3b:a3:23:16:e3:ba:68:c7:90:68:da:32:96:
         2e:2b:26:7d:f4:b7:55:9c:8b:57:d4:d6:89:b7:3c:6b:c6:e4:
         fb:45:02:f9:d8:d9:2a:05:30:72:25:3b:c0:43:5d:36:4c:a4:
         88:f8:79:1b:41:31:4e:be:b7:f9:63:7f:f3:33:7c:67:21:df:
         dd:a4:41:2a:48:b4:f8:d3:c2:73:91:53:f7:fb:5f:27:34:ed:
         a8:db:85:0a:00:92:da:a8:d9:e2:aa:87:38:75:c5:d7:86:c2:
         ac:78:00:7d:54:0f:1f:84:4a:1c:a9:e0:6d:f0:fe:e5:e6:fa:
         51:0f:41:08:23:c7:b9:7c:b2:19:c3:d7:9f:ba:4d:27:15:d5:
         7b:d2:bf:29:f0:12:ad:e3:9e:9d:ef:54:f7:99:1d:58:36:f6:
         b6:73:94:7c:51:58:72:67:82:b5:ae:5b:bb:b9:ea:1e:03:c4:
         12:d4:3d:21:d2:1d:50:5f:e0:94:81:6b:da:8c:91:16:4b:a0:
         12:a2:17:1c:8c:a0:10:30:5e:f7:2f:78:20:1b:dd:2d:19:41:
         13:18:33:74:2b:ef:90:5b:9d:7d:6e:ce:05:82:c3:30:44:d1:
         d4:da:18:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+OQQKbPXXas2PLu+JjFRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjYwMTAyMTAyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njc0NmQzMDMxNzg4MzJiMjY5NTk0OWJlN2RjMDlkMmFiOGI4ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWehRYQ9St1N7QfsevNw4IgbZUJE
t53H2DnL0aiE3uN5C7RWtLYhP1OEMmdkm86RA9sE47krWJZioY0miG40MV6gE/5N
5jEVzVprOAT8RQagb03yAND9mVMZXh33FyNbJcRRlwwwwXpRiHQUeA7PcsOKr6xH
nC1a6DNrA/B9ZenpKa3onZMILtNimOeS+5HzARaJwFjgMcneBb7fWC3+fbI5YK9f
t/cKW3VUCgECEG6QAaVFw9a2BXCdySih/sJnXDT0QZ3DmChXgNGgDfxJTQH2pwRC
p2YkKmIhQqVY5piQvTkuDZB+knHEkpjqNArbAh6TnN6fhtHTRsPcNUSTqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFZ0bTAxeIMrJpWUm+fcCdKri47gMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvVm5SdE1ERjRneXNtbFpTYjU5d0owcXVManVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdrfr0af82XN93ZrDgd9VvkkzYXvItdU7oyMW47po
x5Bo2jKWLismffS3VZyLV9TWibc8a8bk+0UC+djZKgUwciU7wENdNkykiPh5G0Ex
Tr63+WN/8zN8ZyHf3aRBKki0+NPCc5FT9/tfJzTtqNuFCgCS2qjZ4qqHOHXF14bC
rHgAfVQPH4RKHKngbfD+5eb6UQ9BCCPHuXyyGcPXn7pNJxXVe9K/KfASreOene9U
95kdWDb2tnOUfFFYcmeCta5bu7nqHgPEEtQ9IdIdUF/glIFr2oyRFkugEqIXHIyg
EDBe9y94IBvdLRlBExgzdCvvkFudfW7OBYLDMETR1NoYaQ==
-----END CERTIFICATE-----