This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/g_3XVarkOCYkUbFIen91uAg3jSA.roa
File:                     g_3XVarkOCYkUbFIen91uAg3jSA.roa (raw, json)
Hash identifier:          rxp6gE49EvCvNnFFuptSMZ++/rxyRJ5gmIByXuz1FbU=
Subject key identifier:   83:FD:D7:55:AA:E4:38:26:24:51:B1:48:7A:7F:75:B8:08:37:8D:20
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019ACA51C85E09985DD255023552D1BDD055
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/g_3XVarkOCYkUbFIen91uAg3jSA.roa
Signing time:             Fri 28 Nov 2025 11:55:48 +0000
ROA not before:           Fri 28 Nov 2025 11:55:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205486
IP address blocks:        2a09:6282::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ca:51:c8:5e:09:98:5d:d2:55:02:35:52:d1:bd:d0:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 28 11:55:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83fdd755aae438262451b1487a7f75b808378d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:5f:b1:59:23:8c:58:e5:2b:53:7d:2b:85:0b:
                    51:ab:60:08:61:bd:e2:dc:0b:34:5c:ea:8f:be:88:
                    43:4c:b8:2f:9b:78:9a:4d:0a:d5:89:73:2b:83:5c:
                    2a:d3:42:d1:66:6e:84:59:c1:ae:25:b2:85:24:7f:
                    c4:2a:07:51:d7:1c:e6:5f:23:75:b5:28:c8:91:e5:
                    ee:a3:ec:7c:8d:dd:75:32:26:c1:3c:3f:5d:3c:f4:
                    fe:b5:d6:28:e3:31:cc:9f:8d:0e:5f:25:4f:6f:0d:
                    ab:c1:d7:6e:da:b9:5f:ae:e2:9d:86:c7:7a:93:88:
                    d8:84:c0:32:54:0f:95:07:c0:25:83:86:03:83:a0:
                    bb:36:a2:1a:1e:4b:95:2c:1b:3b:10:83:22:4d:eb:
                    df:03:7b:f9:4f:1e:40:84:7d:0e:0d:a0:4c:a6:a1:
                    13:4f:4a:d9:c3:50:f9:d0:dc:71:c2:30:dd:49:fc:
                    6e:76:c7:c0:a6:a1:57:53:97:19:d4:92:d3:0c:2a:
                    ff:07:3f:24:cc:22:79:81:81:f5:56:e6:82:66:11:
                    61:fd:17:6c:7a:ce:c5:24:41:c5:69:35:8f:7f:7e:
                    c0:68:f3:fa:15:35:43:b0:8d:98:c5:46:7c:c0:2e:
                    b2:a0:50:46:68:eb:26:04:5e:ee:f0:ec:9d:c4:66:
                    52:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FD:D7:55:AA:E4:38:26:24:51:B1:48:7A:7F:75:B8:08:37:8D:20
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/g_3XVarkOCYkUbFIen91uAg3jSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6282::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:6d:f3:98:f6:ae:64:10:38:d6:cc:96:46:e3:8c:89:fa:8c:
         29:18:85:5d:40:17:78:78:77:4c:9c:61:d2:fa:25:43:ae:8a:
         f2:5f:2d:e6:4b:e0:db:d8:6e:c2:05:e2:9a:dc:c9:e0:90:83:
         ca:33:ef:0a:75:b3:cf:7e:2a:6b:ad:de:96:ed:bf:fe:7b:89:
         b2:14:07:2a:d0:13:de:6a:ab:a9:18:7b:28:c9:13:46:f4:23:
         0f:86:22:b3:04:e0:d8:d1:86:b8:41:68:fc:05:a7:23:2b:55:
         f5:a9:da:ac:be:44:de:39:a8:df:d0:01:0f:71:1c:dc:02:3e:
         c3:99:8d:0a:6c:ee:67:b2:82:b9:46:f5:53:84:27:50:5d:24:
         7c:92:04:90:5c:9a:30:df:13:f4:db:35:45:6e:b1:44:79:0d:
         7d:71:58:f6:d5:67:ab:1f:fd:98:d9:c1:39:0c:f5:a7:ca:37:
         dd:f6:83:57:23:b1:b5:99:a1:23:26:21:f2:9a:a3:a7:df:5a:
         74:ba:7f:bd:45:a6:2e:73:2c:1d:c8:61:e6:53:b4:81:69:cb:
         0a:7e:f7:5e:b2:91:e6:bd:97:cf:92:25:b9:a7:dc:70:c5:77:
         8b:d1:d1:13:b2:69:57:5c:72:ec:7b:91:2f:4a:1c:ff:ed:85:
         17:da:41:b3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZrKUcheCZhd0lUCNVLRvdBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMTI4MTE1NTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ZkZDc1NWFhZTQzODI2MjQ1MWIxNDg3YTdmNzViODA4Mzc4ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7l+xWSOMWOUrU30rhQtRq2AIYb3i
3As0XOqPvohDTLgvm3iaTQrViXMrg1wq00LRZm6EWcGuJbKFJH/EKgdR1xzmXyN1
tSjIkeXuo+x8jd11MibBPD9dPPT+tdYo4zHMn40OXyVPbw2rwddu2rlfruKdhsd6
k4jYhMAyVA+VB8Alg4YDg6C7NqIaHkuVLBs7EIMiTevfA3v5Tx5AhH0ODaBMpqET
T0rZw1D50NxxwjDdSfxudsfApqFXU5cZ1JLTDCr/Bz8kzCJ5gYH1VuaCZhFh/Rds
es7FJEHFaTWPf37AaPP6FTVDsI2YxUZ8wC6yoFBGaOsmBF7u8OydxGZSUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIP911Wq5DgmJFGxSHp/dbgIN40gMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvZ18zWFZhcmtPQ1lrVWJGSWVuOTF1QWczalNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgligjAN
BgkqhkiG9w0BAQsFAAOCAQEAHm3zmPauZBA41syWRuOMifqMKRiFXUAXeHh3TJxh
0volQ66K8l8t5kvg29huwgXimtzJ4JCDyjPvCnWzz34qa63elu2//nuJshQHKtAT
3mqrqRh7KMkTRvQjD4YiswTg2NGGuEFo/AWnIytV9anarL5E3jmo39ABD3Ec3AI+
w5mNCmzuZ7KCuUb1U4QnUF0kfJIEkFyaMN8T9Ns1RW6xRHkNfXFY9tVnqx/9mNnB
OQz1p8o33faDVyOxtZmhIyYh8pqjp99adLp/vUWmLnMsHchh5lO0gWnLCn73XrKR
5r2Xz5IluafccMV3i9HRE7JpV1xy7HuRL0oc/+2FF9pBsw==
-----END CERTIFICATE-----