This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/zzCGGo649FLsATY_fuGlZHgnRwM.roa
File:                     zzCGGo649FLsATY_fuGlZHgnRwM.roa (raw, json)
Hash identifier:          +1Gsr6KYlV8gi9oJWuaclNFEGhKNSf3rU0ttxt0PzJE=
Subject key identifier:   CF:30:86:1A:8E:B8:F4:52:EC:01:36:3F:7E:E1:A5:64:78:27:47:03
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019AE92506373262EEAA9E96586737AE3DFD
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/zzCGGo649FLsATY_fuGlZHgnRwM.roa
Signing time:             Thu 04 Dec 2025 11:35:08 +0000
ROA not before:           Thu 04 Dec 2025 11:35:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206560
IP address blocks:        2a09:6287::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:e9:25:06:37:32:62:ee:aa:9e:96:58:67:37:ae:3d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Dec  4 11:35:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf30861a8eb8f452ec01363f7ee1a56478274703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9f:e5:df:11:da:fc:9a:d0:d6:c3:c1:be:f4:
                    b9:06:72:f4:94:cf:c4:9d:f3:b1:5f:1b:eb:d1:be:
                    07:cd:d1:9c:56:dc:97:ff:ce:a4:01:12:ca:44:79:
                    ef:06:10:d9:ee:29:84:3d:fa:a0:5e:a1:af:ec:ca:
                    cd:2a:b6:57:c2:4a:cc:bd:76:f8:32:11:61:7d:80:
                    c2:7a:66:d6:d0:d8:06:3b:56:d6:20:48:91:f5:6b:
                    90:00:8b:58:ac:fc:87:95:af:8e:a2:b8:53:d6:20:
                    de:7e:0d:91:3e:0b:07:0e:c6:15:61:36:18:24:09:
                    fa:21:53:f2:d3:3b:8f:a3:e2:56:b9:42:2c:51:2c:
                    b0:16:39:85:4a:8d:49:21:6b:42:3f:6c:df:0a:79:
                    6d:90:47:bb:fd:28:bb:a4:0f:51:07:e7:15:a2:3a:
                    05:4b:10:84:3f:75:a0:6e:48:91:70:9b:bc:7c:f9:
                    d5:fe:68:54:3a:6b:e9:ba:b9:0e:88:3e:86:f4:ea:
                    0e:b2:d7:69:32:dc:79:ba:22:67:3a:0e:01:04:41:
                    b4:ee:64:ce:32:4a:63:81:36:f3:49:5e:4e:bb:88:
                    a8:a0:85:53:f7:f9:95:2f:f7:5f:1a:22:ab:c4:9a:
                    5e:ce:f3:c5:8d:db:fb:c7:74:91:4b:24:fb:ea:c4:
                    9c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:30:86:1A:8E:B8:F4:52:EC:01:36:3F:7E:E1:A5:64:78:27:47:03
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/zzCGGo649FLsATY_fuGlZHgnRwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6287::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:c4:f6:e0:a1:4e:26:e2:67:b4:ec:2a:79:c2:ed:29:cf:ef:
         23:d7:a0:5c:de:53:39:87:e0:af:1f:4b:50:8e:e0:b4:8a:4e:
         5f:db:5f:75:b4:2c:6b:41:67:b0:84:fa:e5:8e:5a:f2:b7:22:
         88:aa:a4:6a:16:ed:f0:2b:43:1d:de:a2:e0:8e:4b:f1:8e:d6:
         e1:df:3c:97:8e:97:1f:df:03:09:29:94:ad:ff:86:a1:d7:71:
         26:7f:7a:d5:b5:26:23:21:f7:6d:d6:c2:d9:71:31:61:92:1b:
         ad:39:16:9d:ed:54:c8:00:b9:c4:35:c8:b3:76:41:77:0b:75:
         a2:17:d8:a9:36:c1:fb:d0:4e:91:fa:e7:cf:77:08:f5:a8:32:
         6e:4f:6c:d0:01:75:bc:df:8d:33:1e:1e:7f:59:bb:93:e2:c8:
         ea:44:c8:f3:15:e7:76:ae:48:cf:46:07:d5:f9:eb:ae:53:d6:
         15:57:45:43:31:12:87:e9:b7:e8:68:b1:fb:15:eb:0b:d2:5d:
         23:d7:51:05:6f:c8:06:60:bf:a1:18:50:88:2a:65:6d:39:cc:
         cd:c3:28:6e:1f:90:7a:4f:df:54:a5:39:80:58:d1:e7:ac:ed:
         ce:6f:f1:e9:01:e8:18:44:3a:76:f7:9a:ea:a7:4f:43:eb:82:
         e7:fe:4f:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZrpJQY3MmLuqp6WWGc3rj39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMjA0MTEzNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjMwODYxYThlYjhmNDUyZWMwMTM2M2Y3ZWUxYTU2NDc4Mjc0NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ/l3xHa/JrQ1sPBvvS5BnL0lM/E
nfOxXxvr0b4HzdGcVtyX/86kARLKRHnvBhDZ7imEPfqgXqGv7MrNKrZXwkrMvXb4
MhFhfYDCembW0NgGO1bWIEiR9WuQAItYrPyHla+OorhT1iDefg2RPgsHDsYVYTYY
JAn6IVPy0zuPo+JWuUIsUSywFjmFSo1JIWtCP2zfCnltkEe7/Si7pA9RB+cVojoF
SxCEP3WgbkiRcJu8fPnV/mhUOmvpurkOiD6G9OoOstdpMtx5uiJnOg4BBEG07mTO
MkpjgTbzSV5Ou4iooIVT9/mVL/dfGiKrxJpezvPFjdv7x3SRSyT76sSc7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM8whhqOuPRS7AE2P37hpWR4J0cDMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvenpDR0dvNjQ5RkxzQVRZX2Z1R2xaSGduUndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKglihzAN
BgkqhkiG9w0BAQsFAAOCAQEAwcT24KFOJuJntOwqecLtKc/vI9egXN5TOYfgrx9L
UI7gtIpOX9tfdbQsa0FnsIT65Y5a8rciiKqkahbt8CtDHd6i4I5L8Y7W4d88l46X
H98DCSmUrf+GoddxJn961bUmIyH3bdbC2XExYZIbrTkWne1UyAC5xDXIs3ZBdwt1
ohfYqTbB+9BOkfrnz3cI9agybk9s0AF1vN+NMx4ef1m7k+LI6kTI8xXndq5Iz0YH
1fnrrlPWFVdFQzESh+m36Gix+xXrC9JdI9dRBW/IBmC/oRhQiCplbTnMzcMobh+Q
ek/fVKU5gFjR56ztzm/x6QHoGEQ6dvea6qdPQ+uC5/5PAQ==
-----END CERTIFICATE-----