This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0uMxw0si97T8YlWYIJYxugGgZmY.roa
File:                     0uMxw0si97T8YlWYIJYxugGgZmY.roa (raw, json)
Hash identifier:          wPw5NhAIeOfbu7J12i+BnkyVC1+Fh5jMSso4AuiwRQw=
Subject key identifier:   D2:E3:31:C3:4B:22:F7:B4:FC:62:55:98:20:96:31:BA:01:A0:66:66
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019B78A36F2A858D2A865179097272DB0722
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0uMxw0si97T8YlWYIJYxugGgZmY.roa
Signing time:             Thu 01 Jan 2026 08:18:55 +0000
ROA not before:           Thu 01 Jan 2026 08:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33891
IP address blocks:        2a03:f85:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6f:2a:85:8d:2a:86:51:79:09:72:72:db:07:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 08:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2e331c34b22f7b4fc625598209631ba01a06666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f6:a2:5f:70:d2:8d:55:85:1b:ed:6e:47:64:
                    35:cd:e3:57:be:dd:03:06:98:22:9b:e1:e7:39:6a:
                    c5:0e:ee:83:6b:d2:50:40:4c:18:57:ec:a9:53:fa:
                    0a:42:76:2a:ac:d1:eb:79:11:21:df:29:bc:ea:da:
                    ba:13:20:a9:b9:fb:ab:59:9e:72:3f:0a:74:7c:8d:
                    8a:77:97:66:b8:58:cb:d1:56:ac:ad:11:70:ef:a4:
                    55:2e:6b:ac:cc:25:5c:26:cb:b2:26:7b:66:23:09:
                    69:f6:35:1b:f2:94:98:ae:a1:7e:bb:96:fd:ac:9f:
                    f9:b0:8a:95:fa:2c:4e:8a:c6:54:5f:42:b4:c2:a2:
                    78:89:c5:5a:ae:13:51:d8:92:1e:6e:b9:d5:08:7a:
                    4e:a4:ec:16:40:29:7c:79:96:fb:3c:83:95:ca:5d:
                    8f:9e:b2:47:d3:dd:0c:89:24:f4:cf:84:c4:e2:27:
                    08:4f:75:89:f6:f7:2f:45:c0:41:31:bb:13:7e:ad:
                    d9:bc:f3:7a:9b:bb:90:db:c0:37:30:ab:ef:08:d9:
                    c2:e2:76:38:74:49:64:5e:9a:51:65:f7:67:55:df:
                    a4:76:51:9e:68:d7:b8:ce:86:6e:8b:e7:09:7d:ac:
                    34:7e:2e:b8:91:ab:f6:9e:ac:ed:c1:2b:78:1a:52:
                    38:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E3:31:C3:4B:22:F7:B4:FC:62:55:98:20:96:31:BA:01:A0:66:66
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0uMxw0si97T8YlWYIJYxugGgZmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:5c:1c:fc:ec:5e:53:c5:0a:4a:dd:c5:e7:c6:36:34:5f:11:
         c8:75:d2:ea:e3:4e:54:b6:16:b2:7f:6e:a0:7d:1c:e6:08:33:
         49:88:7d:7e:94:a9:78:46:c6:0d:81:20:9e:ba:b3:0b:a6:7f:
         3f:bf:85:72:0a:48:4d:c1:1d:8a:91:43:60:34:a1:0e:5f:59:
         df:d9:70:d0:60:21:f1:39:36:24:a7:7e:31:8a:e9:86:1f:fa:
         77:65:0f:c3:41:ca:e9:e5:03:bd:b6:98:e0:64:15:47:87:ea:
         e5:c4:10:4a:be:3b:2c:c9:db:1e:f1:59:8f:3b:ba:33:0b:90:
         43:13:e4:d2:3f:a3:2b:99:0f:31:23:84:51:97:d4:66:98:08:
         cc:74:61:dd:cc:09:f5:84:56:b3:5f:1c:69:4c:60:05:f2:38:
         0f:16:0e:4b:8e:b2:46:c2:14:f2:dd:13:f5:2f:64:55:87:d6:
         41:f1:a2:22:86:b6:e6:eb:af:47:41:8e:4d:5d:1e:02:e4:93:
         e0:1f:72:f7:bb:4c:db:17:8a:ad:00:0b:68:13:00:00:6c:52:
         4d:33:59:ae:71:8a:ef:0d:e8:f9:a2:81:5a:25:c3:a2:4e:45:
         81:6d:70:f6:c7:a9:5c:42:41:15:9c:b7:dd:82:f1:60:f7:72:
         e3:f8:dc:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4o28qhY0qhlF5CXJy2wciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjYwMTAxMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmUzMzFjMzRiMjJmN2I0ZmM2MjU1OTgyMDk2MzFiYTAxYTA2NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PaiX3DSjVWFG+1uR2Q1zeNXvt0D
Bpgim+HnOWrFDu6Da9JQQEwYV+ypU/oKQnYqrNHreREh3ym86tq6EyCpufurWZ5y
Pwp0fI2Kd5dmuFjL0VasrRFw76RVLmuszCVcJsuyJntmIwlp9jUb8pSYrqF+u5b9
rJ/5sIqV+ixOisZUX0K0wqJ4icVarhNR2JIebrnVCHpOpOwWQCl8eZb7PIOVyl2P
nrJH090MiST0z4TE4icIT3WJ9vcvRcBBMbsTfq3ZvPN6m7uQ28A3MKvvCNnC4nY4
dElkXppRZfdnVd+kdlGeaNe4zoZui+cJfaw0fi64kav2nqztwSt4GlI4JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNLjMcNLIve0/GJVmCCWMboBoGZmMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvMHVNeHcwc2k5N1Q4WWxXWUlKWXh1Z0dnWm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAE
MA0GCSqGSIb3DQEBCwUAA4IBAQDBXBz87F5TxQpK3cXnxjY0XxHIddLq405Uthay
f26gfRzmCDNJiH1+lKl4RsYNgSCeurMLpn8/v4VyCkhNwR2KkUNgNKEOX1nf2XDQ
YCHxOTYkp34xiumGH/p3ZQ/DQcrp5QO9tpjgZBVHh+rlxBBKvjssydse8VmPO7oz
C5BDE+TSP6MrmQ8xI4RRl9RmmAjMdGHdzAn1hFazXxxpTGAF8jgPFg5LjrJGwhTy
3RP1L2RVh9ZB8aIihrbm669HQY5NXR4C5JPgH3L3u0zbF4qtAAtoEwAAbFJNM1mu
cYrvDej5ooFaJcOiTkWBbXD2x6lcQkEVnLfdgvFg93Lj+Nzz
-----END CERTIFICATE-----