This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/6TUuFWgBkm98OJlIkhqINWWAoI0.roa
File:                     6TUuFWgBkm98OJlIkhqINWWAoI0.roa (raw, json)
Hash identifier:          GA9PdoKCJE0Uq5wLiSfj1Mw/gZ339oU3m0s7B3MQNRA=
Subject key identifier:   E9:35:2E:15:68:01:92:6F:7C:38:99:48:92:1A:88:35:65:80:A0:8D
Certificate issuer:       /CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
Certificate serial:       019B7B3651615FEE89659A5FE01B408A685F
Authority key identifier: DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/6TUuFWgBkm98OJlIkhqINWWAoI0.roa
Signing time:             Thu 01 Jan 2026 20:18:35 +0000
ROA not before:           Thu 01 Jan 2026 20:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57903
IP address blocks:        213.109.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:51:61:5f:ee:89:65:9a:5f:e0:1b:40:8a:68:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
        Validity
            Not Before: Jan  1 20:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9352e156801926f7c389948921a88356580a08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fa:01:96:d6:ef:d0:fa:db:1d:ab:e6:bc:c6:
                    97:92:eb:79:08:40:21:ff:02:4d:8a:2c:4f:dc:67:
                    b5:6e:be:65:5b:e2:9b:b6:86:2b:cd:50:5a:29:7a:
                    1d:b2:2e:7d:14:1f:3e:79:73:4a:41:9f:e9:9e:18:
                    81:44:d0:09:95:a2:22:c9:06:ab:b6:8d:06:55:6b:
                    d9:1c:10:23:c0:e0:07:a9:e5:df:f1:6b:1b:f1:93:
                    a6:21:86:5a:f4:7f:2c:5f:3c:a7:92:3a:e9:29:c2:
                    f7:32:e9:17:66:88:c9:17:32:b6:17:be:0b:c8:97:
                    8a:0d:07:93:3a:69:ed:d5:d2:b1:64:04:8d:8f:69:
                    27:04:80:c4:8d:7f:ff:cd:44:e5:36:02:0e:4d:e4:
                    a1:23:ba:0b:38:cd:88:97:d7:81:11:8b:23:c9:8e:
                    65:61:86:15:08:1b:a2:e0:9c:ee:fb:63:b3:17:b1:
                    a7:39:f8:e3:9d:4d:9d:d3:fe:fc:ad:ff:b1:d1:09:
                    51:73:ec:12:b5:bd:23:ec:c4:52:5c:c9:81:d4:a4:
                    0c:47:2d:0c:70:62:9a:21:f2:4c:27:9e:e9:8c:e1:
                    f4:fb:e3:87:ee:d0:2c:a5:24:5a:c7:f4:a6:d7:01:
                    10:3e:3e:e8:7f:dd:db:f8:75:57:e7:02:74:b5:a4:
                    25:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:35:2E:15:68:01:92:6F:7C:38:99:48:92:1A:88:35:65:80:A0:8D
            X509v3 Authority Key Identifier:
                keyid:DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/6TUuFWgBkm98OJlIkhqINWWAoI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:11:46:f0:a0:03:96:b3:0e:26:d7:ef:b3:8f:1c:f0:d7:f6:
         2f:35:12:77:e2:9c:22:04:03:90:01:ff:5a:9c:33:3b:c1:29:
         13:2d:fe:f8:1f:52:55:d7:33:d3:57:55:76:ba:08:3a:a6:50:
         67:91:d6:02:dc:31:f5:26:b7:02:99:1f:49:d0:63:7f:ff:99:
         c6:2d:0f:02:31:36:33:48:ed:2b:b6:5e:4b:5d:04:00:ef:d0:
         31:bc:88:da:bd:45:82:e2:d3:2b:fb:ee:1d:68:1e:c5:d1:7f:
         34:ae:38:ba:e7:d1:11:ce:f0:56:d7:d0:27:1f:52:aa:94:c1:
         ea:1c:31:a5:66:40:04:13:04:e3:f2:b5:ee:60:23:34:00:14:
         47:43:7d:d9:9d:1e:52:2d:d3:6d:55:65:62:ea:86:35:05:29:
         46:86:ef:53:72:60:b6:6e:be:60:0c:ce:66:33:e9:9d:b0:16:
         21:8b:1f:f6:f0:69:50:ec:0f:92:2f:7d:fe:39:dc:6e:b2:61:
         4e:c1:a3:e9:6d:ca:28:9f:77:97:9c:59:40:6d:a8:cc:70:95:
         12:f6:f3:41:42:af:e4:5b:43:61:8a:fa:3a:ce:61:95:78:ad:
         e1:ca:33:51:35:fe:4f:9e:4f:7b:8f:77:23:28:3e:b2:b0:e6:
         5a:82:51:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlFhX+6JZZpf4BtAimhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzI1YzRkMDk1M2U3ZWNmNDZmMzdlMTRmY2ExNGZkMDlh
MTJkMTYwHhcNMjYwMTAxMjAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTM1MmUxNTY4MDE5MjZmN2MzODk5NDg5MjFhODgzNTY1ODBhMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPoBltbv0PrbHavmvMaXkut5CEAh
/wJNiixP3Ge1br5lW+KbtoYrzVBaKXodsi59FB8+eXNKQZ/pnhiBRNAJlaIiyQar
to0GVWvZHBAjwOAHqeXf8Wsb8ZOmIYZa9H8sXzynkjrpKcL3MukXZojJFzK2F74L
yJeKDQeTOmnt1dKxZASNj2knBIDEjX//zUTlNgIOTeShI7oLOM2Il9eBEYsjyY5l
YYYVCBui4Jzu+2OzF7GnOfjjnU2d0/78rf+x0QlRc+wStb0j7MRSXMmB1KQMRy0M
cGKaIfJMJ57pjOH0++OH7tAspSRax/Sm1wEQPj7of93b+HVX5wJ0taQlZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOk1LhVoAZJvfDiZSJIaiDVlgKCNMB8GA1UdIwQY
MBaAFN1yXE0JU+fs9G834U/KFP0JoS0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYt
OGYyMGNiNzM0NDg4LzEvNlRVdUZXZ0JrbTk4T0psSWtocUlOV1dBb0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYtOGYyMGNiNzM0NDg4
LzEvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W00MA0G
CSqGSIb3DQEBCwUAA4IBAQABEUbwoAOWsw4m1++zjxzw1/YvNRJ34pwiBAOQAf9a
nDM7wSkTLf74H1JV1zPTV1V2ugg6plBnkdYC3DH1JrcCmR9J0GN//5nGLQ8CMTYz
SO0rtl5LXQQA79AxvIjavUWC4tMr++4daB7F0X80rji659ERzvBW19AnH1KqlMHq
HDGlZkAEEwTj8rXuYCM0ABRHQ33ZnR5SLdNtVWVi6oY1BSlGhu9TcmC2br5gDM5m
M+mdsBYhix/28GlQ7A+SL33+OdxusmFOwaPpbcoon3eXnFlAbajMcJUS9vNBQq/k
W0Nhivo6zmGVeK3hyjNRNf5Pnk97j3cjKD6ysOZaglER
-----END CERTIFICATE-----