This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/3Q7uKZsMpZsukO9sW6TdxaymeCQ.roa
File:                     3Q7uKZsMpZsukO9sW6TdxaymeCQ.roa (raw, json)
Hash identifier:          YaBk8NWI//Ry/v2mJRSlpe9+IsnRQkr7eOxzzcKCjKo=
Subject key identifier:   DD:0E:EE:29:9B:0C:A5:9B:2E:90:EF:6C:5B:A4:DD:C5:AC:A6:78:24
Certificate issuer:       /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial:       019B791129D2DA5DE382B796526D7048E500
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/3Q7uKZsMpZsukO9sW6TdxaymeCQ.roa
Signing time:             Thu 01 Jan 2026 10:18:46 +0000
ROA not before:           Thu 01 Jan 2026 10:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208024
IP address blocks:        2a07:cec0:4200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:29:d2:da:5d:e3:82:b7:96:52:6d:70:48:e5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
        Validity
            Not Before: Jan  1 10:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd0eee299b0ca59b2e90ef6c5ba4ddc5aca67824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:e4:da:cb:86:c1:f3:85:64:34:60:b6:10:aa:
                    d7:99:11:27:71:2c:d8:0b:7d:a7:11:73:5a:5e:76:
                    74:36:5b:1b:7e:65:0e:67:f6:3e:1e:8a:d3:a2:b8:
                    68:34:ec:66:67:bd:46:e5:70:46:65:a1:d5:b8:c1:
                    fe:c2:6a:6e:a5:99:6d:78:cc:bc:f7:84:2d:b2:42:
                    98:5c:1a:40:89:b6:84:a0:7a:ac:a7:88:a6:d6:70:
                    b8:78:a7:f1:bd:f5:61:b8:9a:33:64:8e:b1:03:f3:
                    62:aa:f9:8d:f0:1e:a8:ef:18:3c:8e:56:32:58:d5:
                    00:16:47:6f:72:0b:9e:2e:05:3f:22:77:46:4a:a9:
                    27:19:65:b6:f4:52:31:fc:73:92:17:0d:2e:7f:0c:
                    7f:22:83:51:bc:b9:29:71:fa:f4:8b:b9:f7:46:da:
                    e7:f7:ba:b6:29:d6:3f:87:14:35:60:b1:59:a0:71:
                    5d:13:d7:47:83:ce:41:6b:2c:bc:b7:cf:98:2f:a6:
                    1e:0a:90:57:32:df:bc:af:12:c9:1a:da:97:41:5f:
                    8f:97:1c:47:ec:17:0a:99:a9:19:9d:cd:0a:df:ea:
                    ea:66:24:2e:90:b7:bd:0d:a0:73:23:83:5f:e8:72:
                    2a:df:18:04:56:41:64:ae:bd:18:bb:35:04:45:93:
                    ee:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0E:EE:29:9B:0C:A5:9B:2E:90:EF:6C:5B:A4:DD:C5:AC:A6:78:24
            X509v3 Authority Key Identifier:
                keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/3Q7uKZsMpZsukO9sW6TdxaymeCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:cec0:4200::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:c7:34:ae:0f:7b:94:fb:65:67:35:80:a9:47:64:8b:f7:bc:
         d8:41:2c:3c:88:cc:35:34:d3:fd:53:b1:2f:26:64:42:41:d6:
         ca:19:7c:82:b1:c3:41:79:b1:48:43:b2:b2:d0:c7:45:99:52:
         61:75:b8:ad:21:7f:be:98:9f:75:8c:f4:8f:01:39:39:f8:5d:
         9b:7f:ee:14:33:af:c6:a3:40:53:64:0b:95:e1:e5:00:d6:ff:
         fc:91:95:e0:76:15:22:fb:2f:c4:49:43:3e:d7:d6:17:aa:8f:
         4b:56:0c:bc:d2:24:96:67:2d:23:84:1e:02:3d:0d:4c:0c:44:
         aa:0c:6f:b0:3f:7e:c7:93:1d:3b:7c:13:b3:d7:80:4e:9e:c0:
         7d:f8:f4:01:00:f3:63:99:82:76:65:94:92:26:fa:ba:de:5e:
         24:7c:79:37:49:9d:79:0b:d4:2e:59:5b:bb:22:9f:46:13:01:
         87:9d:2f:4f:a3:d2:06:20:08:0f:06:54:6c:51:65:b2:7a:eb:
         d7:df:52:54:79:24:5d:c4:63:8d:73:1b:45:a2:0f:c0:68:6f:
         23:b1:24:4f:1f:a7:b7:53:36:11:42:88:e4:64:44:04:91:9f:
         2c:4f:b7:d0:03:ae:eb:57:46:ed:78:d5:a4:83:e5:10:11:3e:
         65:e0:72:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5ESnS2l3jgreWUm1wSOUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjYwMTAxMTAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBlZWUyOTliMGNhNTliMmU5MGVmNmM1YmE0ZGRjNWFjYTY3ODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8OTay4bB84VkNGC2EKrXmREncSzY
C32nEXNaXnZ0NlsbfmUOZ/Y+HorTorhoNOxmZ71G5XBGZaHVuMH+wmpupZlteMy8
94QtskKYXBpAibaEoHqsp4im1nC4eKfxvfVhuJozZI6xA/NiqvmN8B6o7xg8jlYy
WNUAFkdvcgueLgU/IndGSqknGWW29FIx/HOSFw0ufwx/IoNRvLkpcfr0i7n3Rtrn
97q2KdY/hxQ1YLFZoHFdE9dHg85Bayy8t8+YL6YeCpBXMt+8rxLJGtqXQV+PlxxH
7BcKmakZnc0K3+rqZiQukLe9DaBzI4Nf6HIq3xgEVkFkrr0YuzUERZPu5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN0O7imbDKWbLpDvbFuk3cWspngkMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEvM1E3dUtac01wWnN1a085c1c2VGR4YXltZUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfOwEIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVxzSuD3uU+2VnNYCpR2SL97zYQSw8iMw1NNP9
U7EvJmRCQdbKGXyCscNBebFIQ7Ky0MdFmVJhdbitIX++mJ91jPSPATk5+F2bf+4U
M6/Go0BTZAuV4eUA1v/8kZXgdhUi+y/ESUM+19YXqo9LVgy80iSWZy0jhB4CPQ1M
DESqDG+wP37Hkx07fBOz14BOnsB9+PQBAPNjmYJ2ZZSSJvq63l4kfHk3SZ15C9Qu
WVu7Ip9GEwGHnS9Po9IGIAgPBlRsUWWyeuvX31JUeSRdxGONcxtFog/AaG8jsSRP
H6e3UzYRQojkZEQEkZ8sT7fQA67rV0bteNWkg+UQET5l4HI6
-----END CERTIFICATE-----