This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/97p9ZUhGZG6kJjtKp2TuV47gh5U.roa
File:                     97p9ZUhGZG6kJjtKp2TuV47gh5U.roa (raw, json)
Hash identifier:          x88qWTYqI0aG2w0GajPiY4NGO9pvbzLLCkLeMTUd2t4=
Subject key identifier:   F7:BA:7D:65:48:46:64:6E:A4:26:3B:4A:A7:64:EE:57:8E:E0:87:95
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       019B77C664062C4105A2D8CCFEE00310572A
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/97p9ZUhGZG6kJjtKp2TuV47gh5U.roa
Signing time:             Thu 01 Jan 2026 04:17:28 +0000
ROA not before:           Thu 01 Jan 2026 04:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34872
IP address blocks:        2a0f:4900::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:64:06:2c:41:05:a2:d8:cc:fe:e0:03:10:57:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  1 04:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7ba7d654846646ea4263b4aa764ee578ee08795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a9:6d:3c:d5:ee:80:41:39:5f:f4:a0:06:43:
                    cf:d8:e8:ab:90:37:02:bb:9f:f5:40:60:7b:22:78:
                    8f:14:33:8a:10:39:00:b8:d7:14:30:ff:b0:b5:bd:
                    5e:8f:5c:70:03:27:dc:36:37:d9:c5:59:da:59:81:
                    57:4f:bc:49:6b:e9:72:87:91:a2:1a:1f:a1:3f:ba:
                    b8:11:99:b4:ce:36:2f:9c:96:77:82:ba:f4:4c:3c:
                    a1:bb:ac:49:53:0a:b0:d8:39:15:f8:a6:0f:bc:ee:
                    52:29:d1:bc:80:9c:1b:dd:71:fb:ad:33:17:12:c3:
                    01:cc:a5:35:9f:ed:dc:f2:0e:37:04:3f:70:63:d5:
                    55:6b:bb:49:f7:05:93:45:b1:1f:e5:93:51:ed:96:
                    20:e7:5b:43:1f:ef:ce:96:67:ee:f7:f6:14:97:dd:
                    48:29:8e:a2:15:73:c8:51:b5:04:f4:6f:4a:83:25:
                    d6:84:46:1a:6b:1f:2a:6e:c1:52:46:59:d1:e1:37:
                    fb:27:a6:c5:f5:21:06:e5:0a:af:94:7b:ca:75:8d:
                    e7:e6:2a:df:23:30:48:8d:22:c4:62:cc:f6:c5:fc:
                    7a:0e:d8:f8:28:e1:31:cf:c0:a0:8e:7d:62:c8:67:
                    da:03:70:18:91:23:f6:01:23:3c:e1:c8:43:fe:27:
                    90:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BA:7D:65:48:46:64:6E:A4:26:3B:4A:A7:64:EE:57:8E:E0:87:95
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/97p9ZUhGZG6kJjtKp2TuV47gh5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4900::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:b9:f4:b2:27:bd:ed:c6:43:c2:62:7a:22:02:76:57:05:25:
         c4:a4:d8:3d:02:f3:0a:4e:21:90:e3:92:df:aa:eb:14:fd:d5:
         53:84:1e:35:4f:45:bc:52:e8:da:a4:b7:a6:bf:03:77:7d:c7:
         fd:75:30:ca:ac:94:c9:63:5e:ad:e2:c9:1f:b2:0b:68:7c:c9:
         c4:7f:e9:a0:87:d4:c5:5d:cf:10:c2:58:d8:e9:63:e4:8e:8d:
         ba:9f:4b:f9:a2:fd:f6:03:b8:0a:89:1f:ba:f8:fb:29:cc:a7:
         01:c2:fe:50:63:cb:c4:84:47:3a:13:c0:0b:17:b3:ea:68:7f:
         a2:0b:ae:a2:df:73:72:9a:05:d7:de:18:4b:9a:39:da:d8:b3:
         4b:60:ed:e7:b0:4a:7d:88:a0:f5:18:d7:e7:18:ac:a1:f0:4d:
         0d:ee:61:bd:25:a9:56:96:af:68:01:eb:49:ed:30:f7:a2:bb:
         0e:93:11:93:f3:5f:d4:8e:81:38:11:56:95:43:35:5e:99:e7:
         c5:8c:8b:78:b9:05:01:e5:ff:94:23:3f:1c:d9:a1:71:25:df:
         97:79:51:e5:7e:b7:c0:ff:3a:56:fa:27:ff:4b:0b:70:c5:25:
         3a:b6:9e:cd:5a:79:4b:ed:94:63:4f:cc:37:7f:e5:c2:47:e5:
         d5:cb:23:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xmQGLEEFotjM/uADEFcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjYwMTAxMDQxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JhN2Q2NTQ4NDY2NDZlYTQyNjNiNGFhNzY0ZWU1NzhlZTA4Nzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaltPNXugEE5X/SgBkPP2OirkDcC
u5/1QGB7IniPFDOKEDkAuNcUMP+wtb1ej1xwAyfcNjfZxVnaWYFXT7xJa+lyh5Gi
Gh+hP7q4EZm0zjYvnJZ3grr0TDyhu6xJUwqw2DkV+KYPvO5SKdG8gJwb3XH7rTMX
EsMBzKU1n+3c8g43BD9wY9VVa7tJ9wWTRbEf5ZNR7ZYg51tDH+/Olmfu9/YUl91I
KY6iFXPIUbUE9G9KgyXWhEYaax8qbsFSRlnR4Tf7J6bF9SEG5QqvlHvKdY3n5irf
IzBIjSLEYsz2xfx6Dtj4KOExz8Cgjn1iyGfaA3AYkSP2ASM84chD/ieQgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPe6fWVIRmRupCY7Sqdk7leO4IeVMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvOTdwOVpVaEdaRzZrSmp0S3AyVHVWNDdnaDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9JAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6ufSyJ73txkPCYnoiAnZXBSXEpNg9AvMKTiGQ
45LfqusU/dVThB41T0W8UujapLemvwN3fcf9dTDKrJTJY16t4skfsgtofMnEf+mg
h9TFXc8QwljY6WPkjo26n0v5ov32A7gKiR+6+PspzKcBwv5QY8vEhEc6E8ALF7Pq
aH+iC66i33NymgXX3hhLmjna2LNLYO3nsEp9iKD1GNfnGKyh8E0N7mG9JalWlq9o
AetJ7TD3orsOkxGT81/UjoE4EVaVQzVemefFjIt4uQUB5f+UIz8c2aFxJd+XeVHl
frfA/zpW+if/SwtwxSU6tp7NWnlL7ZRjT8w3f+XCR+XVyyMh
-----END CERTIFICATE-----