This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/R3GyXBYJhMHhgq5yrGVUK3jdnkA.roa
File:                     R3GyXBYJhMHhgq5yrGVUK3jdnkA.roa (raw, json)
Hash identifier:          g1FeF6e8PlISr+mSxj+h+WNftfc+dabb3ghrlPO9BE0=
Subject key identifier:   47:71:B2:5C:16:09:84:C1:E1:82:AE:72:AC:65:54:2B:78:DD:9E:40
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       019B77C664B4E4374ECCE1F0741C415F4438
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/R3GyXBYJhMHhgq5yrGVUK3jdnkA.roa
Signing time:             Thu 01 Jan 2026 04:17:29 +0000
ROA not before:           Thu 01 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202272
IP address blocks:        2a0f:4900::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:64:b4:e4:37:4e:cc:e1:f0:74:1c:41:5f:44:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  1 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4771b25c160984c1e182ae72ac65542b78dd9e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cf:8a:d7:74:5c:4b:96:ac:b1:61:45:6a:c2:
                    ba:3c:70:ff:3c:48:d4:49:12:90:be:d5:83:b2:e4:
                    19:d9:c4:82:28:65:ef:45:5f:d7:82:0d:44:a4:4d:
                    f1:77:14:c9:64:a2:1e:e7:75:aa:f6:9f:1c:8e:17:
                    17:a7:8a:ba:8c:fd:d4:1f:5d:cb:5e:56:bd:ba:a3:
                    83:58:6f:db:0e:d7:39:b5:0d:24:d1:76:da:f7:0b:
                    89:00:16:47:c5:b4:62:9f:32:21:85:46:a9:24:25:
                    1f:9e:90:12:97:2a:8b:8b:d8:fc:d5:3b:7c:c1:a4:
                    b7:6b:04:7e:8e:99:5d:71:49:8e:66:96:d0:2d:56:
                    d0:c7:e1:7d:9b:19:cd:53:ac:ff:1e:fa:82:b4:df:
                    4f:2e:f4:6a:07:ae:66:3c:79:0b:5f:c5:55:a1:e0:
                    d5:33:09:0d:9b:f9:9a:89:c4:67:31:00:74:43:6d:
                    66:93:af:15:bd:7f:af:81:f9:47:79:48:39:7f:81:
                    17:36:f3:38:4a:fe:92:d8:88:0e:e8:66:77:6a:bd:
                    34:5a:76:dd:ee:45:c1:a4:ee:ca:68:0d:8c:4c:43:
                    38:21:0c:94:03:4d:1b:d0:12:fb:75:3d:e5:6b:78:
                    c6:3c:73:3d:c2:42:f5:cd:65:70:25:88:ed:7e:d0:
                    52:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:71:B2:5C:16:09:84:C1:E1:82:AE:72:AC:65:54:2B:78:DD:9E:40
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/R3GyXBYJhMHhgq5yrGVUK3jdnkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4900::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:0a:b1:1a:da:23:8d:8c:a6:a8:68:5d:90:87:7d:90:94:5b:
         8c:4b:3b:55:b5:88:65:66:e0:a3:1f:ed:61:88:26:43:3c:a5:
         e8:a2:6f:d3:60:33:ec:98:f3:57:8f:2f:17:3f:ee:2d:1e:f2:
         e8:01:4a:5e:0d:c2:d6:eb:76:6e:a4:ae:d3:e0:51:f9:cb:0d:
         12:f8:a2:3b:68:51:f7:3b:af:1f:f7:15:9a:85:92:2e:0b:1d:
         9c:8b:7e:ed:e5:e3:01:93:a1:2f:bf:d4:d9:53:b5:76:f8:3a:
         3a:ee:33:be:d0:2d:73:1d:d8:65:41:d9:a9:1a:0f:14:45:f2:
         b4:82:2a:fb:cc:75:28:d5:91:05:ca:7c:35:38:13:56:8d:c0:
         5d:c9:ae:5d:67:a8:a6:98:ce:c5:1b:62:a1:e2:ff:90:46:60:
         15:5f:01:2a:4d:b0:2b:5c:6b:35:11:ad:02:9f:44:bd:53:a6:
         89:21:b6:f6:29:24:94:b4:8d:be:e8:5f:7d:6c:c3:79:5d:38:
         39:2f:37:5b:76:2e:f9:06:5d:4f:54:9c:d5:25:7c:09:e9:1f:
         b5:34:59:98:d8:4b:9d:bd:39:ea:15:a8:3f:41:9d:45:89:8c:
         8f:39:82:e6:08:5e:b1:7f:f6:14:0f:bf:60:19:ad:24:bc:0c:
         0c:01:0e:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xmS05DdOzOHwdBxBX0Q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjYwMTAxMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzcxYjI1YzE2MDk4NGMxZTE4MmFlNzJhYzY1NTQyYjc4ZGQ5ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs+K13RcS5assWFFasK6PHD/PEjU
SRKQvtWDsuQZ2cSCKGXvRV/Xgg1EpE3xdxTJZKIe53Wq9p8cjhcXp4q6jP3UH13L
Xla9uqODWG/bDtc5tQ0k0Xba9wuJABZHxbRinzIhhUapJCUfnpASlyqLi9j81Tt8
waS3awR+jpldcUmOZpbQLVbQx+F9mxnNU6z/HvqCtN9PLvRqB65mPHkLX8VVoeDV
MwkNm/maicRnMQB0Q21mk68VvX+vgflHeUg5f4EXNvM4Sv6S2IgO6GZ3ar00Wnbd
7kXBpO7KaA2MTEM4IQyUA00b0BL7dT3la3jGPHM9wkL1zWVwJYjtftBSmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEdxslwWCYTB4YKucqxlVCt43Z5AMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvUjNHeVhCWUpoTUhoZ3E1eXJHVlVLM2pkbmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9JAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjCrEa2iONjKaoaF2Qh32QlFuMSztVtYhlZuCj
H+1hiCZDPKXoom/TYDPsmPNXjy8XP+4tHvLoAUpeDcLW63ZupK7T4FH5yw0S+KI7
aFH3O68f9xWahZIuCx2ci37t5eMBk6Evv9TZU7V2+Do67jO+0C1zHdhlQdmpGg8U
RfK0gir7zHUo1ZEFynw1OBNWjcBdya5dZ6immM7FG2Kh4v+QRmAVXwEqTbArXGs1
Ea0Cn0S9U6aJIbb2KSSUtI2+6F99bMN5XTg5Lzdbdi75Bl1PVJzVJXwJ6R+1NFmY
2EudvTnqFag/QZ1FiYyPOYLmCF6xf/YUD79gGa0kvAwMAQ6P
-----END CERTIFICATE-----