This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/9S4MfLquyh-qrUEKsjf9K5pPw-E.roa
File:                     9S4MfLquyh-qrUEKsjf9K5pPw-E.roa (raw, json)
Hash identifier:          lDfP7Rw/AFVS5oiPjEygt8fOx4/sSpYeTHr+hNCy/Y8=
Subject key identifier:   F5:2E:0C:7C:BA:AE:CA:1F:AA:AD:41:0A:B2:37:FD:2B:9A:4F:C3:E1
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       019B7F82E7D09D45C13D5B9B33F28C84204C
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/9S4MfLquyh-qrUEKsjf9K5pPw-E.roa
Signing time:             Fri 02 Jan 2026 16:20:43 +0000
ROA not before:           Fri 02 Jan 2026 16:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209485
IP address blocks:        2a01:b960:2309::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e7:d0:9d:45:c1:3d:5b:9b:33:f2:8c:84:20:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  2 16:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f52e0c7cbaaeca1faaad410ab237fd2b9a4fc3e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a2:14:04:5d:4f:d8:b4:07:51:c9:56:64:ff:
                    d9:13:8a:99:97:04:ea:fd:ea:69:97:41:1d:db:c6:
                    4b:b5:f7:46:c1:4e:ec:e7:4b:f3:c2:85:ea:22:26:
                    44:89:d0:9e:09:bb:94:18:c6:71:e8:67:45:90:e1:
                    c2:4d:be:1e:1d:57:28:aa:18:0b:2c:ff:3f:8e:f6:
                    b8:5c:b8:60:e9:2f:fa:e0:97:23:5e:80:a2:ab:3e:
                    2b:d0:60:42:b2:e9:46:05:5c:90:c4:dc:6f:51:ac:
                    17:57:dc:16:48:fa:c2:a1:a9:b7:a7:b3:0d:19:bf:
                    35:ea:4c:92:4c:92:ba:41:a9:dc:17:6d:b9:56:5c:
                    6f:dd:38:aa:88:5e:f9:28:d2:9a:7b:ad:ed:02:99:
                    3d:cb:fb:12:0c:2d:0a:62:63:1f:94:5e:02:fa:be:
                    91:6e:02:19:e6:04:ec:57:60:c4:d5:99:54:0d:4d:
                    1e:71:b0:1b:47:cf:e7:b5:71:8e:5e:b9:50:b9:f5:
                    c1:08:7d:68:33:9c:5a:29:2f:41:b7:ec:d8:3f:aa:
                    23:25:69:47:e4:81:0d:04:2c:4f:47:6a:8c:2f:4b:
                    ac:1c:62:bc:f9:de:79:b6:60:b1:69:33:b3:0b:26:
                    7e:3f:d6:e7:b3:0e:7d:86:f8:3c:f3:2c:99:9a:cd:
                    d0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2E:0C:7C:BA:AE:CA:1F:AA:AD:41:0A:B2:37:FD:2B:9A:4F:C3:E1
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/9S4MfLquyh-qrUEKsjf9K5pPw-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:2309::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:d4:30:73:ac:d3:8e:fa:58:5c:b7:72:ab:18:c4:f0:9a:3c:
         6e:14:cb:25:79:88:7f:ce:27:11:56:94:9c:ef:d0:59:ed:67:
         28:07:98:37:e9:b4:e4:d8:27:f4:d9:84:2a:f4:db:21:7a:40:
         2b:b6:22:e7:82:de:0c:aa:85:dc:be:bd:85:d9:04:62:c1:20:
         c5:b0:fb:94:ea:b7:43:be:5c:1f:df:d3:b4:5c:27:72:b2:8a:
         e3:f1:c9:56:06:c5:f9:79:b6:aa:00:f3:03:e4:b6:11:19:54:
         2c:b1:32:55:34:83:18:26:11:83:b2:94:48:e6:2c:81:3c:1d:
         a1:b2:de:1d:8d:e6:77:3e:36:05:e0:d1:82:0d:e7:82:33:87:
         d1:fd:e1:dd:7f:8f:c4:bd:20:5e:de:79:d5:48:a2:1b:2d:99:
         98:a7:4b:93:d0:ec:4b:17:05:d3:02:73:b2:09:d6:ca:46:9a:
         f3:aa:35:2f:94:03:b7:b0:f1:a1:a1:c0:4f:3e:b6:cc:44:5e:
         21:f2:d6:b5:96:c6:cd:44:78:ac:5c:0b:70:c4:35:ad:7e:02:
         7c:73:87:4f:d0:13:41:7a:70:eb:24:8d:72:5f:6a:c8:3c:fd:
         e6:9e:df:67:dd:04:2d:73:bb:31:bd:1b:a8:e8:19:7c:ab:db:
         a5:0d:73:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/gufQnUXBPVubM/KMhCBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjYwMTAyMTYyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJlMGM3Y2JhYWVjYTFmYWFhZDQxMGFiMjM3ZmQyYjlhNGZjM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaIUBF1P2LQHUclWZP/ZE4qZlwTq
/eppl0Ed28ZLtfdGwU7s50vzwoXqIiZEidCeCbuUGMZx6GdFkOHCTb4eHVcoqhgL
LP8/jva4XLhg6S/64JcjXoCiqz4r0GBCsulGBVyQxNxvUawXV9wWSPrCoam3p7MN
Gb816kySTJK6QancF225Vlxv3TiqiF75KNKae63tApk9y/sSDC0KYmMflF4C+r6R
bgIZ5gTsV2DE1ZlUDU0ecbAbR8/ntXGOXrlQufXBCH1oM5xaKS9Bt+zYP6ojJWlH
5IENBCxPR2qML0usHGK8+d55tmCxaTOzCyZ+P9bnsw59hvg88yyZms3QYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPUuDHy6rsofqq1BCrI3/SuaT8PhMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvOVM0TWZMcXV5aC1xclVFS3NqZjlLNXBQdy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCE1DBzrNOO+lhct3KrGMTwmjxuFMsleYh/zicR
VpSc79BZ7WcoB5g36bTk2Cf02YQq9NshekArtiLngt4MqoXcvr2F2QRiwSDFsPuU
6rdDvlwf39O0XCdysorj8clWBsX5ebaqAPMD5LYRGVQssTJVNIMYJhGDspRI5iyB
PB2hst4djeZ3PjYF4NGCDeeCM4fR/eHdf4/EvSBe3nnVSKIbLZmYp0uT0OxLFwXT
AnOyCdbKRprzqjUvlAO3sPGhocBPPrbMRF4h8ta1lsbNRHisXAtwxDWtfgJ8c4dP
0BNBenDrJI1yX2rIPP3mnt9n3QQtc7sxvRuo6Bl8q9ulDXNI
-----END CERTIFICATE-----