This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/eFOj6GS3QWx3LCTCCOeJMYOedz0.roa
File:                     eFOj6GS3QWx3LCTCCOeJMYOedz0.roa (raw, json)
Hash identifier:          lFu71+7IA2r5yGUrDCeoEYffOjpuguSpQXtdqb7+Xe0=
Subject key identifier:   78:53:A3:E8:64:B7:41:6C:77:2C:24:C2:08:E7:89:31:83:9E:77:3D
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       019B7F82E56340A041BBFD025B160128C799
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/eFOj6GS3QWx3LCTCCOeJMYOedz0.roa
Signing time:             Fri 02 Jan 2026 16:20:43 +0000
ROA not before:           Fri 02 Jan 2026 16:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39239
IP address blocks:        2a01:b960:230b::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e5:63:40:a0:41:bb:fd:02:5b:16:01:28:c7:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  2 16:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7853a3e864b7416c772c24c208e78931839e773d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:48:bb:ab:60:f9:f0:4f:12:48:4e:99:25:2d:
                    11:1a:93:3e:3a:3c:7d:69:98:f4:5e:85:03:c6:1a:
                    05:d5:ab:b0:79:d0:6f:27:9b:bd:ef:d6:76:b2:4b:
                    90:51:56:71:2e:e0:be:24:81:5e:a7:dc:ec:c9:c6:
                    db:4a:a7:21:7b:18:dd:d3:b7:fa:01:bf:e6:f4:d6:
                    5e:0e:0e:c3:3f:2d:ba:d9:0f:76:c9:01:72:07:84:
                    15:52:35:24:7b:9c:5d:d4:19:f0:b0:98:d8:73:9d:
                    4d:0d:c9:a2:20:6c:91:ff:93:d1:df:bf:aa:9a:e0:
                    a1:12:a6:c5:5b:83:84:0e:a1:7c:05:a0:81:40:28:
                    30:83:78:37:b0:ed:4d:4e:d9:1a:68:b0:a4:4c:24:
                    3a:96:40:8f:04:d3:a5:43:66:02:6e:21:d8:7a:10:
                    84:7a:0f:cd:60:99:4c:84:0a:40:09:10:5e:0d:1d:
                    b3:f4:0f:c9:0a:12:64:0e:ab:de:93:42:4c:8b:4e:
                    f9:f9:41:d8:6f:a9:2d:dc:b4:13:da:fd:f7:1d:f4:
                    b7:07:1f:92:f4:0c:98:d7:a7:e9:dd:20:d6:23:73:
                    4a:04:d3:cf:5f:16:6e:78:74:f8:6e:e7:d6:9b:97:
                    11:ac:d1:08:c7:aa:3b:df:4e:52:10:25:92:0e:e8:
                    0b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:53:A3:E8:64:B7:41:6C:77:2C:24:C2:08:E7:89:31:83:9E:77:3D
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/eFOj6GS3QWx3LCTCCOeJMYOedz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:230b::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:48:3d:63:92:63:d9:70:f1:02:66:ad:48:35:e6:36:9d:56:
         77:76:c2:74:d5:b1:23:a4:0a:48:04:59:26:a8:c5:12:d4:3b:
         98:86:c0:9f:9e:31:79:84:a5:7a:4e:0d:7e:13:ce:0e:99:10:
         41:6f:61:73:5a:f2:0e:51:15:9d:80:71:cd:c4:21:10:1c:ac:
         99:d7:02:99:5d:69:ec:da:6c:d9:4b:4b:90:41:5b:10:8c:7d:
         1a:f7:c1:76:36:ea:9a:15:1b:b6:71:a3:9a:e2:9d:e5:55:87:
         0e:74:17:1a:0e:5d:3c:64:5d:c3:63:ae:26:6b:46:c8:cf:81:
         82:22:b4:38:5b:ef:00:c7:8c:75:c1:3d:02:08:29:15:bc:ea:
         31:3f:a0:31:98:1c:3f:4a:08:1a:5d:3c:d2:d5:cd:53:db:20:
         32:eb:76:5f:47:a3:0e:5c:9f:5e:8a:1e:3f:4e:18:c4:93:ad:
         72:95:40:ac:de:d2:a7:11:98:72:2a:93:64:96:1d:32:fb:a5:
         11:52:6c:29:06:17:e6:e0:b5:d6:a0:bd:a3:a3:95:c5:b8:40:
         74:26:b7:e8:83:43:68:73:8e:7b:44:8a:38:7a:96:fb:21:30:
         c7:9a:c6:d1:cf:5b:7c:ee:a4:f8:77:e8:2c:95:38:97:e2:21:
         b0:de:b3:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/guVjQKBBu/0CWxYBKMeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjYwMTAyMTYyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODUzYTNlODY0Yjc0MTZjNzcyYzI0YzIwOGU3ODkzMTgzOWU3NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0i7q2D58E8SSE6ZJS0RGpM+Ojx9
aZj0XoUDxhoF1auwedBvJ5u979Z2skuQUVZxLuC+JIFep9zsycbbSqchexjd07f6
Ab/m9NZeDg7DPy262Q92yQFyB4QVUjUke5xd1BnwsJjYc51NDcmiIGyR/5PR37+q
muChEqbFW4OEDqF8BaCBQCgwg3g3sO1NTtkaaLCkTCQ6lkCPBNOlQ2YCbiHYehCE
eg/NYJlMhApACRBeDR2z9A/JChJkDqvek0JMi075+UHYb6kt3LQT2v33HfS3Bx+S
9AyY16fp3SDWI3NKBNPPXxZueHT4bufWm5cRrNEIx6o7305SECWSDugLswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHhTo+hkt0FsdywkwgjniTGDnnc9MB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvZUZPajZHUzNRV3gzTENUQ0NPZUpNWU9lZHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCML
MA0GCSqGSIb3DQEBCwUAA4IBAQAdSD1jkmPZcPECZq1INeY2nVZ3dsJ01bEjpApI
BFkmqMUS1DuYhsCfnjF5hKV6Tg1+E84OmRBBb2FzWvIOURWdgHHNxCEQHKyZ1wKZ
XWns2mzZS0uQQVsQjH0a98F2NuqaFRu2caOa4p3lVYcOdBcaDl08ZF3DY64ma0bI
z4GCIrQ4W+8Ax4x1wT0CCCkVvOoxP6AxmBw/SggaXTzS1c1T2yAy63ZfR6MOXJ9e
ih4/ThjEk61ylUCs3tKnEZhyKpNklh0y+6URUmwpBhfm4LXWoL2jo5XFuEB0Jrfo
g0Noc457RIo4epb7ITDHmsbRz1t87qT4d+gslTiX4iGw3rO2
-----END CERTIFICATE-----