This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/sfRY7oi8Cy67vRa8TsGmyb-biXw.roa
File:                     sfRY7oi8Cy67vRa8TsGmyb-biXw.roa (raw, json)
Hash identifier:          e12FlexHma7yK74h/ZUgXE8E6Z1jM1kIctBTzVSEvaE=
Subject key identifier:   B1:F4:58:EE:88:BC:0B:2E:BB:BD:16:BC:4E:C1:A6:C9:BF:9B:89:7C
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019B77C66BAF12432A3C76607F29915F3E0F
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/sfRY7oi8Cy67vRa8TsGmyb-biXw.roa
Signing time:             Thu 01 Jan 2026 04:17:30 +0000
ROA not before:           Thu 01 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6886
IP address blocks:        2a09:10c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:6b:af:12:43:2a:3c:76:60:7f:29:91:5f:3e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Jan  1 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1f458ee88bc0b2ebbbd16bc4ec1a6c9bf9b897c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6d:4c:3e:24:c7:04:61:f0:ce:bc:6e:3f:d6:
                    89:c1:58:7d:30:0d:c3:66:de:8f:46:e5:2d:80:c7:
                    b1:55:16:23:a9:fb:94:be:d6:ae:36:6f:31:cc:b9:
                    2c:7d:ab:86:88:7e:a9:45:b8:ac:09:c2:b0:a2:42:
                    a1:de:19:1e:22:29:1d:ff:15:4b:b9:c2:08:ee:70:
                    1e:7e:ff:d2:83:cb:3b:6b:75:7b:eb:63:48:d4:ef:
                    37:cd:eb:bb:1e:1d:17:7d:97:2c:e2:ff:c4:f2:d9:
                    6a:96:e9:6b:fd:8e:8b:d3:bb:5d:ae:e6:ba:ef:d4:
                    42:be:95:52:9d:2d:9d:d1:63:71:19:10:3f:bb:dc:
                    2d:28:98:ce:69:3f:70:38:6c:f0:a4:73:3a:de:41:
                    46:d9:8c:20:0e:cf:b1:20:83:a2:d6:81:ae:88:91:
                    bf:1e:6e:ec:24:82:8b:11:33:de:7f:52:43:a2:75:
                    b1:01:ca:1b:e4:2d:e7:0c:39:1f:f2:5f:11:dc:da:
                    4e:60:bd:2e:5a:0a:5e:be:2a:30:7c:b4:a6:14:8b:
                    f3:68:24:fe:2f:59:dd:76:20:c5:90:77:7b:8f:81:
                    dd:1d:e8:7e:86:f8:a3:71:64:27:06:0b:0d:9f:1e:
                    6a:e3:b6:9b:f4:14:a6:d1:1f:8f:6b:39:1c:00:be:
                    1a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F4:58:EE:88:BC:0B:2E:BB:BD:16:BC:4E:C1:A6:C9:BF:9B:89:7C
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/sfRY7oi8Cy67vRa8TsGmyb-biXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:f1:ea:ac:8c:40:25:b3:95:b7:46:fe:b7:bb:2f:f9:60:d4:
         d5:c7:3f:a2:96:31:ea:7a:8b:45:59:31:35:ff:b2:de:a7:a9:
         8e:f0:80:61:47:52:6c:6b:c0:3e:63:21:f7:68:e8:34:dd:ce:
         45:c7:7f:a3:ff:9b:cc:da:38:c5:49:d1:58:e0:86:e3:5e:8e:
         58:54:80:bc:6c:23:91:fb:dc:d5:d1:5d:25:de:60:0d:81:99:
         a1:08:8b:d7:3b:f3:58:df:46:d4:e3:7b:55:dc:fc:d2:cb:e6:
         28:94:9e:ef:be:a8:f3:f3:b2:22:0f:e7:86:da:66:91:28:a0:
         28:8b:0b:2a:ab:93:4d:b3:de:11:e4:3b:95:f6:52:af:15:91:
         ef:8c:86:7f:e8:b8:88:a4:29:20:92:68:dd:f1:95:9f:b3:a5:
         85:a7:0b:65:a0:6e:0f:40:ef:2f:71:a8:4f:ae:30:1f:8a:75:
         a8:55:2f:d1:96:31:26:75:6f:62:cb:34:ee:39:5d:0e:1e:6f:
         3b:f9:a6:f1:ed:b0:64:c7:cd:e1:b7:4b:9e:fb:bd:28:f0:e9:
         22:99:11:ef:29:14:83:49:d8:36:83:bf:79:d1:84:15:c3:f5:
         ee:7c:e6:01:a5:a4:0e:40:a4:cc:52:65:38:46:ca:13:80:e8:
         75:12:85:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3xmuvEkMqPHZgfymRXz4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY0NThlZTg4YmMwYjJlYmJiZDE2YmM0ZWMxYTZjOWJmOWI4OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq21MPiTHBGHwzrxuP9aJwVh9MA3D
Zt6PRuUtgMexVRYjqfuUvtauNm8xzLksfauGiH6pRbisCcKwokKh3hkeIikd/xVL
ucII7nAefv/Sg8s7a3V762NI1O83zeu7Hh0XfZcs4v/E8tlqlulr/Y6L07tdrua6
79RCvpVSnS2d0WNxGRA/u9wtKJjOaT9wOGzwpHM63kFG2YwgDs+xIIOi1oGuiJG/
Hm7sJIKLETPef1JDonWxAcob5C3nDDkf8l8R3NpOYL0uWgpeviowfLSmFIvzaCT+
L1nddiDFkHd7j4HdHeh+hvijcWQnBgsNnx5q47ab9BSm0R+PazkcAL4a5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLH0WO6IvAsuu70WvE7Bpsm/m4l8MB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvc2ZSWTdvaThDeTY3dlJhOFRzR215Yi1iaVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgkQwDAN
BgkqhkiG9w0BAQsFAAOCAQEAy/HqrIxAJbOVt0b+t7sv+WDU1cc/opYx6nqLRVkx
Nf+y3qepjvCAYUdSbGvAPmMh92joNN3ORcd/o/+bzNo4xUnRWOCG416OWFSAvGwj
kfvc1dFdJd5gDYGZoQiL1zvzWN9G1ON7Vdz80svmKJSe776o8/OyIg/nhtpmkSig
KIsLKquTTbPeEeQ7lfZSrxWR74yGf+i4iKQpIJJo3fGVn7OlhacLZaBuD0DvL3Go
T64wH4p1qFUv0ZYxJnVvYss07jldDh5vO/mm8e2wZMfN4bdLnvu9KPDpIpkR7ykU
g0nYNoO/edGEFcP17nzmAaWkDkCkzFJlOEbKE4DodRKF0g==
-----END CERTIFICATE-----