This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/hdtIncm8R6KfHurvC5li4aR-6S0.roa
File:                     hdtIncm8R6KfHurvC5li4aR-6S0.roa (raw, json)
Hash identifier:          FRUMsOvUTZ3EPeiG9JMTCcXVM1bub5CGqnhEOTi3ITU=
Subject key identifier:   85:DB:48:9D:C9:BC:47:A2:9F:1E:EA:EF:0B:99:62:E1:A4:7E:E9:2D
Certificate issuer:       /CN=29766d1ae6eb21849bc3a3b2d18e863d273d2404
Certificate serial:       019B7C1245DB44F8955A1848157EFB0B5893
Authority key identifier: 29:76:6D:1A:E6:EB:21:84:9B:C3:A3:B2:D1:8E:86:3D:27:3D:24:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/hdtIncm8R6KfHurvC5li4aR-6S0.roa
Signing time:             Fri 02 Jan 2026 00:18:50 +0000
ROA not before:           Fri 02 Jan 2026 00:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213305
IP address blocks:        2a04:1a00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:45:db:44:f8:95:5a:18:48:15:7e:fb:0b:58:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29766d1ae6eb21849bc3a3b2d18e863d273d2404
        Validity
            Not Before: Jan  2 00:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85db489dc9bc47a29f1eeaef0b9962e1a47ee92d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ca:29:b6:6b:d7:f1:81:07:13:fe:41:fc:bf:
                    21:02:05:86:51:a5:9a:b0:01:39:dd:ec:d4:e6:48:
                    03:7b:ef:91:d2:06:6c:26:c6:3a:19:86:ee:29:fa:
                    55:66:ea:32:3f:1e:81:d3:8f:51:70:6f:b1:88:ac:
                    c7:4f:9a:2a:23:30:f2:34:1d:72:1f:ef:72:a3:0b:
                    ab:5d:b5:35:6b:00:1b:90:06:22:e3:64:74:1e:6c:
                    03:58:69:46:cf:be:84:3e:4e:08:81:83:f1:b2:11:
                    81:5a:d0:33:c3:d4:d8:b3:58:e5:76:36:47:55:47:
                    0d:df:c0:28:8c:2f:24:09:db:0d:bd:05:31:d4:0a:
                    23:27:63:36:db:18:09:b2:63:27:29:0c:7c:e6:3c:
                    ce:61:1a:fe:9a:78:ea:ea:e9:03:8f:5b:05:f4:d3:
                    7a:9e:5d:87:86:4d:aa:38:b2:0d:83:ee:d5:db:df:
                    23:7a:28:9c:77:74:b4:17:80:30:80:7d:e2:c6:b1:
                    17:02:31:1a:ef:a4:96:6d:f1:0b:a0:2d:fd:4a:bb:
                    d0:90:6c:8d:fa:8f:db:11:7a:40:3f:4f:93:70:70:
                    4e:a1:31:6e:f9:a2:a6:07:c3:88:06:c8:c2:c1:f9:
                    cb:84:1a:f2:19:f0:ed:c5:d3:59:0c:c4:dd:a2:91:
                    f6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DB:48:9D:C9:BC:47:A2:9F:1E:EA:EF:0B:99:62:E1:A4:7E:E9:2D
            X509v3 Authority Key Identifier:
                keyid:29:76:6D:1A:E6:EB:21:84:9B:C3:A3:B2:D1:8E:86:3D:27:3D:24:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/hdtIncm8R6KfHurvC5li4aR-6S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:a5:03:06:bc:2a:f3:e3:6f:16:ba:32:55:5b:74:25:19:7d:
         d8:a3:4c:05:32:68:1e:a1:a9:7f:3e:34:d7:a0:b8:19:1c:ff:
         fd:5e:58:a6:51:ec:74:d7:12:33:4d:bb:f1:ef:82:dc:8c:12:
         a4:af:a4:82:01:7a:d4:dc:72:66:7c:69:b9:b9:73:65:98:ec:
         0a:4b:bf:53:40:5c:e4:b3:a6:82:68:34:34:a7:a0:ba:df:eb:
         6c:08:33:cd:f8:e2:3c:8f:6a:3c:33:82:99:5f:09:04:95:00:
         4a:57:67:d6:9c:f3:bf:41:c5:64:f1:f5:01:98:5a:d2:90:54:
         fc:a4:6e:d5:02:01:18:b7:1b:57:f9:7c:57:4f:cc:f9:af:a8:
         d0:a7:4b:b5:16:22:f0:38:5c:50:80:34:87:2f:2a:29:c5:9f:
         9b:15:2a:f5:cf:b0:b7:a4:8c:50:ef:01:f0:54:53:8e:08:ea:
         8f:b0:1f:65:e2:c6:15:9b:e4:47:8e:95:00:89:9e:1b:29:2a:
         22:d8:34:f2:ea:77:ee:cf:e0:78:22:67:4e:cb:2f:08:c8:d8:
         91:b5:7c:84:00:18:5b:e2:f1:9f:7b:64:51:23:9c:c6:e7:fa:
         ea:96:ca:11:d4:05:94:ed:14:48:ae:4b:68:b7:74:9b:66:c1:
         44:2d:24:a4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8EkXbRPiVWhhIFX77C1iTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzY2ZDFhZTZlYjIxODQ5YmMzYTNiMmQxOGU4NjNkMjcz
ZDI0MDQwHhcNMjYwMTAyMDAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWRiNDg5ZGM5YmM0N2EyOWYxZWVhZWYwYjk5NjJlMWE0N2VlOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8optmvX8YEHE/5B/L8hAgWGUaWa
sAE53ezU5kgDe++R0gZsJsY6GYbuKfpVZuoyPx6B049RcG+xiKzHT5oqIzDyNB1y
H+9yowurXbU1awAbkAYi42R0HmwDWGlGz76EPk4IgYPxshGBWtAzw9TYs1jldjZH
VUcN38AojC8kCdsNvQUx1AojJ2M22xgJsmMnKQx85jzOYRr+mnjq6ukDj1sF9NN6
nl2Hhk2qOLINg+7V298jeiicd3S0F4AwgH3ixrEXAjEa76SWbfELoC39SrvQkGyN
+o/bEXpAP0+TcHBOoTFu+aKmB8OIBsjCwfnLhBryGfDtxdNZDMTdopH2YQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIXbSJ3JvEeinx7q7wuZYuGkfuktMB8GA1UdIwQY
MBaAFCl2bRrm6yGEm8OjstGOhj0nPSQEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hadEd1YnJJWVNidzZPeTBZNkdQU2M5SkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iNzExZmItZTU4NC00ZjM1LWEwZWMt
MTE1ZDY4ZDliODFiLzEvaGR0SW5jbThSNktmSHVydkM1bGk0YVItNlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iNzExZmItZTU4NC00ZjM1LWEwZWMtMTE1ZDY4ZDliODFi
LzEvS1hadEd1YnJJWVNidzZPeTBZNkdQU2M5SkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQaADAN
BgkqhkiG9w0BAQsFAAOCAQEARaUDBrwq8+NvFroyVVt0JRl92KNMBTJoHqGpfz40
16C4GRz//V5YplHsdNcSM0278e+C3IwSpK+kggF61NxyZnxpublzZZjsCku/U0Bc
5LOmgmg0NKegut/rbAgzzfjiPI9qPDOCmV8JBJUASldn1pzzv0HFZPH1AZha0pBU
/KRu1QIBGLcbV/l8V0/M+a+o0KdLtRYi8DhcUIA0hy8qKcWfmxUq9c+wt6SMUO8B
8FRTjgjqj7AfZeLGFZvkR46VAImeGykqItg08up37s/geCJnTssvCMjYkbV8hAAY
W+Lxn3tkUSOcxuf66pbKEdQFlO0USK5LaLd0m2bBRC0kpA==
-----END CERTIFICATE-----