This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/FSnX-Oc95zQD86fTYpxZ0h25JyA.roa
File:                     FSnX-Oc95zQD86fTYpxZ0h25JyA.roa (raw, json)
Hash identifier:          R0cQZUP2AaX46KiaNmAHOVyk+pRrBa/Ykogxb4eBV5A=
Subject key identifier:   15:29:D7:F8:E7:3D:E7:34:03:F3:A7:D3:62:9C:59:D2:1D:B9:27:20
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019B791132E6ECA4B41A0631F2F583A1A55A
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/FSnX-Oc95zQD86fTYpxZ0h25JyA.roa
Signing time:             Thu 01 Jan 2026 10:18:48 +0000
ROA not before:           Thu 01 Jan 2026 10:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212845
IP address blocks:        2a07:22c1:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:32:e6:ec:a4:b4:1a:06:31:f2:f5:83:a1:a5:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 10:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1529d7f8e73de73403f3a7d3629c59d21db92720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e3:b1:3c:88:92:a3:20:3b:e7:4a:5f:db:ba:
                    b7:8a:52:49:9c:44:cd:bc:b8:a8:d7:b6:7d:f2:6b:
                    b4:63:48:28:fa:c4:35:14:bc:58:80:21:bf:1d:02:
                    72:09:0e:1a:58:14:52:c1:08:22:ad:2e:2c:57:28:
                    46:e9:41:83:a3:a8:1f:3d:e1:67:f3:0f:5f:a7:b4:
                    94:3d:85:18:65:54:c4:98:e8:4a:1d:fa:d3:41:0d:
                    75:aa:6e:af:08:1f:d5:f2:2f:a4:ca:91:c6:7f:55:
                    13:1f:bb:ce:cb:a5:ee:19:2e:f7:ed:5d:67:4f:f0:
                    14:9c:54:83:65:e7:ad:78:bc:4b:9f:78:37:fb:cc:
                    c9:a2:32:e5:e0:4c:77:65:59:14:4c:a3:47:57:ef:
                    60:d3:3a:ab:0c:bc:ac:e0:eb:5a:00:85:a2:57:56:
                    dc:ab:98:8b:79:b1:b6:1f:25:22:5b:41:83:86:9e:
                    98:ab:0f:6f:af:ba:cd:f0:38:08:e9:61:60:cc:f3:
                    77:2a:d6:ae:4e:37:ea:9d:52:a6:22:69:d5:26:07:
                    a3:fb:26:f1:5a:f2:92:19:a3:83:6e:7d:54:05:28:
                    b6:ef:db:96:67:c8:ba:62:10:7d:fd:e1:20:c4:f6:
                    76:eb:8a:c9:db:3c:81:f5:6a:fb:b0:51:fc:6f:89:
                    ac:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:29:D7:F8:E7:3D:E7:34:03:F3:A7:D3:62:9C:59:D2:1D:B9:27:20
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/FSnX-Oc95zQD86fTYpxZ0h25JyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:58:f6:c1:5a:43:d9:23:8a:6b:97:f5:1c:f4:34:19:23:b5:
         35:06:9a:5b:75:70:04:3b:d3:b0:b3:eb:38:b5:9c:b8:71:0c:
         e0:6f:71:da:63:3a:e2:8c:76:37:e7:2c:a6:a9:14:3b:c8:0a:
         73:b1:13:12:4a:55:37:f5:32:0d:67:01:ae:0e:cc:78:0a:05:
         11:bd:23:f8:ad:87:80:d4:26:28:c4:a0:7e:9c:e3:5f:cf:75:
         30:6f:b6:8b:3d:32:6b:8a:ab:9a:5a:16:a9:89:2b:24:60:4d:
         73:43:e9:41:14:b3:34:ae:bc:5d:ea:1d:e7:e0:a3:77:f3:7f:
         98:4a:bf:2e:28:93:b7:b4:53:62:f1:7e:c9:ee:c5:cb:5b:15:
         68:92:70:bf:7d:c4:47:56:2d:d4:02:9c:2e:6a:e8:bb:a5:95:
         b6:24:a0:6d:9b:32:29:38:93:87:3e:32:78:07:b5:1e:6d:19:
         84:e5:77:36:3c:e4:9e:f4:62:b4:ce:4f:c4:c0:91:71:60:f8:
         bf:0f:6b:d8:c2:9e:7e:dc:78:b0:75:73:5f:3a:dc:68:e9:31:
         79:de:1d:7c:57:1b:7d:20:d6:78:d4:ff:5b:27:7c:dd:a5:c4:
         78:6a:6e:ae:b3:ef:3a:41:a2:28:65:32:ab:c5:95:1f:d6:16:
         04:50:dd:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5ETLm7KS0GgYx8vWDoaVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjYwMTAxMTAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTI5ZDdmOGU3M2RlNzM0MDNmM2E3ZDM2MjljNTlkMjFkYjkyNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+OxPIiSoyA750pf27q3ilJJnETN
vLio17Z98mu0Y0go+sQ1FLxYgCG/HQJyCQ4aWBRSwQgirS4sVyhG6UGDo6gfPeFn
8w9fp7SUPYUYZVTEmOhKHfrTQQ11qm6vCB/V8i+kypHGf1UTH7vOy6XuGS737V1n
T/AUnFSDZeeteLxLn3g3+8zJojLl4Ex3ZVkUTKNHV+9g0zqrDLys4OtaAIWiV1bc
q5iLebG2HyUiW0GDhp6Yqw9vr7rN8DgI6WFgzPN3KtauTjfqnVKmImnVJgej+ybx
WvKSGaODbn1UBSi279uWZ8i6YhB9/eEgxPZ264rJ2zyB9Wr7sFH8b4msIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBUp1/jnPec0A/On02KcWdIduScgMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvRlNuWC1PYzk1elFEODZmVFlweFowaDI1SnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwQAE
MA0GCSqGSIb3DQEBCwUAA4IBAQCjWPbBWkPZI4prl/Uc9DQZI7U1BppbdXAEO9Ow
s+s4tZy4cQzgb3HaYzrijHY35yymqRQ7yApzsRMSSlU39TINZwGuDsx4CgURvSP4
rYeA1CYoxKB+nONfz3Uwb7aLPTJriquaWhapiSskYE1zQ+lBFLM0rrxd6h3n4KN3
83+YSr8uKJO3tFNi8X7J7sXLWxVoknC/fcRHVi3UApwuaui7pZW2JKBtmzIpOJOH
PjJ4B7UebRmE5Xc2POSe9GK0zk/EwJFxYPi/D2vYwp5+3HiwdXNfOtxo6TF53h18
Vxt9INZ41P9bJ3zdpcR4am6us+86QaIoZTKrxZUf1hYEUN0K
-----END CERTIFICATE-----