This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/NDB9wdIr8C1oiwWf4cOkdecG3vM.roa
File:                     NDB9wdIr8C1oiwWf4cOkdecG3vM.roa (raw, json)
Hash identifier:          6dC3AlwYRMRxEUFKAwwDy15kTRvFcJz1JchZZrBqjks=
Subject key identifier:   34:30:7D:C1:D2:2B:F0:2D:68:8B:05:9F:E1:C3:A4:75:E7:06:DE:F3
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019B79112E985B4D2D4D0F9A787D2F686A7E
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/NDB9wdIr8C1oiwWf4cOkdecG3vM.roa
Signing time:             Thu 01 Jan 2026 10:18:47 +0000
ROA not before:           Thu 01 Jan 2026 10:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203105
IP address blocks:        2a07:22c1:40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:2e:98:5b:4d:2d:4d:0f:9a:78:7d:2f:68:6a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 10:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34307dc1d22bf02d688b059fe1c3a475e706def3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4b:4d:c6:6f:ae:f5:45:d6:3f:99:c9:a8:c5:
                    60:58:5a:4b:d3:9c:a8:0a:5c:60:5e:28:45:45:4e:
                    e5:91:05:97:e3:d6:97:04:45:a8:fe:6f:b9:31:3e:
                    db:71:61:29:83:e9:4e:cf:48:a7:6d:a9:79:49:1d:
                    48:a3:59:02:f0:2f:ee:e8:77:17:b3:dd:91:50:99:
                    49:12:a9:5c:23:b1:a9:11:23:72:a2:04:7d:5b:51:
                    d0:bf:05:cb:84:20:79:11:98:50:1b:d5:32:38:62:
                    00:d7:15:88:b8:33:30:7b:3c:d3:29:3b:31:46:bd:
                    ae:e2:c2:3c:98:16:54:4d:33:af:ff:26:76:f5:08:
                    cc:3a:af:a6:99:ea:ed:04:dc:fa:8e:c5:68:cd:63:
                    9f:ee:2a:dc:56:ae:ac:5d:65:c8:6c:d2:5f:97:e8:
                    43:c8:a3:47:c4:87:61:d4:a1:2d:99:80:ec:be:61:
                    4e:27:16:97:30:15:6b:03:07:0f:64:f5:fa:0a:22:
                    08:30:98:72:e8:bb:b0:1a:ba:35:18:af:b5:89:6d:
                    e0:01:b1:aa:74:b8:66:67:8a:2c:3d:ae:92:c5:1d:
                    cd:53:dd:ab:3c:fd:44:59:4a:92:47:44:b3:99:a9:
                    2e:86:89:45:d1:fb:b8:52:34:c4:66:df:2c:18:62:
                    5b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:30:7D:C1:D2:2B:F0:2D:68:8B:05:9F:E1:C3:A4:75:E7:06:DE:F3
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/NDB9wdIr8C1oiwWf4cOkdecG3vM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:70:6a:44:fe:46:65:a2:e9:cd:a0:67:0c:90:db:e0:74:e0:
         8a:83:13:71:f7:5c:79:00:7b:2b:24:e4:ac:68:f3:1a:3d:f4:
         d9:4f:54:2e:50:58:6e:95:28:e5:c6:f3:46:40:1f:d6:25:82:
         ee:69:14:84:52:f1:6f:b1:b4:be:34:c0:46:d0:4e:d6:45:49:
         45:68:58:18:a2:95:07:15:3b:1a:a7:a2:66:2a:7d:c5:89:20:
         82:51:5d:c3:84:ee:a1:b6:b1:95:89:0a:0b:07:d2:fd:55:ec:
         92:e7:78:31:e0:1b:79:2d:b3:32:de:f7:67:cd:ee:61:8c:9e:
         43:29:a9:9a:d7:77:59:cf:2b:58:bd:d6:50:06:a7:37:4d:83:
         a9:f5:16:e8:95:03:10:b8:d5:b5:d4:b4:6d:e5:83:db:3a:dc:
         c6:98:5d:d8:d0:4f:d6:cb:99:d7:4c:83:08:1b:7e:e5:6a:99:
         0b:d3:5b:d9:3a:99:14:a0:43:c6:31:75:df:40:d9:f6:35:4a:
         1a:7d:1a:ae:73:31:2d:55:f4:50:5d:97:5c:ed:d8:41:17:0d:
         50:ed:69:e2:ad:91:29:12:77:52:37:80:be:89:73:90:d7:84:
         2c:36:24:f3:f5:f9:95:35:f8:1b:f7:d1:da:43:80:0a:89:6e:
         44:db:09:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5ES6YW00tTQ+aeH0vaGp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjYwMTAxMTAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDMwN2RjMWQyMmJmMDJkNjg4YjA1OWZlMWMzYTQ3NWU3MDZkZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EtNxm+u9UXWP5nJqMVgWFpL05yo
ClxgXihFRU7lkQWX49aXBEWo/m+5MT7bcWEpg+lOz0inbal5SR1Io1kC8C/u6HcX
s92RUJlJEqlcI7GpESNyogR9W1HQvwXLhCB5EZhQG9UyOGIA1xWIuDMwezzTKTsx
Rr2u4sI8mBZUTTOv/yZ29QjMOq+mmertBNz6jsVozWOf7ircVq6sXWXIbNJfl+hD
yKNHxIdh1KEtmYDsvmFOJxaXMBVrAwcPZPX6CiIIMJhy6LuwGro1GK+1iW3gAbGq
dLhmZ4osPa6SxR3NU92rPP1EWUqSR0SzmakuholF0fu4UjTEZt8sGGJbYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQwfcHSK/AtaIsFn+HDpHXnBt7zMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvTkRCOXdkSXI4QzFvaXdXZjRjT2tkZWNHM3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwQBA
MA0GCSqGSIb3DQEBCwUAA4IBAQBLcGpE/kZlounNoGcMkNvgdOCKgxNx91x5AHsr
JOSsaPMaPfTZT1QuUFhulSjlxvNGQB/WJYLuaRSEUvFvsbS+NMBG0E7WRUlFaFgY
opUHFTsap6JmKn3FiSCCUV3DhO6htrGViQoLB9L9VeyS53gx4Bt5LbMy3vdnze5h
jJ5DKama13dZzytYvdZQBqc3TYOp9RbolQMQuNW11LRt5YPbOtzGmF3Y0E/Wy5nX
TIMIG37lapkL01vZOpkUoEPGMXXfQNn2NUoafRquczEtVfRQXZdc7dhBFw1Q7Wni
rZEpEndSN4C+iXOQ14QsNiTz9fmVNfgb99HaQ4AKiW5E2wm+
-----END CERTIFICATE-----