This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/3Fjgb1DclAOHEHkd1ujAyzMU98I.roa
File:                     3Fjgb1DclAOHEHkd1ujAyzMU98I.roa (raw, json)
Hash identifier:          3vwYNeDQAc78Pa5gcdAqKT6+wjGmOGUKytVaNJTBFTw=
Subject key identifier:   DC:58:E0:6F:50:DC:94:03:87:10:79:1D:D6:E8:C0:CB:33:14:F7:C2
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019B7D5C626E0FFD3BF7A977246F0436BFC3
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/3Fjgb1DclAOHEHkd1ujAyzMU98I.roa
Signing time:             Fri 02 Jan 2026 06:19:25 +0000
ROA not before:           Fri 02 Jan 2026 06:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203854
IP address blocks:        2a05:7e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:62:6e:0f:fd:3b:f7:a9:77:24:6f:04:36:bf:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  2 06:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc58e06f50dc94038710791dd6e8c0cb3314f7c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4a:b0:f7:f4:ce:d4:b2:d3:31:d7:d0:79:99:
                    2c:78:4b:f4:ef:5a:46:7e:a7:0f:af:23:94:0e:7c:
                    57:ee:46:ca:ee:1b:8e:9b:31:13:fa:60:05:0c:7a:
                    43:33:d8:cf:5b:db:90:df:7d:e1:dc:c0:74:a1:26:
                    93:30:94:23:ff:af:a3:aa:53:82:02:76:aa:bd:59:
                    8d:eb:90:7d:8d:7e:ae:f6:ba:ea:e4:8e:c1:e5:5c:
                    3a:a1:6c:92:0c:32:24:61:4c:f8:93:90:98:62:93:
                    a7:f6:a8:8b:3e:63:6e:38:2f:22:fa:38:84:87:b2:
                    fa:3e:68:8b:b9:47:27:ba:5f:35:c8:6b:22:26:26:
                    88:6c:92:a3:97:e2:b2:09:18:b6:17:f3:6d:9f:8c:
                    86:2e:20:bc:62:7e:90:da:04:db:5d:da:30:cc:ec:
                    c8:df:de:64:10:20:b7:19:37:ad:ec:e7:4a:9c:9f:
                    d7:d3:cb:81:af:63:03:09:c8:8c:1e:3f:f1:63:7e:
                    0d:f8:5e:01:f4:f1:bd:72:04:9a:3d:f5:5c:5a:3b:
                    cb:d7:5b:cb:50:99:a4:8a:ae:47:bc:a6:80:fe:69:
                    92:8e:22:45:95:8a:ae:1a:35:74:11:12:81:f8:7c:
                    0c:ec:c4:ab:3f:fe:76:9a:af:c0:1d:c8:f8:df:5f:
                    45:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:58:E0:6F:50:DC:94:03:87:10:79:1D:D6:E8:C0:CB:33:14:F7:C2
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/3Fjgb1DclAOHEHkd1ujAyzMU98I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:7e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         e1:5c:03:d3:15:44:50:63:53:a0:30:bc:81:d0:5a:b9:30:d2:
         1e:48:62:8b:d6:84:00:89:ac:91:a7:dd:62:e0:42:76:b6:9d:
         44:9e:58:cf:cb:e0:0c:93:34:9a:7e:99:d8:38:71:cd:3c:4a:
         30:d6:19:16:07:37:d1:6b:a4:5f:40:bf:f9:35:eb:32:d4:55:
         ee:3e:e6:eb:6a:f9:b0:dd:e4:e7:8a:da:ee:f7:bc:97:32:97:
         44:6d:6b:3d:ef:68:fe:85:b7:0f:64:1f:84:03:c2:db:2e:0f:
         e0:94:ca:cd:c0:d5:c6:55:e6:28:64:68:ad:65:03:ca:9c:be:
         78:4e:ae:d8:8f:74:f4:7f:a9:6c:55:a3:8b:0a:39:32:2c:d8:
         61:18:6d:d9:bd:ee:4e:8f:bc:13:73:cf:c2:02:9b:d1:79:f9:
         5c:22:de:d2:74:8d:d6:69:7c:5d:12:81:d5:55:d2:b1:c6:20:
         88:05:6a:e2:76:ab:40:cb:69:84:79:0f:6e:f4:1f:bc:59:08:
         5c:b9:3b:75:47:b0:d4:e5:27:1f:15:44:1d:be:3a:17:cc:6f:
         50:f3:8c:6c:19:b8:5b:63:83:53:0b:38:98:68:88:2c:05:09:
         32:dd:9e:3f:20:45:2d:ab:cf:f4:13:d2:ab:fb:16:f7:cc:30:
         c3:5d:14:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9XGJuD/0796l3JG8ENr/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjYwMTAyMDYxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU4ZTA2ZjUwZGM5NDAzODcxMDc5MWRkNmU4YzBjYjMzMTRmN2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUqw9/TO1LLTMdfQeZkseEv071pG
fqcPryOUDnxX7kbK7huOmzET+mAFDHpDM9jPW9uQ333h3MB0oSaTMJQj/6+jqlOC
AnaqvVmN65B9jX6u9rrq5I7B5Vw6oWySDDIkYUz4k5CYYpOn9qiLPmNuOC8i+jiE
h7L6PmiLuUcnul81yGsiJiaIbJKjl+KyCRi2F/Ntn4yGLiC8Yn6Q2gTbXdowzOzI
395kECC3GTet7OdKnJ/X08uBr2MDCciMHj/xY34N+F4B9PG9cgSaPfVcWjvL11vL
UJmkiq5HvKaA/mmSjiJFlYquGjV0ERKB+HwM7MSrP/52mq/AHcj4319FLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNxY4G9Q3JQDhxB5HdbowMszFPfCMB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvM0ZqZ2IxRGNsQU9IRUhrZDF1akF5ek1VOThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgV+QDAN
BgkqhkiG9w0BAQsFAAOCAQEA4VwD0xVEUGNToDC8gdBauTDSHkhii9aEAImskafd
YuBCdradRJ5Yz8vgDJM0mn6Z2DhxzTxKMNYZFgc30WukX0C/+TXrMtRV7j7m62r5
sN3k54ra7ve8lzKXRG1rPe9o/oW3D2QfhAPC2y4P4JTKzcDVxlXmKGRorWUDypy+
eE6u2I909H+pbFWjiwo5MizYYRht2b3uTo+8E3PPwgKb0Xn5XCLe0nSN1ml8XRKB
1VXSscYgiAVq4narQMtphHkPbvQfvFkIXLk7dUew1OUnHxVEHb46F8xvUPOMbBm4
W2ODUws4mGiILAUJMt2ePyBFLavP9BPSq/sW98www10Uyg==
-----END CERTIFICATE-----