This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/e_oEkxj5wakUjaTOI_wOqCOK5n8.roa
File:                     e_oEkxj5wakUjaTOI_wOqCOK5n8.roa (raw, json)
Hash identifier:          20kV4OeToxJk7pR58HISzEGgkBDUp39Pn/wqiBDv3Fk=
Subject key identifier:   7B:FA:04:93:18:F9:C1:A9:14:8D:A4:CE:23:FC:0E:A8:23:8A:E6:7F
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019B7D5C63E7F5EBE31F670A5B08C3254819
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/e_oEkxj5wakUjaTOI_wOqCOK5n8.roa
Signing time:             Fri 02 Jan 2026 06:19:25 +0000
ROA not before:           Fri 02 Jan 2026 06:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214677
IP address blocks:        2a05:bec0:34::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:63:e7:f5:eb:e3:1f:67:0a:5b:08:c3:25:48:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  2 06:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bfa049318f9c1a9148da4ce23fc0ea8238ae67f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:82:4f:e6:66:0d:28:84:5b:91:e0:aa:dd:
                    e9:ca:e7:cf:7b:e2:98:e8:d0:dd:e9:6e:36:7f:92:
                    10:91:8d:5b:89:a8:c5:95:36:ed:26:95:07:a9:7f:
                    f0:68:5f:b8:0b:f7:36:f7:d9:48:dc:42:43:a0:26:
                    d7:b4:a0:b3:f0:34:db:40:d5:4a:8f:dd:2e:b1:95:
                    e1:f8:44:d4:1f:4c:36:5c:97:6e:bc:7b:fb:e3:b7:
                    30:1e:d7:09:de:09:69:fd:2e:94:92:c9:83:45:df:
                    d5:b2:15:d4:c9:f5:bd:65:f6:bf:8a:43:68:f0:3d:
                    1c:db:45:38:db:e1:ad:f9:58:f0:65:30:a1:89:04:
                    5a:04:72:54:ad:e3:3a:a6:e9:a6:60:be:7d:65:fb:
                    ad:d4:ed:2a:a4:85:c4:26:db:1d:dd:aa:a5:90:0f:
                    87:fa:15:46:e5:59:ab:85:92:3b:de:8c:65:c9:f3:
                    20:2f:8a:68:6f:bc:59:1a:0e:29:5e:e9:79:70:61:
                    5f:97:4c:78:c4:df:a9:96:e2:e2:d4:1f:99:2e:2a:
                    88:16:72:23:72:bf:6d:1c:16:26:9d:49:89:3e:9f:
                    b2:8d:07:d3:a0:56:62:37:aa:58:48:a0:be:d6:a8:
                    cd:cd:1f:64:c4:66:7b:5a:45:f2:24:82:7d:18:ca:
                    28:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FA:04:93:18:F9:C1:A9:14:8D:A4:CE:23:FC:0E:A8:23:8A:E6:7F
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/e_oEkxj5wakUjaTOI_wOqCOK5n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bec0:34::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:ef:0e:1a:6c:5c:26:cb:5b:48:52:24:b2:c4:95:eb:04:59:
         b0:a0:77:f2:f9:fb:8e:cd:89:b6:c3:b5:9f:c8:1a:b9:4d:7b:
         f4:80:f0:f9:b0:d1:01:32:51:96:d0:e6:95:0a:8c:02:44:64:
         b3:51:46:fd:60:34:56:93:b1:54:5c:fc:72:c4:eb:59:2c:ab:
         46:7e:66:50:ac:ee:ce:d5:cb:2a:2d:90:e1:df:7f:47:2e:77:
         64:3b:f4:56:de:fe:6c:40:f6:86:f4:e5:5a:75:24:53:48:85:
         a7:2b:dd:3f:a2:8c:46:ab:86:d0:88:77:8c:0f:39:77:c5:2f:
         b7:a5:49:99:b3:be:97:3e:4c:29:29:5c:5e:19:fe:e3:43:2f:
         6a:86:b2:ac:a9:70:bd:6c:38:c5:cd:41:aa:81:29:a7:48:85:
         7e:41:2f:80:00:6f:78:10:2e:c1:da:e6:cc:a3:eb:c3:f2:a6:
         4d:ae:73:1f:cc:b8:05:68:ee:8c:01:32:ff:53:80:83:e6:8c:
         19:f3:64:70:4f:10:fb:b2:25:51:51:10:1b:d9:02:33:23:a5:
         50:0b:62:70:20:a0:84:83:05:96:aa:55:af:74:42:26:41:62:
         cf:5c:da:f6:f5:d7:f2:a6:db:7d:8f:3f:7a:72:e1:2e:17:21:
         09:34:a3:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XGPn9evjH2cKWwjDJUgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjYwMTAyMDYxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmZhMDQ5MzE4ZjljMWE5MTQ4ZGE0Y2UyM2ZjMGVhODIzOGFlNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiqCT+ZmDSiEW5Hgqt3pyufPe+KY
6NDd6W42f5IQkY1biajFlTbtJpUHqX/waF+4C/c299lI3EJDoCbXtKCz8DTbQNVK
j90usZXh+ETUH0w2XJduvHv747cwHtcJ3glp/S6UksmDRd/VshXUyfW9Zfa/ikNo
8D0c20U42+Gt+VjwZTChiQRaBHJUreM6pummYL59Zfut1O0qpIXEJtsd3aqlkA+H
+hVG5VmrhZI73oxlyfMgL4pob7xZGg4pXul5cGFfl0x4xN+pluLi1B+ZLiqIFnIj
cr9tHBYmnUmJPp+yjQfToFZiN6pYSKC+1qjNzR9kxGZ7WkXyJIJ9GMoouQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHv6BJMY+cGpFI2kziP8DqgjiuZ/MB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvZV9vRWt4ajV3YWtVamFUT0lfd09xQ09LNW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW+wAA0
MA0GCSqGSIb3DQEBCwUAA4IBAQCg7w4abFwmy1tIUiSyxJXrBFmwoHfy+fuOzYm2
w7WfyBq5TXv0gPD5sNEBMlGW0OaVCowCRGSzUUb9YDRWk7FUXPxyxOtZLKtGfmZQ
rO7O1csqLZDh339HLndkO/RW3v5sQPaG9OVadSRTSIWnK90/ooxGq4bQiHeMDzl3
xS+3pUmZs76XPkwpKVxeGf7jQy9qhrKsqXC9bDjFzUGqgSmnSIV+QS+AAG94EC7B
2ubMo+vD8qZNrnMfzLgFaO6MATL/U4CD5owZ82RwTxD7siVRURAb2QIzI6VQC2Jw
IKCEgwWWqlWvdEImQWLPXNr29dfyptt9jz96cuEuFyEJNKNO
-----END CERTIFICATE-----