This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/U0tl-UVjdgoquFk_RP8dvu9_bzA.roa
File:                     U0tl-UVjdgoquFk_RP8dvu9_bzA.roa (raw, json)
Hash identifier:          fvBK5Ool8MKV1KD0bY966e8iK9zhJNvA5b6LpcKGcn8=
Subject key identifier:   53:4B:65:F9:45:63:76:0A:2A:B8:59:3F:44:FF:1D:BE:EF:7F:6F:30
Certificate issuer:       /CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Certificate serial:       019B7BA3D18E7D574B039289F71AC5712E82
Authority key identifier: EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/U0tl-UVjdgoquFk_RP8dvu9_bzA.roa
Signing time:             Thu 01 Jan 2026 22:18:12 +0000
ROA not before:           Thu 01 Jan 2026 22:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212250
IP address blocks:        2a0b:1880::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:d1:8e:7d:57:4b:03:92:89:f7:1a:c5:71:2e:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
        Validity
            Not Before: Jan  1 22:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=534b65f94563760a2ab8593f44ff1dbeef7f6f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:c6:6a:f0:98:1c:36:c2:a7:9f:97:9a:bf:
                    b8:63:4e:df:d3:1e:9e:ec:d1:1c:24:e9:21:50:2a:
                    e5:e6:10:e1:de:50:27:6c:96:cb:1a:c9:02:27:d8:
                    fc:cb:10:1f:c3:c8:28:23:50:46:3c:93:33:bf:68:
                    b2:41:f2:93:c4:e6:e6:e8:c9:0c:4e:40:de:f5:c5:
                    d5:87:a1:07:25:65:02:b9:ef:da:3d:a8:e9:67:02:
                    2c:5b:e5:b7:bc:da:51:e5:a2:2a:2a:11:18:69:db:
                    aa:66:cc:43:77:64:dc:d9:ff:bf:06:94:c6:d0:99:
                    da:a3:30:ff:9a:76:71:f9:14:a7:db:69:24:19:a5:
                    97:12:09:48:e0:07:0a:a8:b2:7e:05:72:da:e3:b0:
                    38:bc:38:5d:e0:d3:dc:e2:ca:01:8f:03:89:d1:a6:
                    41:3b:b4:99:39:5c:e4:4c:a0:04:2d:a1:e6:43:25:
                    e1:d3:22:82:5d:5d:f5:e3:ec:ed:dd:1d:87:e1:18:
                    b1:71:e7:3d:75:53:8a:b2:49:fe:a3:bf:eb:18:c5:
                    f2:6f:26:47:54:39:d6:c3:de:72:a9:cb:f9:7b:f4:
                    eb:95:9f:9f:64:7d:dc:f2:9a:51:b7:88:d3:43:7d:
                    ca:42:44:4c:53:4e:12:33:de:7e:9e:bb:fa:2c:7d:
                    3e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4B:65:F9:45:63:76:0A:2A:B8:59:3F:44:FF:1D:BE:EF:7F:6F:30
            X509v3 Authority Key Identifier:
                keyid:EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/U0tl-UVjdgoquFk_RP8dvu9_bzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:84:59:a9:34:ec:87:a8:32:ae:cd:17:a3:39:56:b3:c7:1e:
         4c:0b:3c:7b:3b:cd:58:1c:06:41:dc:d6:57:e2:fb:e4:7d:d1:
         29:c3:26:06:61:d1:c3:ad:4a:33:05:e7:69:8d:47:8d:39:9e:
         29:79:41:9a:31:2d:9b:c5:b6:73:20:72:c3:e2:0a:45:53:fe:
         4e:66:5a:0e:50:0e:93:a7:2b:d2:c1:30:6f:2c:0e:ed:e0:c6:
         b1:54:54:20:40:55:3b:79:c2:46:0f:18:7a:ba:ee:ee:c2:37:
         40:cf:fa:5c:83:3d:b1:e4:c8:b8:d7:22:ef:49:fb:d4:a5:e7:
         07:42:d1:eb:10:67:6e:00:77:df:c1:f7:53:e8:87:78:04:ae:
         e4:ec:c4:fa:33:28:1a:72:e0:4f:f7:68:66:b7:11:cb:fd:2e:
         2f:ad:b2:20:ba:0b:46:07:65:33:28:3b:5c:c0:8a:08:ed:9d:
         28:c1:62:8d:eb:b2:c8:b5:60:a6:08:c5:ef:dc:5f:c6:33:2e:
         1c:6d:9f:31:71:da:b9:35:84:be:d6:80:77:8b:47:87:7c:85:
         ce:ce:42:91:b4:3b:4c:bd:38:4e:63:d1:03:32:fe:6a:d2:63:
         6f:85:ca:71:ea:81:36:56:12:6a:a3:a5:a6:5a:96:9c:e9:dd:
         42:4f:38:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7o9GOfVdLA5KJ9xrFcS6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTRkOWU0MWVhNWUyZDE2MWI3YzRjZGIyZTQ3MDJjNGYy
NDhlMTQwHhcNMjYwMTAxMjIxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRiNjVmOTQ1NjM3NjBhMmFiODU5M2Y0NGZmMWRiZWVmN2Y2ZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWrGavCYHDbCp5+Xmr+4Y07f0x6e
7NEcJOkhUCrl5hDh3lAnbJbLGskCJ9j8yxAfw8goI1BGPJMzv2iyQfKTxObm6MkM
TkDe9cXVh6EHJWUCue/aPajpZwIsW+W3vNpR5aIqKhEYaduqZsxDd2Tc2f+/BpTG
0JnaozD/mnZx+RSn22kkGaWXEglI4AcKqLJ+BXLa47A4vDhd4NPc4soBjwOJ0aZB
O7SZOVzkTKAELaHmQyXh0yKCXV314+zt3R2H4Rixcec9dVOKskn+o7/rGMXybyZH
VDnWw95yqcv5e/TrlZ+fZH3c8ppRt4jTQ33KQkRMU04SM95+nrv6LH0+fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFNLZflFY3YKKrhZP0T/Hb7vf28wMB8GA1UdIwQY
MBaAFO9U2eQepeLRYbfEzbLkcCxPJI4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzIt
ZmJjNmZjYjVlN2E2LzEvVTB0bC1VVmpkZ29xdUZrX1JQOGR2dTlfYnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzItZmJjNmZjYjVlN2E2
LzEvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAcYRZqTTsh6gyrs0XozlWs8ceTAs8ezvNWBwGQdzW
V+L75H3RKcMmBmHRw61KMwXnaY1HjTmeKXlBmjEtm8W2cyByw+IKRVP+TmZaDlAO
k6cr0sEwbywO7eDGsVRUIEBVO3nCRg8Yerru7sI3QM/6XIM9seTIuNci70n71KXn
B0LR6xBnbgB338H3U+iHeASu5OzE+jMoGnLgT/doZrcRy/0uL62yILoLRgdlMyg7
XMCKCO2dKMFijeuyyLVgpgjF79xfxjMuHG2fMXHauTWEvtaAd4tHh3yFzs5CkbQ7
TL04TmPRAzL+atJjb4XKceqBNlYSaqOlplqWnOndQk84CA==
-----END CERTIFICATE-----