This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/uQMfLgCocO-cV1Dq7f8ShCaJ1pI.roa
File:                     uQMfLgCocO-cV1Dq7f8ShCaJ1pI.roa (raw, json)
Hash identifier:          f2D0zf6gxtDdlo1Fb2b+kXB8Dad/xNYHEZ1SOFzPCFU=
Subject key identifier:   B9:03:1F:2E:00:A8:70:EF:9C:57:50:EA:ED:FF:12:84:26:89:D6:92
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019B7DC953FF9787AD73A5CF19FF5DFE6AA9
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/uQMfLgCocO-cV1Dq7f8ShCaJ1pI.roa
Signing time:             Fri 02 Jan 2026 08:18:24 +0000
ROA not before:           Fri 02 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214937
IP address blocks:        2a0b:d502::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:53:ff:97:87:ad:73:a5:cf:19:ff:5d:fe:6a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  2 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9031f2e00a870ef9c5750eaedff12842689d692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e2:bd:ed:99:1d:ba:54:d4:ee:f0:32:3f:b1:
                    58:c3:d2:be:11:f9:8b:fc:76:5c:08:ce:9f:23:61:
                    ab:d5:50:01:9e:59:17:32:2b:76:03:82:f8:3e:88:
                    18:dc:0c:48:3c:48:0d:0c:31:e2:f7:fc:31:55:8b:
                    4c:58:f6:b5:2b:2c:95:4a:e7:af:30:0b:aa:aa:8f:
                    6e:6f:7a:eb:9c:88:83:47:e6:fc:e6:ab:42:90:3d:
                    b0:cd:ec:13:44:1b:14:c3:4f:47:3c:3c:07:42:75:
                    2e:a6:96:5e:3a:d2:1b:0a:a2:17:ce:3b:6c:4f:dc:
                    20:1d:90:92:21:65:68:04:76:04:23:86:dc:ad:15:
                    a8:2e:81:1b:a4:96:f0:4d:f6:d8:f2:52:ad:ce:b5:
                    f7:14:e8:43:95:47:87:34:8f:73:f5:84:d8:57:6d:
                    c6:d0:2d:9f:c6:c4:2f:a1:05:2b:0e:0f:6d:32:5d:
                    31:b6:38:b2:bf:98:2b:e0:83:f6:b5:64:01:f2:b2:
                    b1:2d:d5:f1:b6:26:2f:ab:e5:cc:b8:9d:f3:ab:fc:
                    35:fc:b9:a5:85:18:91:ff:fb:4e:30:4d:3a:13:d9:
                    20:fa:6b:40:30:df:62:48:dd:cd:26:e4:ac:e3:88:
                    e9:93:a6:e6:72:2e:4b:7a:c1:5e:85:12:04:1b:e8:
                    89:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:03:1F:2E:00:A8:70:EF:9C:57:50:EA:ED:FF:12:84:26:89:D6:92
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/uQMfLgCocO-cV1Dq7f8ShCaJ1pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d502::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:ec:e7:02:73:c9:d7:8e:b8:c8:04:e2:6e:f9:9e:01:99:3e:
         46:60:fb:20:ad:9e:08:2f:19:28:fb:57:e3:2a:eb:dc:88:7c:
         ae:2e:45:6a:22:32:28:4f:d9:38:99:80:2e:71:ed:ae:3c:4f:
         83:a2:55:11:9f:01:c1:80:27:e5:26:f6:bd:f2:4b:a5:51:ab:
         ed:63:44:5c:c3:47:27:1d:3f:25:07:b7:aa:af:f7:c1:76:0f:
         e7:a6:cd:bc:37:aa:d1:e8:ec:d4:04:38:50:39:30:01:77:cc:
         de:ce:28:3d:d3:e3:12:64:60:79:fc:a9:af:a9:05:71:1c:5e:
         1e:a9:a9:4f:a4:d4:31:53:9e:0a:9c:e5:24:47:36:eb:b7:b2:
         7a:d5:ab:67:5e:55:a1:f8:cd:ab:0e:73:97:c8:e3:d7:6c:0e:
         18:6c:46:0a:0c:41:8b:ed:29:ba:ff:87:de:54:e8:96:50:cd:
         d3:41:4c:18:2b:88:7f:8c:a2:dd:6b:c0:a3:c8:30:07:eb:93:
         e6:d4:5b:6d:c0:fb:0e:d3:52:69:f9:b2:4c:35:94:5a:ff:66:
         b9:3a:7c:6c:08:c1:c3:40:92:65:f4:4a:5b:f7:3b:62:e1:c5:
         4c:e2:d8:7d:b2:b2:b0:28:a6:d0:12:54:94:a2:33:cd:c5:98:
         b1:99:d2:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9yVP/l4etc6XPGf9d/mqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjYwMTAyMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTAzMWYyZTAwYTg3MGVmOWM1NzUwZWFlZGZmMTI4NDI2ODlkNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeK97ZkdulTU7vAyP7FYw9K+EfmL
/HZcCM6fI2Gr1VABnlkXMit2A4L4PogY3AxIPEgNDDHi9/wxVYtMWPa1KyyVSuev
MAuqqo9ub3rrnIiDR+b85qtCkD2wzewTRBsUw09HPDwHQnUuppZeOtIbCqIXzjts
T9wgHZCSIWVoBHYEI4bcrRWoLoEbpJbwTfbY8lKtzrX3FOhDlUeHNI9z9YTYV23G
0C2fxsQvoQUrDg9tMl0xtjiyv5gr4IP2tWQB8rKxLdXxtiYvq+XMuJ3zq/w1/Lml
hRiR//tOME06E9kg+mtAMN9iSN3NJuSs44jpk6bmci5LesFehRIEG+iJZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLkDHy4AqHDvnFdQ6u3/EoQmidaSMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvdVFNZkxnQ29jTy1jVjFEcTdmOFNoQ2FKMXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvVAjAN
BgkqhkiG9w0BAQsFAAOCAQEAa+znAnPJ1464yATibvmeAZk+RmD7IK2eCC8ZKPtX
4yrr3Ih8ri5FaiIyKE/ZOJmALnHtrjxPg6JVEZ8BwYAn5Sb2vfJLpVGr7WNEXMNH
Jx0/JQe3qq/3wXYP56bNvDeq0ejs1AQ4UDkwAXfM3s4oPdPjEmRgefypr6kFcRxe
HqmpT6TUMVOeCpzlJEc267eyetWrZ15VofjNqw5zl8jj12wOGGxGCgxBi+0puv+H
3lTollDN00FMGCuIf4yi3WvAo8gwB+uT5tRbbcD7DtNSafmyTDWUWv9muTp8bAjB
w0CSZfRKW/c7YuHFTOLYfbKysCim0BJUlKIzzcWYsZnS7g==
-----END CERTIFICATE-----