This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/NaRt1HVL2Kx-sncfnj_qlUg6AzA.roa
File:                     NaRt1HVL2Kx-sncfnj_qlUg6AzA.roa (raw, json)
Hash identifier:          eMNf8UixOg4CJ2lG1Z2ydmE1AwqLlbPFY92TlJawe5o=
Subject key identifier:   35:A4:6D:D4:75:4B:D8:AC:7E:B2:77:1F:9E:3F:EA:95:48:3A:03:30
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       019B7FF2A0C3840B7F39FA222CDC1C49FB04
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/NaRt1HVL2Kx-sncfnj_qlUg6AzA.roa
Signing time:             Fri 02 Jan 2026 18:22:45 +0000
ROA not before:           Fri 02 Jan 2026 18:22:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64439
IP address blocks:        2a0b:b200::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:a0:c3:84:0b:7f:39:fa:22:2c:dc:1c:49:fb:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Jan  2 18:22:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35a46dd4754bd8ac7eb2771f9e3fea95483a0330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:11:cf:9f:25:ef:24:b8:f9:fe:34:1d:c5:04:
                    84:76:72:85:cd:7c:b3:95:84:a6:25:75:4a:bd:c1:
                    45:ff:f6:0f:64:96:71:88:33:37:5a:e6:f9:43:55:
                    88:f4:83:02:79:20:67:5e:0f:27:71:2a:f2:9d:a0:
                    bb:ba:48:e8:c7:97:c3:ef:06:f2:6a:ab:c9:28:70:
                    31:85:50:03:8f:17:50:a2:6c:0f:1a:db:e1:d9:ad:
                    e4:78:2f:15:69:19:62:a7:27:07:d7:63:c3:dc:a9:
                    e6:16:96:15:7b:13:9e:d6:0b:8b:7e:b4:92:ce:11:
                    c4:c7:85:b2:f1:22:9b:29:b7:27:87:d6:c5:ce:57:
                    68:e5:fe:59:20:d0:a6:96:12:a7:8f:bc:0c:a8:7b:
                    fc:48:00:b5:a2:28:46:87:08:a4:c9:94:77:a8:f0:
                    ce:a3:bf:3e:61:ed:92:ac:97:73:cf:7e:0b:7b:cd:
                    5f:3e:cd:f9:dd:ed:fd:68:2b:59:23:53:19:92:0f:
                    88:0d:42:e7:04:19:57:c4:94:3f:1a:52:75:3f:df:
                    5a:5f:37:47:9b:05:d4:03:b2:12:66:1d:ee:14:ed:
                    3c:f2:cc:d2:58:2d:f5:59:7b:90:05:83:13:f1:83:
                    00:60:88:fc:04:6c:73:2c:9f:30:75:ab:13:a4:be:
                    e0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A4:6D:D4:75:4B:D8:AC:7E:B2:77:1F:9E:3F:EA:95:48:3A:03:30
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/NaRt1HVL2Kx-sncfnj_qlUg6AzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b200::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:95:af:94:c7:e0:9d:a1:ea:2e:81:f1:2e:d6:6d:ae:52:e6:
         62:ed:6c:ac:82:51:34:44:0e:d6:23:7a:ec:20:7d:85:c3:74:
         8d:a5:1b:fe:64:64:38:2b:50:eb:88:5b:1f:c0:9e:dc:46:b0:
         82:2e:6a:cd:0a:47:5e:e6:ff:72:60:0a:31:01:5e:92:1b:34:
         ca:3e:fa:51:0d:c9:8a:af:f6:fd:f3:30:3b:1d:10:bb:e0:06:
         33:a2:e4:b3:14:6b:38:29:6c:1e:6b:c5:80:5c:11:af:5c:7a:
         10:2b:5f:cf:ac:a2:f3:3c:0f:df:cc:15:4c:6a:1b:72:e4:20:
         86:4d:ae:88:12:85:81:f3:a7:bf:4a:b4:f1:54:70:5d:9a:ad:
         7a:39:12:2a:dc:fa:d9:32:bd:74:d4:cf:e6:87:35:73:c0:09:
         01:4e:9d:00:b1:8e:f2:5a:58:a6:fd:81:c2:5d:ad:85:c3:7b:
         e7:b5:c6:f2:0c:ae:09:1d:79:e5:2a:58:df:82:9d:d0:76:50:
         d5:8f:6b:e6:b4:65:74:da:e2:c6:d9:cd:10:e5:58:50:9c:e9:
         2b:b6:1e:68:e8:a5:57:fd:4a:36:9b:83:bb:a8:66:38:ba:ce:
         78:3f:11:71:33:01:79:43:e0:58:c8:a2:89:94:83:49:ad:75:
         ee:54:6d:9b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/8qDDhAt/OfoiLNwcSfsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjYwMTAyMTgyMjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE0NmRkNDc1NGJkOGFjN2ViMjc3MWY5ZTNmZWE5NTQ4M2EwMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRHPnyXvJLj5/jQdxQSEdnKFzXyz
lYSmJXVKvcFF//YPZJZxiDM3Wub5Q1WI9IMCeSBnXg8ncSrynaC7ukjox5fD7wby
aqvJKHAxhVADjxdQomwPGtvh2a3keC8VaRlipycH12PD3KnmFpYVexOe1guLfrSS
zhHEx4Wy8SKbKbcnh9bFzldo5f5ZINCmlhKnj7wMqHv8SAC1oihGhwikyZR3qPDO
o78+Ye2SrJdzz34Le81fPs353e39aCtZI1MZkg+IDULnBBlXxJQ/GlJ1P99aXzdH
mwXUA7ISZh3uFO088szSWC31WXuQBYMT8YMAYIj8BGxzLJ8wdasTpL7gFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDWkbdR1S9isfrJ3H54/6pVIOgMwMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvTmFSdDFIVkwyS3gtc25jZm5qX3FsVWc2QXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguyADAN
BgkqhkiG9w0BAQsFAAOCAQEAdJWvlMfgnaHqLoHxLtZtrlLmYu1srIJRNEQO1iN6
7CB9hcN0jaUb/mRkOCtQ64hbH8Ce3Eawgi5qzQpHXub/cmAKMQFekhs0yj76UQ3J
iq/2/fMwOx0Qu+AGM6LksxRrOClsHmvFgFwRr1x6ECtfz6yi8zwP38wVTGobcuQg
hk2uiBKFgfOnv0q08VRwXZqtejkSKtz62TK9dNTP5oc1c8AJAU6dALGO8lpYpv2B
wl2thcN757XG8gyuCR155SpY34Kd0HZQ1Y9r5rRldNrixtnNEOVYUJzpK7YeaOil
V/1KNpuDu6hmOLrOeD8RcTMBeUPgWMiiiZSDSa117lRtmw==
-----END CERTIFICATE-----