This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/3VvlIVLD8nV-Kprr00nGUqwlEG0.roa
File:                     3VvlIVLD8nV-Kprr00nGUqwlEG0.roa (raw, json)
Hash identifier:          ueTtVv9Izvar/a32kf0F4hmGSZUFBIbcRRQsZSddarI=
Subject key identifier:   DD:5B:E5:21:52:C3:F2:75:7E:2A:9A:EB:D3:49:C6:52:AC:25:10:6D
Certificate issuer:       /CN=a122d6d21bd04c46224653a49be029e3c024b846
Certificate serial:       019B7E38C1620A69C286EC3EE9F7E11BE08C
Authority key identifier: A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/3VvlIVLD8nV-Kprr00nGUqwlEG0.roa
Signing time:             Fri 02 Jan 2026 10:20:07 +0000
ROA not before:           Fri 02 Jan 2026 10:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19281
IP address blocks:        2a14:af00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c1:62:0a:69:c2:86:ec:3e:e9:f7:e1:1b:e0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a122d6d21bd04c46224653a49be029e3c024b846
        Validity
            Not Before: Jan  2 10:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd5be52152c3f2757e2a9aebd349c652ac25106d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:23:a6:db:99:d0:cd:3b:e4:c8:44:fe:95:90:
                    0d:85:13:90:8b:9c:8a:53:50:d5:7f:9c:90:bb:9b:
                    15:75:7c:ee:45:e3:3d:bc:63:5d:c5:5e:3a:00:e9:
                    83:00:11:82:1c:bd:c0:11:14:f1:9f:b0:fc:6d:c8:
                    0d:e6:05:19:b8:a5:12:d5:f4:82:ce:29:ac:18:65:
                    28:c0:54:d8:b2:19:6e:c3:e9:0a:d3:6a:28:c6:d0:
                    c7:04:88:23:30:c9:d8:24:91:02:30:c4:28:7e:bb:
                    7c:3a:61:af:2f:0b:f9:61:ed:35:48:94:45:07:9c:
                    8f:a3:a4:2f:f6:41:4c:6f:37:1b:5b:42:89:28:fa:
                    e8:41:92:1b:36:39:09:97:d7:56:f2:f3:35:d6:72:
                    61:7a:b3:ee:14:c2:3f:cc:bf:02:ad:56:63:2b:bd:
                    9e:00:3c:b1:ee:9a:82:fa:fb:ec:3d:9c:df:c5:63:
                    79:0a:c3:69:7a:02:2f:34:f2:19:5c:de:74:22:5a:
                    b3:bc:70:de:7d:5a:9a:00:f7:7c:ea:78:74:13:d7:
                    16:4d:83:0c:e9:5e:44:67:ff:d6:9e:81:45:dd:3d:
                    62:99:7c:8d:d2:ab:41:53:31:50:ac:14:ae:bf:52:
                    73:71:8f:cf:de:ce:01:5a:0e:0f:01:52:89:82:21:
                    f7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5B:E5:21:52:C3:F2:75:7E:2A:9A:EB:D3:49:C6:52:AC:25:10:6D
            X509v3 Authority Key Identifier:
                keyid:A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/3VvlIVLD8nV-Kprr00nGUqwlEG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:70:9c:1e:85:65:2f:09:e7:67:8e:56:6f:85:12:26:1b:e1:
         17:fb:3d:7a:a2:63:a1:01:89:9a:02:66:b4:6a:f8:2e:ce:e9:
         f2:3f:60:e9:c6:e4:1b:12:14:a1:0c:aa:2e:ed:76:a6:ce:a2:
         27:a7:ee:7c:0e:86:28:d8:0d:3e:62:1d:c4:25:97:7f:68:f9:
         a1:fd:52:5e:a5:9b:37:8a:18:df:c0:88:e5:14:b9:f5:66:ad:
         97:d3:2a:45:82:61:82:32:cc:45:20:f9:6c:c4:a7:8b:b2:c9:
         bf:07:07:30:20:0b:43:61:0e:4a:01:34:6d:f0:3a:c4:ab:1b:
         b7:b7:7f:05:57:09:24:f1:f7:75:af:be:c4:99:17:7a:b3:28:
         c7:18:d0:03:6c:bc:32:57:09:b4:1c:2c:45:74:3f:84:ec:64:
         16:5b:b9:f9:72:da:f0:d7:b6:00:b6:a9:f5:4c:7b:81:8a:6b:
         51:46:c5:4d:b5:68:8c:a3:ec:c0:94:33:0b:7e:ad:a0:a2:4d:
         d8:40:dd:06:20:2f:7c:2a:f7:a1:e4:df:0f:f2:9f:17:e6:b1:
         a9:6a:bf:12:16:c9:73:21:37:40:92:35:39:a8:8d:b3:ab:22:
         63:b2:82:52:c0:e0:10:06:28:07:fb:70:5b:7b:5e:c9:67:2b:
         6e:06:56:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+OMFiCmnChuw+6ffhG+CMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjJkNmQyMWJkMDRjNDYyMjQ2NTNhNDliZTAyOWUzYzAy
NGI4NDYwHhcNMjYwMTAyMTAyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDViZTUyMTUyYzNmMjc1N2UyYTlhZWJkMzQ5YzY1MmFjMjUxMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCOm25nQzTvkyET+lZANhROQi5yK
U1DVf5yQu5sVdXzuReM9vGNdxV46AOmDABGCHL3AERTxn7D8bcgN5gUZuKUS1fSC
zimsGGUowFTYshluw+kK02ooxtDHBIgjMMnYJJECMMQofrt8OmGvLwv5Ye01SJRF
B5yPo6Qv9kFMbzcbW0KJKProQZIbNjkJl9dW8vM11nJherPuFMI/zL8CrVZjK72e
ADyx7pqC+vvsPZzfxWN5CsNpegIvNPIZXN50IlqzvHDefVqaAPd86nh0E9cWTYMM
6V5EZ//WnoFF3T1imXyN0qtBUzFQrBSuv1JzcY/P3s4BWg4PAVKJgiH3rwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN1b5SFSw/J1fiqa69NJxlKsJRBtMB8GA1UdIwQY
MBaAFKEi1tIb0ExGIkZTpJvgKePAJLhGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDct
NWYyNTFhMDNmYTJiLzEvM1Z2bElWTEQ4blYtS3BycjAwbkdVcXdsRUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDctNWYyNTFhMDNmYTJi
LzEvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSvADAN
BgkqhkiG9w0BAQsFAAOCAQEAjHCcHoVlLwnnZ45Wb4USJhvhF/s9eqJjoQGJmgJm
tGr4Ls7p8j9g6cbkGxIUoQyqLu12ps6iJ6fufA6GKNgNPmIdxCWXf2j5of1SXqWb
N4oY38CI5RS59Watl9MqRYJhgjLMRSD5bMSni7LJvwcHMCALQ2EOSgE0bfA6xKsb
t7d/BVcJJPH3da++xJkXerMoxxjQA2y8MlcJtBwsRXQ/hOxkFlu5+XLa8Ne2ALap
9Ux7gYprUUbFTbVojKPswJQzC36toKJN2EDdBiAvfCr3oeTfD/KfF+axqWq/EhbJ
cyE3QJI1OaiNs6siY7KCUsDgEAYoB/twW3teyWcrbgZWJQ==
-----END CERTIFICATE-----