This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/cBS-3HpC_a4rHcbd8xWkU8ryqAo.roa
File:                     cBS-3HpC_a4rHcbd8xWkU8ryqAo.roa (raw, json)
Hash identifier:          BFwk1ZVFsJ92QmF6WqyS8lrea+ZBvLbcAz/u0+3fQLc=
Subject key identifier:   70:14:BE:DC:7A:42:FD:AE:2B:1D:C6:DD:F3:15:A4:53:CA:F2:A8:0A
Certificate issuer:       /CN=a122d6d21bd04c46224653a49be029e3c024b846
Certificate serial:       019B7E38C2CD279A2A2DC0A36AB45C40397B
Authority key identifier: A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/cBS-3HpC_a4rHcbd8xWkU8ryqAo.roa
Signing time:             Fri 02 Jan 2026 10:20:07 +0000
ROA not before:           Fri 02 Jan 2026 10:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398892
IP address blocks:        2a14:af00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c2:cd:27:9a:2a:2d:c0:a3:6a:b4:5c:40:39:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a122d6d21bd04c46224653a49be029e3c024b846
        Validity
            Not Before: Jan  2 10:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7014bedc7a42fdae2b1dc6ddf315a453caf2a80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f6:35:f5:d4:9d:bc:be:2f:99:c8:eb:14:8e:
                    c3:da:0e:df:f3:ee:a7:41:19:65:4b:54:34:af:cb:
                    aa:64:ec:3a:a6:62:26:f4:2f:97:f4:cc:48:c1:f8:
                    80:bf:a5:df:cf:d6:53:97:c0:52:34:74:a8:34:9a:
                    12:2f:b3:42:8d:5e:6a:b1:48:20:34:e1:e0:b6:9d:
                    0f:11:3b:83:6a:39:d0:d6:d1:bd:d9:7d:55:02:64:
                    4d:4e:1b:7c:a1:37:9d:72:59:ba:64:8f:e8:1d:ff:
                    10:b7:98:f3:d9:70:64:b5:79:a6:72:f3:8c:3f:0c:
                    dc:20:6e:9a:51:fb:cb:f2:d9:7f:76:ef:47:2e:9d:
                    12:d1:41:b8:21:da:94:ce:73:f4:5b:21:77:86:03:
                    3e:5e:61:0a:41:bf:de:e5:e8:de:b5:35:6e:a3:f1:
                    0a:37:86:75:00:d0:3b:fe:07:a4:05:11:db:3f:c0:
                    29:40:6d:6e:b5:9f:cf:f8:18:d0:94:ce:a4:f3:4d:
                    97:26:6d:72:f6:14:aa:78:a9:47:27:2c:a7:83:05:
                    05:30:d5:11:d7:bd:5e:e6:22:f5:6b:35:b6:d5:27:
                    f1:60:9b:41:3e:3c:ac:72:1d:14:cd:91:8c:97:2a:
                    04:58:3f:ad:ae:3a:52:54:85:02:23:e3:11:62:1c:
                    32:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:14:BE:DC:7A:42:FD:AE:2B:1D:C6:DD:F3:15:A4:53:CA:F2:A8:0A
            X509v3 Authority Key Identifier:
                keyid:A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/cBS-3HpC_a4rHcbd8xWkU8ryqAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:7c:33:5c:1c:93:34:52:01:dc:46:af:aa:34:37:b8:0f:96:
         59:a4:bb:82:68:fd:df:07:61:11:ea:28:3d:5d:c7:0d:ec:ca:
         7f:fc:1d:db:f6:9f:b6:0e:34:1f:0e:5a:1a:f7:fb:b8:7c:52:
         bb:1a:18:2c:19:de:49:b5:80:40:a6:f6:91:b9:55:be:ca:33:
         65:c2:d3:07:07:f6:b0:25:87:d3:3b:58:f1:0c:b2:d0:3e:b8:
         e6:e4:e8:31:aa:85:f7:c9:c2:e9:e9:be:d4:10:77:07:0b:da:
         43:bb:0b:ca:32:8f:bb:78:28:0a:33:a6:12:f6:02:93:28:40:
         97:32:57:68:1c:1b:cf:96:00:7d:38:5e:73:44:7a:84:e2:57:
         bd:05:aa:30:4b:50:ce:e6:87:a7:d2:2e:91:cb:d0:11:1d:ee:
         22:b2:43:8a:a0:16:26:fb:f7:70:6a:90:6e:a9:c4:0a:e7:88:
         df:f1:74:1c:6c:db:54:3a:28:ce:76:f7:dd:71:b7:70:e1:b1:
         e7:95:f3:f1:9e:a0:88:98:41:3a:f9:53:e6:c0:12:a8:3c:3f:
         61:01:35:8e:07:75:f0:95:e8:fd:94:0f:10:fa:37:39:e8:05:
         1a:83:1f:74:d6:44:4b:ca:81:f3:72:62:b7:0b:e2:08:de:35:
         aa:2e:16:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+OMLNJ5oqLcCjarRcQDl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjJkNmQyMWJkMDRjNDYyMjQ2NTNhNDliZTAyOWUzYzAy
NGI4NDYwHhcNMjYwMTAyMTAyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE0YmVkYzdhNDJmZGFlMmIxZGM2ZGRmMzE1YTQ1M2NhZjJhODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPY19dSdvL4vmcjrFI7D2g7f8+6n
QRllS1Q0r8uqZOw6pmIm9C+X9MxIwfiAv6Xfz9ZTl8BSNHSoNJoSL7NCjV5qsUgg
NOHgtp0PETuDajnQ1tG92X1VAmRNTht8oTedclm6ZI/oHf8Qt5jz2XBktXmmcvOM
PwzcIG6aUfvL8tl/du9HLp0S0UG4IdqUznP0WyF3hgM+XmEKQb/e5ejetTVuo/EK
N4Z1ANA7/gekBRHbP8ApQG1utZ/P+BjQlM6k802XJm1y9hSqeKlHJyyngwUFMNUR
171e5iL1azW21SfxYJtBPjysch0UzZGMlyoEWD+trjpSVIUCI+MRYhwy4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHAUvtx6Qv2uKx3G3fMVpFPK8qgKMB8GA1UdIwQY
MBaAFKEi1tIb0ExGIkZTpJvgKePAJLhGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDct
NWYyNTFhMDNmYTJiLzEvY0JTLTNIcENfYTRySGNiZDh4V2tVOHJ5cUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDctNWYyNTFhMDNmYTJi
LzEvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSvADAN
BgkqhkiG9w0BAQsFAAOCAQEAL3wzXByTNFIB3EavqjQ3uA+WWaS7gmj93wdhEeoo
PV3HDezKf/wd2/aftg40Hw5aGvf7uHxSuxoYLBneSbWAQKb2kblVvsozZcLTBwf2
sCWH0ztY8Qyy0D645uToMaqF98nC6em+1BB3BwvaQ7sLyjKPu3goCjOmEvYCkyhA
lzJXaBwbz5YAfThec0R6hOJXvQWqMEtQzuaHp9IukcvQER3uIrJDiqAWJvv3cGqQ
bqnECueI3/F0HGzbVDooznb33XG3cOGx55Xz8Z6giJhBOvlT5sASqDw/YQE1jgd1
8JXo/ZQPEPo3OegFGoMfdNZES8qB83JitwviCN41qi4WcQ==
-----END CERTIFICATE-----