This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/JnUH1sslDBZ7lrgWYQqW6np7d2o.roa
File:                     JnUH1sslDBZ7lrgWYQqW6np7d2o.roa (raw, json)
Hash identifier:          KaaZsj+qH9qEx82FJor1KbhmmMbYUaSEVs/hy4FDH5w=
Subject key identifier:   26:75:07:D6:CB:25:0C:16:7B:96:B8:16:61:0A:96:EA:7A:7B:77:6A
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       019B7EA662603201E7BF79E4D3AD646589EA
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/JnUH1sslDBZ7lrgWYQqW6np7d2o.roa
Signing time:             Fri 02 Jan 2026 12:19:51 +0000
ROA not before:           Fri 02 Jan 2026 12:19:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396931
IP address blocks:        2a06:a640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:62:60:32:01:e7:bf:79:e4:d3:ad:64:65:89:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Jan  2 12:19:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=267507d6cb250c167b96b816610a96ea7a7b776a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2f:c4:f3:4e:47:91:3d:bf:fc:42:8b:e5:d5:
                    82:22:2b:c2:8d:86:a1:bf:99:a0:74:51:39:95:7b:
                    db:84:d4:4d:b3:60:55:3a:a8:b5:2f:7b:84:6f:b5:
                    5c:d5:b7:f4:64:2e:86:e8:63:99:e6:c7:10:89:b1:
                    a8:66:f2:5c:a7:74:1f:8f:d6:ad:7e:eb:00:d8:37:
                    9a:81:5a:30:6b:4e:ae:0f:c3:43:9d:5b:2d:13:46:
                    9f:44:8a:c3:86:80:4d:9f:64:15:cd:cc:be:ee:3c:
                    29:c0:ee:9d:62:0a:8d:5a:ae:38:47:4a:1d:ba:08:
                    25:90:67:26:09:4a:e9:ea:fb:26:3f:09:75:25:62:
                    f8:b3:16:41:56:1f:39:46:fc:a7:11:82:ff:a3:95:
                    eb:4b:43:94:23:93:ed:77:12:9b:fd:41:5c:20:3a:
                    6b:49:ee:05:d7:32:85:84:20:57:08:bf:b7:0d:11:
                    38:65:fa:9e:c5:06:54:27:2e:41:e9:6c:f1:d8:65:
                    5c:71:a8:81:c9:61:bd:78:52:8a:f8:ac:b0:84:29:
                    5c:bc:ec:a7:6e:bc:80:97:3c:44:84:72:09:f2:f2:
                    cb:11:a9:45:eb:09:29:8f:a8:be:32:7b:42:77:21:
                    23:dd:c3:a9:8b:87:89:89:ee:18:c2:97:8e:e1:d9:
                    d6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:75:07:D6:CB:25:0C:16:7B:96:B8:16:61:0A:96:EA:7A:7B:77:6A
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/JnUH1sslDBZ7lrgWYQqW6np7d2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a640::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:88:ae:a5:b4:35:ea:b2:5c:4c:d6:50:0b:fe:f6:b4:5b:45:
         85:0d:77:69:e0:45:6b:af:17:78:4b:10:21:17:cb:ef:67:73:
         df:16:31:1a:fa:9b:3e:5a:d5:3f:98:3a:19:53:fe:fa:43:7c:
         a2:05:a8:a6:28:61:5a:11:55:83:12:66:62:72:40:16:cb:8b:
         dc:f9:72:ab:ff:88:8b:b0:a0:91:70:b7:6c:84:4f:52:4a:c0:
         37:11:5e:e1:a5:a4:29:af:5a:62:0e:19:c8:1f:84:74:64:bd:
         8a:7f:c6:66:11:fd:c4:5f:87:10:8d:17:d7:ee:d4:81:82:63:
         35:01:c4:79:0e:6d:9c:9b:85:ea:23:cb:83:4b:cc:37:02:10:
         79:bc:f8:cc:06:49:cb:3b:da:ef:a7:96:c7:d6:17:96:dd:ee:
         7d:b4:c6:a0:86:3c:d7:22:8b:4c:15:40:d0:f1:42:af:d4:ba:
         37:85:6e:80:19:32:84:9a:a8:eb:71:6b:97:7b:45:81:87:12:
         45:92:7f:9d:fa:51:3f:1b:49:83:5f:41:af:22:0f:54:30:41:
         89:14:84:06:82:85:46:b6:7b:aa:98:50:90:9d:11:96:ad:07:
         6e:76:a8:67:cc:89:78:c3:68:69:45:92:3f:30:15:b7:e7:c1:
         74:11:8f:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pmJgMgHnv3nk061kZYnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjYwMTAyMTIxOTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjc1MDdkNmNiMjUwYzE2N2I5NmI4MTY2MTBhOTZlYTdhN2I3NzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS/E805HkT2//EKL5dWCIivCjYah
v5mgdFE5lXvbhNRNs2BVOqi1L3uEb7Vc1bf0ZC6G6GOZ5scQibGoZvJcp3Qfj9at
fusA2DeagVowa06uD8NDnVstE0afRIrDhoBNn2QVzcy+7jwpwO6dYgqNWq44R0od
ugglkGcmCUrp6vsmPwl1JWL4sxZBVh85RvynEYL/o5XrS0OUI5PtdxKb/UFcIDpr
Se4F1zKFhCBXCL+3DRE4ZfqexQZUJy5B6Wzx2GVccaiByWG9eFKK+KywhClcvOyn
bryAlzxEhHIJ8vLLEalF6wkpj6i+MntCdyEj3cOpi4eJie4YwpeO4dnWrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCZ1B9bLJQwWe5a4FmEKlup6e3dqMB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvSm5VSDFzc2xEQlo3bHJnV1lRcVc2bnA3ZDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgamQDAN
BgkqhkiG9w0BAQsFAAOCAQEAlYiupbQ16rJcTNZQC/72tFtFhQ13aeBFa68XeEsQ
IRfL72dz3xYxGvqbPlrVP5g6GVP++kN8ogWopihhWhFVgxJmYnJAFsuL3Plyq/+I
i7CgkXC3bIRPUkrANxFe4aWkKa9aYg4ZyB+EdGS9in/GZhH9xF+HEI0X1+7UgYJj
NQHEeQ5tnJuF6iPLg0vMNwIQebz4zAZJyzva76eWx9YXlt3ufbTGoIY81yKLTBVA
0PFCr9S6N4VugBkyhJqo63Frl3tFgYcSRZJ/nfpRPxtJg19BryIPVDBBiRSEBoKF
RrZ7qphQkJ0Rlq0HbnaoZ8yJeMNoaUWSPzAVt+fBdBGPJg==
-----END CERTIFICATE-----