This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/l85mqhkuv7xdnX1yM97W1ykxfdU.roa
File:                     l85mqhkuv7xdnX1yM97W1ykxfdU.roa (raw, json)
Hash identifier:          btZjRqpdMDGd0trKva0fZ2+uBjhpzizkMnsbZWSCXS8=
Subject key identifier:   97:CE:66:AA:19:2E:BF:BC:5D:9D:7D:72:33:DE:D6:D7:29:31:7D:D5
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       019B7EA6610CC8D437953160EEC9F6B39EC9
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/l85mqhkuv7xdnX1yM97W1ykxfdU.roa
Signing time:             Fri 02 Jan 2026 12:19:51 +0000
ROA not before:           Fri 02 Jan 2026 12:19:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213705
IP address blocks:        2a09:2fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:61:0c:c8:d4:37:95:31:60:ee:c9:f6:b3:9e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Jan  2 12:19:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97ce66aa192ebfbc5d9d7d7233ded6d729317dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3d:dc:f5:5e:81:da:65:b1:a0:61:da:c4:77:
                    43:41:16:4a:98:00:f5:f1:85:3b:a5:2e:b1:4a:c9:
                    35:84:21:61:54:d4:b3:50:1d:4e:06:64:5c:80:47:
                    bd:db:ce:0f:bc:83:6d:2e:4f:07:f7:7a:b0:7e:36:
                    28:32:1c:dc:9e:fe:56:78:03:e9:ef:cd:b5:51:96:
                    8e:48:e7:e8:f3:84:00:48:40:0b:ff:ba:bf:29:ce:
                    d9:5f:68:d7:9d:a5:4a:1c:a3:21:24:37:a9:89:04:
                    99:74:26:05:5a:1b:55:d9:fb:9d:30:ad:62:34:53:
                    71:94:41:d0:f6:5f:3a:54:ce:fc:e9:47:0c:ac:36:
                    44:f0:56:e9:62:02:77:8b:b8:58:0b:b3:5d:ba:fc:
                    94:19:7a:25:6a:30:c6:dd:3e:77:85:64:0a:cd:1e:
                    99:6c:b3:ee:2c:2e:69:ee:1c:73:cb:e8:07:91:59:
                    e9:9b:a3:f5:84:d3:3e:a8:a6:73:89:6b:96:d4:a8:
                    82:32:f7:2d:8b:31:38:85:9b:b1:c8:de:45:e5:9d:
                    31:8e:d5:74:c2:ef:bf:c9:f6:2b:a1:d7:43:d4:22:
                    bf:cd:09:74:cb:ff:d9:d5:84:b7:5b:59:b6:32:99:
                    b8:3c:80:d5:97:c7:a7:6d:73:ea:70:56:70:19:71:
                    22:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CE:66:AA:19:2E:BF:BC:5D:9D:7D:72:33:DE:D6:D7:29:31:7D:D5
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/l85mqhkuv7xdnX1yM97W1ykxfdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:2fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:4b:6b:8a:9a:d4:32:92:74:90:36:80:a3:80:4a:32:6a:a5:
         08:dd:19:5c:7f:cc:05:70:3c:9f:74:0b:a5:09:4d:c0:2d:bc:
         a4:32:10:c0:83:31:4c:d1:14:aa:e8:64:0a:04:85:97:7f:43:
         77:e5:76:8b:8d:3c:0e:98:20:46:0a:43:07:f5:fe:f0:75:fb:
         90:e3:ff:da:bd:35:fd:5f:9b:34:55:8d:17:50:24:78:04:da:
         6f:54:fe:b6:74:09:d0:ec:e9:df:fe:cd:2f:30:8d:f7:8e:35:
         f3:d0:f2:d0:82:62:88:36:fd:bc:a3:0a:76:8d:a2:fc:fe:d6:
         5c:c5:0f:57:bb:5d:9f:ea:8e:1f:83:70:31:a5:d8:7f:b3:e0:
         e2:bc:ef:80:ad:2d:c3:85:27:42:02:4c:ce:2c:bc:bc:b9:b8:
         d8:10:35:36:2c:d0:b2:ad:5d:99:9b:b5:a4:b2:13:01:d1:7c:
         77:92:fe:ec:c7:4d:9f:80:ca:7d:66:2c:80:4a:49:d1:a2:0f:
         2f:37:55:1c:ae:e9:26:02:7c:e4:69:c9:6f:3d:fd:2b:f9:1f:
         02:dc:ea:29:d7:4c:c8:ac:b5:18:81:01:47:f4:80:e8:fb:b1:
         5a:63:24:5f:c9:a9:3a:95:0d:b8:71:01:8f:ce:dc:70:d8:30:
         d2:2f:52:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pmEMyNQ3lTFg7sn2s57JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjYwMTAyMTIxOTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NlNjZhYTE5MmViZmJjNWQ5ZDdkNzIzM2RlZDZkNzI5MzE3ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT3c9V6B2mWxoGHaxHdDQRZKmAD1
8YU7pS6xSsk1hCFhVNSzUB1OBmRcgEe9284PvINtLk8H93qwfjYoMhzcnv5WeAPp
7821UZaOSOfo84QASEAL/7q/Kc7ZX2jXnaVKHKMhJDepiQSZdCYFWhtV2fudMK1i
NFNxlEHQ9l86VM786UcMrDZE8FbpYgJ3i7hYC7NduvyUGXolajDG3T53hWQKzR6Z
bLPuLC5p7hxzy+gHkVnpm6P1hNM+qKZziWuW1KiCMvctizE4hZuxyN5F5Z0xjtV0
wu+/yfYroddD1CK/zQl0y//Z1YS3W1m2Mpm4PIDVl8enbXPqcFZwGXEidwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJfOZqoZLr+8XZ19cjPe1tcpMX3VMB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvbDg1bXFoa3V2N3hkblgxeU05N1cxeWt4ZmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgkvwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFEtriprUMpJ0kDaAo4BKMmqlCN0ZXH/MBXA8n3QL
pQlNwC28pDIQwIMxTNEUquhkCgSFl39Dd+V2i408DpggRgpDB/X+8HX7kOP/2r01
/V+bNFWNF1AkeATab1T+tnQJ0Ozp3/7NLzCN944189Dy0IJiiDb9vKMKdo2i/P7W
XMUPV7tdn+qOH4NwMaXYf7Pg4rzvgK0tw4UnQgJMziy8vLm42BA1NizQsq1dmZu1
pLITAdF8d5L+7MdNn4DKfWYsgEpJ0aIPLzdVHK7pJgJ85GnJbz39K/kfAtzqKddM
yKy1GIEBR/SA6PuxWmMkX8mpOpUNuHEBj87ccNgw0i9SQw==
-----END CERTIFICATE-----