This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/1-1rJRGOFzkeRQrVBSlrIVTl9-4U.roa
File:                     1-1rJRGOFzkeRQrVBSlrIVTl9-4U.roa (raw, json)
Hash identifier:          l30td2504P6aqF3G/h5NOWOS8SKatECn8VII7AU50HA=
Subject key identifier:   FB:5A:C9:44:63:85:CE:47:91:42:B5:41:4A:5A:C8:55:39:7D:FB:85
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019B797DEF3AF100F362C208C92DB9E5C2CD
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/1-1rJRGOFzkeRQrVBSlrIVTl9-4U.roa
Signing time:             Thu 01 Jan 2026 12:17:35 +0000
ROA not before:           Thu 01 Jan 2026 12:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49915
IP address blocks:        2a0a:1800::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:ef:3a:f1:00:f3:62:c2:08:c9:2d:b9:e5:c2:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Jan  1 12:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb5ac9446385ce479142b5414a5ac855397dfb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:02:46:0a:f0:56:ad:bd:3a:d5:2b:98:01:5e:
                    04:0b:a9:68:a6:9f:e8:47:5f:80:55:b2:be:f5:00:
                    69:2b:c0:c5:4b:c8:7f:12:92:ef:2b:9b:a0:38:3c:
                    f6:b2:e9:7f:0c:c2:89:e4:5c:15:b5:41:31:75:a4:
                    46:8b:87:04:7b:f5:f3:38:7d:02:36:e9:8e:f0:7c:
                    bd:d1:87:2c:1c:a7:96:aa:73:ef:1e:9c:f8:7e:3d:
                    fe:fd:de:e7:43:95:7d:75:7f:08:08:45:62:bf:76:
                    36:90:c6:01:0f:4e:62:27:70:ae:a8:04:04:58:19:
                    7c:1c:7a:2f:6a:9b:a7:29:22:41:62:aa:2d:09:ea:
                    a6:ae:2b:c8:9f:38:f1:43:75:9c:ea:51:53:73:55:
                    f9:56:24:5a:3e:3b:29:b7:1f:08:17:6a:6d:ac:7e:
                    81:2b:e9:b6:cd:70:a7:dc:a8:56:0c:2d:6b:b6:50:
                    ec:62:c9:9d:82:6e:1a:f4:e1:39:43:60:ee:f3:4e:
                    48:78:5d:d2:4a:f8:85:60:a7:ff:c8:6a:bb:5a:13:
                    18:da:81:cb:ad:c0:02:88:eb:08:3c:5e:f8:73:89:
                    06:66:66:02:f3:06:16:8c:c4:aa:52:01:e0:71:65:
                    42:a6:94:74:8b:c3:9f:84:ef:d6:88:21:67:0a:25:
                    c2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5A:C9:44:63:85:CE:47:91:42:B5:41:4A:5A:C8:55:39:7D:FB:85
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/1-1rJRGOFzkeRQrVBSlrIVTl9-4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:1800::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:57:e7:c7:95:b7:e4:20:90:2e:39:ec:1e:f8:c6:95:5c:55:
         0a:40:73:7e:f8:6c:a1:da:02:76:88:99:67:6b:24:a1:0a:5c:
         43:b3:92:74:7a:c2:53:a2:ce:87:fd:55:71:78:ca:ea:63:dd:
         5a:55:79:db:07:a7:ea:78:01:72:07:5a:d6:f5:b1:01:43:34:
         79:31:e0:b1:fd:dc:db:49:27:1d:a8:ff:b0:00:5e:bf:4e:e6:
         f2:44:e5:cb:fa:8e:48:2b:08:cd:ea:5b:55:c8:64:2d:5b:a6:
         3a:4f:c4:ab:e4:10:a5:b8:91:2c:fb:dd:fc:bc:9a:b6:a2:8b:
         b9:42:10:6e:7f:89:ee:31:72:f6:45:4d:c3:49:97:a1:7a:8a:
         c1:ba:65:6d:bc:ab:63:fa:42:4f:5e:44:7a:93:f8:f3:9b:60:
         49:49:97:4e:8e:c4:f5:15:fc:77:fb:c3:9d:ec:ad:9a:a2:cd:
         52:e2:77:85:d0:4e:2f:f3:dc:b1:4e:bc:0e:c7:4e:26:a1:2d:
         ab:fe:cb:1e:9c:12:c6:9a:82:88:60:3f:1c:3e:34:87:fa:25:
         14:3b:45:c4:fa:a7:b7:c4:2f:67:f4:b5:96:34:ea:de:30:7e:
         57:cf:85:ef:0e:bb:15:37:95:af:fe:2e:6c:39:67:b5:81:c4:
         19:e7:e0:38
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt5fe868QDzYsIIyS255cLNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwMTAxMTIxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVhYzk0NDYzODVjZTQ3OTE0MmI1NDE0YTVhYzg1NTM5N2RmYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQJGCvBWrb061SuYAV4EC6lopp/o
R1+AVbK+9QBpK8DFS8h/EpLvK5ugODz2sul/DMKJ5FwVtUExdaRGi4cEe/XzOH0C
NumO8Hy90YcsHKeWqnPvHpz4fj3+/d7nQ5V9dX8ICEViv3Y2kMYBD05iJ3CuqAQE
WBl8HHovapunKSJBYqotCeqmrivInzjxQ3Wc6lFTc1X5ViRaPjsptx8IF2ptrH6B
K+m2zXCn3KhWDC1rtlDsYsmdgm4a9OE5Q2Du805IeF3SSviFYKf/yGq7WhMY2oHL
rcACiOsIPF74c4kGZmYC8wYWjMSqUgHgcWVCppR0i8OfhO/WiCFnCiXC8QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPtayURjhc5HkUK1QUpayFU5ffuFMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvMS0xckpSR09GemtlUlFyVkJTbHJJVlRsOS00VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWYvY2EwMjI4LTU3ZWUtNGY2NS05NjJmLTM1ZDA1OTVlMTJm
MC8xL1k0ZzZlWGlkbjJXQlVwTHhqVW1BdXB4ZTBpRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoKGAAw
DQYJKoZIhvcNAQELBQADggEBAEdX58eVt+QgkC457B74xpVcVQpAc374bKHaAnaI
mWdrJKEKXEOzknR6wlOizof9VXF4yupj3VpVedsHp+p4AXIHWtb1sQFDNHkx4LH9
3NtJJx2o/7AAXr9O5vJE5cv6jkgrCM3qW1XIZC1bpjpPxKvkEKW4kSz73fy8mrai
i7lCEG5/ie4xcvZFTcNJl6F6isG6ZW28q2P6Qk9eRHqT+PObYElJl06OxPUV/Hf7
w53srZqizVLid4XQTi/z3LFOvA7HTiahLav+yx6cEsaagohgPxw+NIf6JRQ7RcT6
p7fEL2f0tZY06t4wflfPhe8OuxU3la/+Lmw5Z7WBxBnn4Dg=
-----END CERTIFICATE-----