This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/xpkIemYjOTmWtKVmdzbJYcakWgs.roa
File:                     xpkIemYjOTmWtKVmdzbJYcakWgs.roa (raw, json)
Hash identifier:          fDGVOUTWmgFsRhq58PpHOedFqewxoUtUKqyowz57wYs=
Subject key identifier:   C6:99:08:7A:66:23:39:39:96:B4:A5:66:77:36:C9:61:C6:A4:5A:0B
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       019B7BA4F926BC9DB118BDA5BFB8D3F1237F
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/xpkIemYjOTmWtKVmdzbJYcakWgs.roa
Signing time:             Thu 01 Jan 2026 22:19:27 +0000
ROA not before:           Thu 01 Jan 2026 22:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40975
IP address blocks:        2a0a:2e00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:f9:26:bc:9d:b1:18:bd:a5:bf:b8:d3:f1:23:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 22:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c699087a6623393996b4a5667736c961c6a45a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f3:29:39:78:8f:d5:e0:ad:9f:09:54:5a:70:
                    bb:9b:ac:35:7d:db:66:c8:d0:0e:51:c5:a4:e0:05:
                    7e:91:bb:5c:2c:9e:b1:bc:90:91:48:cd:21:e0:98:
                    4b:38:6e:e3:6c:62:30:86:e5:1e:6e:a8:fb:c6:de:
                    ef:ea:79:aa:8d:8b:79:18:4d:ba:9a:e9:de:f4:95:
                    19:50:63:f8:9f:e3:28:27:ae:fc:41:2e:b6:1d:6e:
                    dc:56:ae:34:37:d3:f9:2b:c5:bf:17:90:f2:d5:dc:
                    4c:b0:e1:36:50:e0:77:f4:22:07:c9:2b:92:a1:28:
                    0f:d2:f8:c2:02:0d:78:02:43:c0:05:8e:37:87:55:
                    9d:3c:e3:ec:86:f0:cd:20:e2:55:f2:11:ee:59:fa:
                    8d:7c:6e:a8:e9:58:a5:d9:6f:3d:a3:64:dd:c0:a6:
                    a6:8c:af:51:dc:b5:1e:63:0b:f2:0f:f7:7c:8d:09:
                    26:34:09:23:6b:94:6d:74:b6:ef:ca:d7:e2:df:73:
                    d0:88:f1:30:ac:d0:06:36:f1:41:de:56:ca:0d:6f:
                    b1:c6:4a:bc:c6:2a:7e:2e:be:d9:bb:11:a8:10:30:
                    3d:27:50:40:7f:ed:8d:7c:72:4f:b0:41:8b:76:a6:
                    83:5d:a6:22:a3:3f:f6:f0:8a:7b:ac:cb:b9:65:16:
                    9b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:99:08:7A:66:23:39:39:96:B4:A5:66:77:36:C9:61:C6:A4:5A:0B
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/xpkIemYjOTmWtKVmdzbJYcakWgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2e00::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:d9:ee:eb:23:f0:76:ea:7d:15:9c:38:be:13:b3:52:92:c8:
         9d:67:c0:cb:63:e7:66:22:33:ce:4c:48:74:51:7b:4c:4c:57:
         27:5f:af:96:54:39:58:b7:7f:22:09:16:e6:e0:fa:56:50:d6:
         3d:8a:7c:54:f3:c4:fc:f3:1f:14:a9:5e:38:31:51:8b:a0:1f:
         77:23:e4:f5:bb:72:b0:8b:4f:b4:72:7c:2e:05:0f:9f:d1:b5:
         0e:4b:25:58:d6:f6:c8:e4:21:88:4f:c3:8e:23:ae:db:56:1e:
         04:ba:47:b6:c7:47:19:bd:cd:d7:1e:68:17:48:ce:f7:36:9f:
         8b:fc:72:d0:91:e8:94:aa:83:1b:fc:2c:00:02:ca:ab:64:7a:
         5f:a5:38:fc:69:b7:20:c9:d2:be:95:38:43:91:aa:25:d9:bf:
         43:87:c6:8a:fe:75:cd:9c:bf:fc:db:3a:a7:fd:46:04:3f:c6:
         62:7d:89:dc:27:f0:c3:b2:3b:41:66:e2:81:9c:b5:18:27:54:
         5c:d4:2f:d5:96:c0:b1:89:73:96:b6:13:7b:b2:fa:da:91:e8:
         fa:b2:b6:00:d8:ad:78:1a:94:5e:88:40:db:37:8b:1f:b9:58:
         9c:23:f2:9c:33:a1:0c:4c:26:b2:52:05:77:12:64:c8:5f:fe:
         0b:2a:1d:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pPkmvJ2xGL2lv7jT8SN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjYwMTAxMjIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjk5MDg3YTY2MjMzOTM5OTZiNGE1NjY3NzM2Yzk2MWM2YTQ1YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPMpOXiP1eCtnwlUWnC7m6w1fdtm
yNAOUcWk4AV+kbtcLJ6xvJCRSM0h4JhLOG7jbGIwhuUebqj7xt7v6nmqjYt5GE26
mune9JUZUGP4n+MoJ678QS62HW7cVq40N9P5K8W/F5Dy1dxMsOE2UOB39CIHySuS
oSgP0vjCAg14AkPABY43h1WdPOPshvDNIOJV8hHuWfqNfG6o6Vil2W89o2TdwKam
jK9R3LUeYwvyD/d8jQkmNAkja5RtdLbvytfi33PQiPEwrNAGNvFB3lbKDW+xxkq8
xip+Lr7ZuxGoEDA9J1BAf+2NfHJPsEGLdqaDXaYioz/28Ip7rMu5ZRabqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMaZCHpmIzk5lrSlZnc2yWHGpFoLMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEveHBrSWVtWWpPVG1XdEtWbWR6YkpZY2FrV2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgouAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAk2e7rI/B26n0VnDi+E7NSksidZ8DLY+dmIjPO
TEh0UXtMTFcnX6+WVDlYt38iCRbm4PpWUNY9inxU88T88x8UqV44MVGLoB93I+T1
u3Kwi0+0cnwuBQ+f0bUOSyVY1vbI5CGIT8OOI67bVh4Euke2x0cZvc3XHmgXSM73
Np+L/HLQkeiUqoMb/CwAAsqrZHpfpTj8abcgydK+lThDkaol2b9Dh8aK/nXNnL/8
2zqn/UYEP8ZifYncJ/DDsjtBZuKBnLUYJ1Rc1C/VlsCxiXOWthN7svrakej6srYA
2K14GpReiEDbN4sfuVicI/KcM6EMTCayUgV3EmTIX/4LKh0J
-----END CERTIFICATE-----