This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/QrAN41qChRTNT4R95qHpTVefHQQ.roa
File:                     QrAN41qChRTNT4R95qHpTVefHQQ.roa (raw, json)
Hash identifier:          XDPu188rMm6Y+zuvYmYl0h0eDDm5nOSgaZ2ar9LKmws=
Subject key identifier:   42:B0:0D:E3:5A:82:85:14:CD:4F:84:7D:E6:A1:E9:4D:57:9F:1D:04
Certificate issuer:       /CN=8829792e3ff21fc35827f68a78c8050015c66a72
Certificate serial:       019BF1E1D934E936111626823EE9DEA0BFCE
Authority key identifier: 88:29:79:2E:3F:F2:1F:C3:58:27:F6:8A:78:C8:05:00:15:C6:6A:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iCl5Lj_yH8NYJ_aKeMgFABXGanI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/QrAN41qChRTNT4R95qHpTVefHQQ.roa
Signing time:             Sat 24 Jan 2026 21:21:08 +0000
ROA not before:           Sat 24 Jan 2026 21:21:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5413
IP address blocks:        2a0f:cac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/iCl5Lj_yH8NYJ_aKeMgFABXGanI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/iCl5Lj_yH8NYJ_aKeMgFABXGanI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iCl5Lj_yH8NYJ_aKeMgFABXGanI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f1:e1:d9:34:e9:36:11:16:26:82:3e:e9:de:a0:bf:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8829792e3ff21fc35827f68a78c8050015c66a72
        Validity
            Not Before: Jan 24 21:21:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42b00de35a828514cd4f847de6a1e94d579f1d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ee:be:19:74:65:c3:59:25:1c:25:da:c3:89:
                    6c:46:09:86:65:34:bc:bb:be:1c:15:16:5d:67:8c:
                    09:a2:9e:04:3d:44:18:22:21:d8:7e:4c:32:0d:25:
                    8e:a4:75:75:31:15:b4:69:f3:ef:11:bf:aa:07:00:
                    5a:60:90:d6:40:3d:bb:5f:c1:67:33:81:71:7a:82:
                    94:88:b4:d4:c6:df:40:3d:0e:b0:d4:1b:6f:ff:cc:
                    19:51:0f:bb:da:44:d3:3b:dc:c3:e0:7f:6c:33:42:
                    3f:4a:e6:08:9f:b2:f8:b4:08:c9:4a:9a:9c:07:98:
                    24:fb:78:8f:e0:54:27:f9:2d:c7:05:10:c5:4f:84:
                    14:87:2e:f2:e6:01:1e:fb:3f:6a:b8:75:ba:8c:34:
                    21:e9:d1:3a:f0:b2:12:2d:94:4f:d9:62:09:f2:0e:
                    cb:a3:82:25:2a:5e:99:72:3f:71:a4:bf:f0:e5:f2:
                    e9:b7:83:63:10:a5:d9:2e:34:b8:5d:a2:d5:c4:ac:
                    7b:2e:21:ac:2b:94:45:37:11:be:08:54:9e:84:19:
                    be:5c:1f:90:e7:37:8e:60:b8:5a:33:2b:3f:7e:40:
                    07:e0:e6:90:c6:96:ea:8b:8a:98:ca:ae:01:b9:67:
                    2a:8e:11:2c:0c:3b:91:c7:c3:c3:ec:28:5a:3f:fc:
                    87:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:B0:0D:E3:5A:82:85:14:CD:4F:84:7D:E6:A1:E9:4D:57:9F:1D:04
            X509v3 Authority Key Identifier:
                keyid:88:29:79:2E:3F:F2:1F:C3:58:27:F6:8A:78:C8:05:00:15:C6:6A:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iCl5Lj_yH8NYJ_aKeMgFABXGanI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/QrAN41qChRTNT4R95qHpTVefHQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/6f385e-7fe1-49ad-81fb-1882f4c276cd/1/iCl5Lj_yH8NYJ_aKeMgFABXGanI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:cac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:01:cc:54:ae:84:0e:e2:24:28:fd:15:36:2d:e1:29:44:2c:
         9c:e6:da:d0:c8:e6:bf:d7:55:b4:5b:eb:26:17:5c:0e:0a:a2:
         d1:ca:d8:eb:61:05:f8:68:dc:81:1d:8f:4c:7b:3d:02:8a:fd:
         4a:72:5e:f8:30:de:ca:9c:a4:b4:5b:24:54:85:e8:bb:a9:0c:
         74:69:45:0d:b3:fd:b8:d3:e3:2d:4b:5c:75:0d:7f:a4:d6:4a:
         70:27:c5:72:2e:64:9f:c0:d3:30:8f:48:e9:d9:91:84:d3:29:
         f3:36:03:43:36:8d:15:0f:17:0f:aa:db:4f:a8:3e:51:fe:3e:
         e2:4b:ba:3a:5b:9c:24:14:55:6c:fb:11:82:f7:04:98:53:8a:
         2f:e3:90:56:a6:65:89:54:8b:c3:87:9f:dd:f3:a0:cf:af:d5:
         69:70:4d:f9:d7:38:1e:53:3e:48:f1:ac:79:64:0f:2d:d5:d8:
         1d:c2:dc:7d:e2:7f:8d:9f:c1:70:fd:68:57:ac:2f:af:77:c8:
         55:61:5c:a7:68:93:1e:6c:51:57:bb:78:a8:da:97:c7:2c:37:
         32:a4:b9:10:ea:d3:03:f5:82:d4:8c:62:e9:69:21:9b:4d:64:
         0a:83:b5:9f:ed:65:6f:86:30:1f:6c:dd:ff:83:c4:b5:e3:c1:
         97:4d:f0:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZvx4dk06TYRFiaCPuneoL/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Mjk3OTJlM2ZmMjFmYzM1ODI3ZjY4YTc4YzgwNTAwMTVj
NjZhNzIwHhcNMjYwMTI0MjEyMTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmIwMGRlMzVhODI4NTE0Y2Q0Zjg0N2RlNmExZTk0ZDU3OWYxZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+6+GXRlw1klHCXaw4lsRgmGZTS8
u74cFRZdZ4wJop4EPUQYIiHYfkwyDSWOpHV1MRW0afPvEb+qBwBaYJDWQD27X8Fn
M4FxeoKUiLTUxt9APQ6w1Btv/8wZUQ+72kTTO9zD4H9sM0I/SuYIn7L4tAjJSpqc
B5gk+3iP4FQn+S3HBRDFT4QUhy7y5gEe+z9quHW6jDQh6dE68LISLZRP2WIJ8g7L
o4IlKl6Zcj9xpL/w5fLpt4NjEKXZLjS4XaLVxKx7LiGsK5RFNxG+CFSehBm+XB+Q
5zeOYLhaMys/fkAH4OaQxpbqi4qYyq4BuWcqjhEsDDuRx8PD7ChaP/yHFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEKwDeNagoUUzU+Efeah6U1Xnx0EMB8GA1UdIwQY
MBaAFIgpeS4/8h/DWCf2injIBQAVxmpyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUNsNUxqX3lIOE5ZSl9hS2VNZ0ZBQlhHYW5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC82ZjM4NWUtN2ZlMS00OWFkLTgxZmIt
MTg4MmY0YzI3NmNkLzEvUXJBTjQxcUNoUlROVDRSOTVxSHBUVmVmSFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC82ZjM4NWUtN2ZlMS00OWFkLTgxZmItMTg4MmY0YzI3NmNk
LzEvaUNsNUxqX3lIOE5ZSl9hS2VNZ0ZBQlhHYW5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/KwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB0AcxUroQO4iQo/RU2LeEpRCyc5trQyOa/11W0
W+smF1wOCqLRytjrYQX4aNyBHY9Mez0Civ1Kcl74MN7KnKS0WyRUhei7qQx0aUUN
s/240+MtS1x1DX+k1kpwJ8VyLmSfwNMwj0jp2ZGE0ynzNgNDNo0VDxcPqttPqD5R
/j7iS7o6W5wkFFVs+xGC9wSYU4ov45BWpmWJVIvDh5/d86DPr9VpcE351zgeUz5I
8ax5ZA8t1dgdwtx94n+Nn8Fw/WhXrC+vd8hVYVynaJMebFFXu3io2pfHLDcypLkQ
6tMD9YLUjGLpaSGbTWQKg7Wf7WVvhjAfbN3/g8S148GXTfBK
-----END CERTIFICATE-----