This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/dCf1-4ZtnEs1hhS0WpTGObxa7Ng.roa
File:                     dCf1-4ZtnEs1hhS0WpTGObxa7Ng.roa (raw, json)
Hash identifier:          6OBl94EqhunP39tyGGpYvE0DCjwIvRqo82T/Ck00I4Y=
Subject key identifier:   74:27:F5:FB:86:6D:9C:4B:35:86:14:B4:5A:94:C6:39:BC:5A:EC:D8
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       019B7C8010BA082AC35997A348D022DA3C8F
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/dCf1-4ZtnEs1hhS0WpTGObxa7Ng.roa
Signing time:             Fri 02 Jan 2026 02:18:46 +0000
ROA not before:           Fri 02 Jan 2026 02:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     131642
IP address blocks:        2a13:2200::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:10:ba:08:2a:c3:59:97:a3:48:d0:22:da:3c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: Jan  2 02:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7427f5fb866d9c4b358614b45a94c639bc5aecd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f3:38:ae:48:03:12:68:77:65:71:83:0d:e4:
                    a3:38:17:11:13:bd:bc:b5:73:27:88:f2:e8:dc:80:
                    fe:98:a3:33:ff:9d:42:b8:8c:f1:48:66:8b:17:06:
                    72:de:53:33:cb:1c:b1:49:ed:56:47:f9:81:4c:be:
                    83:8c:ba:b4:1a:c8:8a:bc:d8:1d:87:92:26:04:34:
                    01:56:c8:51:15:45:dd:b7:59:18:7d:66:7a:70:04:
                    70:56:2c:95:27:30:f1:14:cd:9f:74:10:d0:ec:32:
                    80:d5:32:d5:cd:e8:d1:9f:4a:4c:0f:4e:dd:a7:4a:
                    1f:9d:17:c5:77:be:46:36:22:c6:79:d1:23:b1:9b:
                    59:d0:74:c8:ec:62:3c:80:4d:96:92:23:1f:80:21:
                    e8:c3:a0:24:b8:1f:a4:7c:83:db:2b:ca:5a:f7:4a:
                    59:f1:45:59:68:0c:02:51:99:3c:15:4a:61:87:a9:
                    d4:2d:b0:6e:a5:bd:99:ff:28:66:d9:27:6d:c9:a2:
                    b4:a5:71:09:cc:c1:00:01:3c:95:6b:ff:11:d1:df:
                    48:86:6d:9f:d1:8a:15:97:75:8d:b9:48:02:dc:9d:
                    ca:f0:59:27:04:9d:72:48:79:f3:99:f0:5e:a2:d0:
                    b3:f9:0f:71:79:4a:31:8a:fa:fa:9d:38:9f:4a:14:
                    96:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:27:F5:FB:86:6D:9C:4B:35:86:14:B4:5A:94:C6:39:BC:5A:EC:D8
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/dCf1-4ZtnEs1hhS0WpTGObxa7Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200::/47

    Signature Algorithm: sha256WithRSAEncryption
         21:8c:25:fd:e1:69:ba:25:72:d2:08:26:5f:22:ce:3b:44:8c:
         20:73:a2:9d:b8:46:c6:a7:ae:56:31:db:2b:f2:82:79:2d:86:
         66:d3:2c:50:8f:ef:6f:7e:46:ba:53:e3:5e:62:0b:a6:e1:48:
         72:0b:20:8d:b7:c8:a5:cd:5f:a2:60:48:d7:0e:42:ec:f5:f6:
         21:e2:32:fd:86:cd:9d:95:65:0f:7d:e2:5c:70:75:f8:ee:d0:
         58:25:fe:8b:ce:fa:9b:02:1b:c9:1d:9e:34:5a:d0:1b:c7:c7:
         36:ad:2a:ee:bf:9f:f8:f7:54:9b:f0:3b:76:96:75:5c:34:fa:
         79:ec:4f:74:34:87:34:db:b0:8a:75:f8:61:32:6a:be:c4:3f:
         0c:2c:3d:d2:e4:3d:1a:e3:7f:41:31:4a:f0:b8:bc:2a:ca:3d:
         8b:ed:36:4e:d1:75:14:7b:a0:6a:2e:ba:ff:20:ff:52:a4:ec:
         f4:ac:72:d3:7d:15:15:75:41:ca:2e:5d:91:94:5e:02:2e:c9:
         3b:6b:27:12:4d:6c:79:81:28:5d:8f:84:5d:eb:12:9d:e8:5e:
         c6:26:d9:19:0c:fd:af:72:6b:61:df:c0:fa:fb:ee:e9:f1:3f:
         e0:53:bd:6d:e8:36:b8:e2:2f:3b:27:ed:c2:a7:7a:bf:63:4f:
         5d:e8:fd:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8gBC6CCrDWZejSNAi2jyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjYwMTAyMDIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDI3ZjVmYjg2NmQ5YzRiMzU4NjE0YjQ1YTk0YzYzOWJjNWFlY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofM4rkgDEmh3ZXGDDeSjOBcRE728
tXMniPLo3ID+mKMz/51CuIzxSGaLFwZy3lMzyxyxSe1WR/mBTL6DjLq0GsiKvNgd
h5ImBDQBVshRFUXdt1kYfWZ6cARwViyVJzDxFM2fdBDQ7DKA1TLVzejRn0pMD07d
p0ofnRfFd75GNiLGedEjsZtZ0HTI7GI8gE2WkiMfgCHow6AkuB+kfIPbK8pa90pZ
8UVZaAwCUZk8FUphh6nULbBupb2Z/yhm2SdtyaK0pXEJzMEAATyVa/8R0d9Ihm2f
0YoVl3WNuUgC3J3K8FknBJ1ySHnzmfBeotCz+Q9xeUoxivr6nTifShSWLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQn9fuGbZxLNYYUtFqUxjm8WuzYMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvZENmMS00WnRuRXMxaGhTMFdwVEdPYnhhN05nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhMiAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAhjCX94Wm6JXLSCCZfIs47RIwgc6KduEbGp65W
Mdsr8oJ5LYZm0yxQj+9vfka6U+NeYgum4UhyCyCNt8ilzV+iYEjXDkLs9fYh4jL9
hs2dlWUPfeJccHX47tBYJf6LzvqbAhvJHZ40WtAbx8c2rSruv5/491Sb8Dt2lnVc
NPp57E90NIc027CKdfhhMmq+xD8MLD3S5D0a439BMUrwuLwqyj2L7TZO0XUUe6Bq
Lrr/IP9SpOz0rHLTfRUVdUHKLl2RlF4CLsk7aycSTWx5gShdj4Rd6xKd6F7GJtkZ
DP2vcmth38D6++7p8T/gU71t6Da44i87J+3Cp3q/Y09d6P1H
-----END CERTIFICATE-----