This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_6K6ekLgN63ACFr7Nc4QqX8mO9Q.roa
File:                     _6K6ekLgN63ACFr7Nc4QqX8mO9Q.roa (raw, json)
Hash identifier:          GR7VM23RiAdX5cDnkEi212fYKZ9tRoD66kVKX08kLSQ=
Subject key identifier:   FF:A2:BA:7A:42:E0:37:AD:C0:08:5A:FB:35:CE:10:A9:7F:26:3B:D4
Certificate issuer:       /CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
Certificate serial:       019B791071A4263966AB3D5A24E9B7DE75BE
Authority key identifier: 45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_6K6ekLgN63ACFr7Nc4QqX8mO9Q.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52209
IP address blocks:        2a13:9e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:71:a4:26:39:66:ab:3d:5a:24:e9:b7:de:75:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffa2ba7a42e037adc0085afb35ce10a97f263bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:53:29:ba:38:e4:ef:1d:a2:bd:00:1b:68:d0:
                    01:36:63:c1:a3:42:b9:2e:82:1a:09:49:25:d9:c3:
                    45:f2:8a:bc:e6:eb:38:8c:63:1e:48:2c:16:2b:90:
                    f0:04:32:8d:78:83:5f:94:e5:4e:c4:02:46:f4:f1:
                    f2:1f:93:48:84:b7:b0:34:59:43:68:ad:6d:18:7e:
                    3e:9d:07:f9:d1:95:ba:4a:35:3a:71:9b:39:3e:d0:
                    25:a6:51:13:4d:fe:9a:41:86:ee:b1:bf:50:47:50:
                    fc:57:5b:97:55:89:d2:49:b2:fd:c1:cb:c3:d7:51:
                    b9:c3:80:ca:ac:96:99:85:8a:d9:07:59:88:d0:e8:
                    ce:19:99:25:a4:c8:0d:5c:ce:3c:dc:52:cc:d8:16:
                    ee:da:ba:ea:6b:7c:2e:79:9c:ad:6a:cb:af:df:22:
                    75:b5:3b:f8:07:3e:fc:2a:58:1b:36:ab:0f:ad:a9:
                    d0:74:54:54:e8:3e:a4:73:f0:12:a7:14:91:78:2e:
                    a6:22:fc:e2:11:d2:3f:ba:bd:33:06:b9:eb:c8:2c:
                    a5:16:49:57:a3:dc:7d:9f:b0:cd:03:42:cc:d5:14:
                    a5:e3:34:b6:4b:eb:c8:ed:0d:0e:9e:96:02:dc:8e:
                    20:24:7e:c9:74:f1:f1:50:56:e1:b8:64:5f:30:72:
                    8e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A2:BA:7A:42:E0:37:AD:C0:08:5A:FB:35:CE:10:A9:7F:26:3B:D4
            X509v3 Authority Key Identifier:
                keyid:45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_6K6ekLgN63ACFr7Nc4QqX8mO9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:9b:cf:85:8b:a9:b4:b2:a4:52:ae:8b:dc:13:0c:f1:22:fb:
         c3:c0:ab:42:ec:25:62:a8:aa:11:f3:8e:2b:94:5e:08:51:bc:
         a9:22:54:41:49:4e:74:1a:78:4e:30:79:f5:dc:4a:04:d7:40:
         e4:77:5e:1d:3b:8a:13:18:11:23:f6:1d:33:69:89:64:70:af:
         cd:fe:8a:29:41:b9:28:17:5c:b1:b0:cc:3e:81:c8:94:b4:d2:
         c2:3f:36:22:a8:1a:5d:e1:f4:ed:ca:7a:d6:46:78:f5:b0:f5:
         a5:90:01:09:a5:69:b1:53:a8:e7:2e:81:bd:b2:e5:07:40:22:
         77:d8:cf:7e:8a:43:07:40:a6:a9:d5:01:03:6c:f2:6b:08:a3:
         4e:a3:79:2c:2f:0f:4d:14:0c:d3:bd:99:1c:28:ee:58:bb:45:
         8a:2e:38:52:bc:26:9f:b8:87:ce:d3:ea:e3:f0:1f:9b:33:18:
         10:24:db:cf:17:b3:07:75:69:74:8d:8d:89:b2:56:a9:24:8b:
         1b:d9:bf:2d:13:b2:c4:b2:ea:20:1e:f8:d2:65:cb:ec:b5:64:
         c1:41:6d:6b:6b:ed:79:6e:52:e0:44:d6:01:1c:fa:7d:18:80:
         64:90:da:29:2b:47:87:e0:9b:6e:02:5d:2e:e3:f4:59:c9:71:
         c2:20:4c:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EHGkJjlmqz1aJOm33nW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGNjNTJhMDcwN2NjMzQwYWM5YzdmNmU5MDI4YjY0Yjcw
MjY3YmMwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmEyYmE3YTQyZTAzN2FkYzAwODVhZmIzNWNlMTBhOTdmMjYzYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFMpujjk7x2ivQAbaNABNmPBo0K5
LoIaCUkl2cNF8oq85us4jGMeSCwWK5DwBDKNeINflOVOxAJG9PHyH5NIhLewNFlD
aK1tGH4+nQf50ZW6SjU6cZs5PtAlplETTf6aQYbusb9QR1D8V1uXVYnSSbL9wcvD
11G5w4DKrJaZhYrZB1mI0OjOGZklpMgNXM483FLM2Bbu2rrqa3wueZytasuv3yJ1
tTv4Bz78KlgbNqsPranQdFRU6D6kc/ASpxSReC6mIvziEdI/ur0zBrnryCylFklX
o9x9n7DNA0LM1RSl4zS2S+vI7Q0OnpYC3I4gJH7JdPHxUFbhuGRfMHKOyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+iunpC4DetwAha+zXOEKl/JjvUMB8GA1UdIwQY
MBaAFEWMxSoHB8w0CsnH9ukCi2S3Ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAt
NzA0MTQ5NjE5YzQ2LzEvXzZLNmVrTGdONjNBQ0ZyN05jNFFxWDhtTzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAtNzA0MTQ5NjE5YzQ2
LzEvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOeQDAN
BgkqhkiG9w0BAQsFAAOCAQEACpvPhYuptLKkUq6L3BMM8SL7w8CrQuwlYqiqEfOO
K5ReCFG8qSJUQUlOdBp4TjB59dxKBNdA5HdeHTuKExgRI/YdM2mJZHCvzf6KKUG5
KBdcsbDMPoHIlLTSwj82IqgaXeH07cp61kZ49bD1pZABCaVpsVOo5y6BvbLlB0Ai
d9jPfopDB0CmqdUBA2zyawijTqN5LC8PTRQM072ZHCjuWLtFii44Urwmn7iHztPq
4/AfmzMYECTbzxezB3VpdI2NibJWqSSLG9m/LROyxLLqIB740mXL7LVkwUFta2vt
eW5S4ETWARz6fRiAZJDaKStHh+CbbgJdLuP0WclxwiBMYg==
-----END CERTIFICATE-----