This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Fo1ny7DTXP76w1PX26szVPdpKCo.roa
File:                     Fo1ny7DTXP76w1PX26szVPdpKCo.roa (raw, json)
Hash identifier:          V6HN3sYUhwyOEcWr4ACY8KukJRinqBdcwgZewm2AbG0=
Subject key identifier:   16:8D:67:CB:B0:D3:5C:FE:FA:C3:53:D7:DB:AB:33:54:F7:69:28:2A
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       019B7D5CB16BB4DCEB9C0B31390ADBFBAC7C
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Fo1ny7DTXP76w1PX26szVPdpKCo.roa
Signing time:             Fri 02 Jan 2026 06:19:45 +0000
ROA not before:           Fri 02 Jan 2026 06:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212232
IP address blocks:        2a0c:2f05::/32 maxlen: 48
                          2a0c:2f05:18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:b1:6b:b4:dc:eb:9c:0b:31:39:0a:db:fb:ac:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan  2 06:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=168d67cbb0d35cfefac353d7dbab3354f769282a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6b:c4:49:82:ab:ce:18:b8:bb:1e:60:4b:81:
                    09:3b:1f:1b:d9:79:c0:2f:d5:8c:4c:90:f0:f8:3e:
                    ca:31:88:f7:af:57:07:66:70:5d:d2:d9:ff:a0:1a:
                    5a:d7:11:c6:2b:6a:12:c1:aa:6e:f9:57:ee:a1:3c:
                    a1:e3:3f:aa:ad:02:7d:a0:1f:44:02:86:72:df:15:
                    5e:ae:ca:ce:3c:fb:ba:fe:8f:e2:f6:cd:a2:56:89:
                    4e:08:33:4d:9c:cf:35:ab:07:3a:4b:2b:0a:20:1f:
                    a5:05:f4:c3:63:e2:04:0b:4f:b5:a4:01:cb:71:0a:
                    0a:d1:ee:d3:58:33:67:c7:d9:79:ea:7e:da:78:09:
                    f6:e3:66:f4:50:d1:17:1a:95:d1:95:26:aa:c7:59:
                    bc:39:1b:c3:d5:e6:84:ea:aa:f2:a3:fd:50:f1:a7:
                    c2:c7:ee:60:65:a6:f4:00:e5:fc:ce:59:5f:d2:8b:
                    10:33:4e:de:a4:b6:0a:d9:e8:94:ef:9e:9e:dc:73:
                    ed:8c:44:1d:13:9a:06:54:13:77:80:1a:4f:d3:a2:
                    b7:0e:7c:07:52:52:77:6b:72:e3:61:07:f1:a8:1c:
                    e9:84:a1:63:6c:46:92:6e:de:b0:c7:25:4a:16:6c:
                    03:83:d8:6e:18:7a:2a:ad:b6:49:62:20:a1:9e:4a:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8D:67:CB:B0:D3:5C:FE:FA:C3:53:D7:DB:AB:33:54:F7:69:28:2A
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Fo1ny7DTXP76w1PX26szVPdpKCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2f05::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:bf:6f:ab:b8:3f:49:a4:76:45:02:5b:7f:e0:6a:33:c3:84:
         81:14:de:22:dc:d8:a7:46:47:06:97:d8:47:92:9f:c9:54:de:
         ef:0c:7e:95:14:64:50:4e:5a:ff:2c:02:c0:57:3d:9c:80:a7:
         11:5c:93:b3:7b:29:26:10:e4:e9:53:ad:aa:dd:46:57:fe:a6:
         cf:fd:96:f0:4d:9c:34:f3:de:27:a3:4b:b7:f5:51:72:3e:43:
         5f:63:0c:c9:b1:bf:5a:c2:a4:72:e2:82:9c:1e:08:39:98:c6:
         fb:21:82:25:6e:d2:06:c7:5c:a1:00:a1:b8:ee:49:c8:7f:fd:
         a5:3e:9b:26:0d:41:62:31:68:44:1b:0e:d5:9e:69:56:31:eb:
         a7:51:51:5e:1f:9f:44:09:1c:af:2d:06:35:03:93:7e:2d:aa:
         bc:45:cb:40:9d:a4:1e:a8:3f:03:20:86:33:99:5d:c4:36:4a:
         32:5f:5e:b4:6e:d7:ed:9e:92:a5:be:ad:ea:75:67:90:6a:41:
         9d:42:30:5d:a8:84:0f:bc:76:d6:a4:c2:7c:06:b8:02:c9:e5:
         aa:36:c4:69:28:5b:eb:34:5c:2c:d7:7a:c6:b6:76:ae:96:7e:
         53:54:44:83:40:d0:48:43:97:09:84:f2:59:52:ef:a4:64:de:
         d4:a3:93:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9XLFrtNzrnAsxOQrb+6x8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjYwMTAyMDYxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhkNjdjYmIwZDM1Y2ZlZmFjMzUzZDdkYmFiMzM1NGY3NjkyODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmvESYKrzhi4ux5gS4EJOx8b2XnA
L9WMTJDw+D7KMYj3r1cHZnBd0tn/oBpa1xHGK2oSwapu+VfuoTyh4z+qrQJ9oB9E
AoZy3xVersrOPPu6/o/i9s2iVolOCDNNnM81qwc6SysKIB+lBfTDY+IEC0+1pAHL
cQoK0e7TWDNnx9l56n7aeAn242b0UNEXGpXRlSaqx1m8ORvD1eaE6qryo/1Q8afC
x+5gZab0AOX8zllf0osQM07epLYK2eiU756e3HPtjEQdE5oGVBN3gBpP06K3DnwH
UlJ3a3LjYQfxqBzphKFjbEaSbt6wxyVKFmwDg9huGHoqrbZJYiChnkqOvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBaNZ8uw01z++sNT19urM1T3aSgqMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvRm8xbnk3RFRYUDc2dzFQWDI2c3pWUGRwS0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwvBTAN
BgkqhkiG9w0BAQsFAAOCAQEAw79vq7g/SaR2RQJbf+BqM8OEgRTeItzYp0ZHBpfY
R5KfyVTe7wx+lRRkUE5a/ywCwFc9nICnEVyTs3spJhDk6VOtqt1GV/6mz/2W8E2c
NPPeJ6NLt/VRcj5DX2MMybG/WsKkcuKCnB4IOZjG+yGCJW7SBsdcoQChuO5JyH/9
pT6bJg1BYjFoRBsO1Z5pVjHrp1FRXh+fRAkcry0GNQOTfi2qvEXLQJ2kHqg/AyCG
M5ldxDZKMl9etG7X7Z6Spb6t6nVnkGpBnUIwXaiED7x21qTCfAa4AsnlqjbEaShb
6zRcLNd6xrZ2rpZ+U1REg0DQSEOXCYTyWVLvpGTe1KOTBA==
-----END CERTIFICATE-----