This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/a7wv3b1ooHQ7mRf_4JpjlIKsEqE.roa
File:                     a7wv3b1ooHQ7mRf_4JpjlIKsEqE.roa (raw, json)
Hash identifier:          GjYckqZlHfSo2hqfKlyRa11uJG4waZaPHhZ/aCse+9E=
Subject key identifier:   6B:BC:2F:DD:BD:68:A0:74:3B:99:17:FF:E0:9A:63:94:82:AC:12:A1
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B775957849D66499924B3E7C131105598
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/a7wv3b1ooHQ7mRf_4JpjlIKsEqE.roa
Signing time:             Thu 01 Jan 2026 02:18:22 +0000
ROA not before:           Thu 01 Jan 2026 02:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56417
IP address blocks:        128.0.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:57:84:9d:66:49:99:24:b3:e7:c1:31:10:55:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bbc2fddbd68a0743b9917ffe09a639482ac12a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2c:45:8f:1e:52:23:46:ef:65:d3:37:36:12:
                    1d:1f:94:fd:78:35:fb:29:b1:5c:d5:07:37:f2:97:
                    1e:5d:07:97:83:81:4c:3e:25:6c:10:03:47:1c:d7:
                    1c:41:a1:55:1c:23:3b:24:16:9b:81:d6:78:23:07:
                    5f:54:a3:22:17:67:5d:1f:9b:de:fd:c6:6c:95:17:
                    07:e2:3f:15:dd:90:fa:08:ab:ad:69:b1:6b:2d:b0:
                    b5:5a:8c:4f:d0:0e:c0:04:cb:c0:8d:9c:3c:d6:68:
                    0c:c6:68:32:8a:4f:d6:a7:75:a5:62:a2:62:9e:b4:
                    e3:d1:bd:23:ae:bf:f6:99:11:5d:1a:0e:47:48:07:
                    fa:44:c8:bc:5e:0c:8c:5d:71:57:92:d3:0d:c9:07:
                    3f:36:68:eb:e5:42:73:3e:17:b9:5f:25:bb:78:89:
                    62:04:13:a0:ba:de:73:03:18:64:50:bb:71:3a:e4:
                    86:48:50:32:32:e1:a6:56:51:e6:7e:f1:57:08:bc:
                    f9:f1:76:3e:57:34:2e:2b:12:eb:06:e3:17:e8:ae:
                    a1:26:0c:a5:92:db:26:5b:cd:82:e0:37:a3:d1:7a:
                    30:6b:7d:5b:a3:79:55:3c:ad:49:c1:af:9c:0b:1e:
                    4f:e9:85:9d:a0:dd:5c:9c:1c:60:4f:e1:20:5a:32:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:BC:2F:DD:BD:68:A0:74:3B:99:17:FF:E0:9A:63:94:82:AC:12:A1
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/a7wv3b1ooHQ7mRf_4JpjlIKsEqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:af:69:cb:c5:dc:ed:63:a3:a9:d4:c6:97:76:34:9d:c2:62:
         37:b2:ae:48:63:a0:c3:9f:d8:3b:99:56:d9:cb:62:1f:cd:79:
         e8:62:d2:df:17:88:3e:86:dc:71:cb:2c:fd:19:fc:fe:5f:21:
         8e:11:04:83:12:ff:36:8a:aa:b2:44:94:58:51:69:ab:36:84:
         eb:6e:7c:1d:90:3a:dc:0c:83:a0:c0:8b:d9:d3:82:16:cc:69:
         fe:a3:60:e5:9f:1b:66:32:2f:05:c6:76:ed:5c:0a:db:6d:18:
         ca:f0:a8:ab:26:98:cf:29:d8:c2:26:9f:f7:84:12:23:de:8b:
         ed:3f:e9:99:5c:8c:e9:d3:7d:91:d0:f2:6e:15:f2:b5:65:f5:
         15:e6:7c:0f:de:4f:fb:40:d7:04:65:15:67:2c:3d:6e:c4:a4:
         17:f5:85:27:dd:9b:c2:f3:fd:88:a2:f7:47:d4:6c:59:23:de:
         e5:ae:22:d8:c5:63:37:ae:62:1b:97:35:e2:50:fb:ae:37:00:
         47:2a:ff:48:95:9a:db:36:57:d2:d3:5f:a9:4c:4d:b8:45:08:
         62:39:f0:a3:62:b7:b1:1f:f9:c2:88:e2:55:42:12:6b:97:68:
         3a:cf:37:b8:a3:30:cf:2d:07:42:d2:51:44:21:99:e4:d3:ab:
         7a:84:16:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WVeEnWZJmSSz58ExEFWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmJjMmZkZGJkNjhhMDc0M2I5OTE3ZmZlMDlhNjM5NDgyYWMxMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSxFjx5SI0bvZdM3NhIdH5T9eDX7
KbFc1Qc38pceXQeXg4FMPiVsEANHHNccQaFVHCM7JBabgdZ4IwdfVKMiF2ddH5ve
/cZslRcH4j8V3ZD6CKutabFrLbC1WoxP0A7ABMvAjZw81mgMxmgyik/Wp3WlYqJi
nrTj0b0jrr/2mRFdGg5HSAf6RMi8XgyMXXFXktMNyQc/Nmjr5UJzPhe5XyW7eIli
BBOgut5zAxhkULtxOuSGSFAyMuGmVlHmfvFXCLz58XY+VzQuKxLrBuMX6K6hJgyl
ktsmW82C4Dej0Xowa31bo3lVPK1Jwa+cCx5P6YWdoN1cnBxgT+EgWjKUzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGu8L929aKB0O5kX/+CaY5SCrBKhMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2E3d3YzYjFvb0hRN21SZl80SnBqbElLc0VxRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACAAAIw
DQYJKoZIhvcNAQELBQADggEBACCvacvF3O1jo6nUxpd2NJ3CYjeyrkhjoMOf2DuZ
VtnLYh/Neehi0t8XiD6G3HHLLP0Z/P5fIY4RBIMS/zaKqrJElFhRaas2hOtufB2Q
OtwMg6DAi9nTghbMaf6jYOWfG2YyLwXGdu1cCtttGMrwqKsmmM8p2MImn/eEEiPe
i+0/6ZlcjOnTfZHQ8m4V8rVl9RXmfA/eT/tA1wRlFWcsPW7EpBf1hSfdm8Lz/Yii
90fUbFkj3uWuItjFYzeuYhuXNeJQ+643AEcq/0iVmts2V9LTX6lMTbhFCGI58KNi
t7Ef+cKI4lVCEmuXaDrPN7ijMM8tB0LSUUQhmeTTq3qEFsQ=
-----END CERTIFICATE-----