This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/9KvmlPKsY8w8aZTFNLv0zg38axY.roa
File:                     9KvmlPKsY8w8aZTFNLv0zg38axY.roa (raw, json)
Hash identifier:          E6UjIGV/KuRgFN4UQnHUeYYcpZAFdXo3JairE/1g8kE=
Subject key identifier:   F4:AB:E6:94:F2:AC:63:CC:3C:69:94:C5:34:BB:F4:CE:0D:FC:6B:16
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       019B7834FE5BC74C970028E2BDCDC86996DF
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/9KvmlPKsY8w8aZTFNLv0zg38axY.roa
Signing time:             Thu 01 Jan 2026 06:18:17 +0000
ROA not before:           Thu 01 Jan 2026 06:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150315
IP address blocks:        2a0d:8140:fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:fe:5b:c7:4c:97:00:28:e2:bd:cd:c8:69:96:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Jan  1 06:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4abe694f2ac63cc3c6994c534bbf4ce0dfc6b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:87:28:9f:c3:48:d8:b6:72:0e:8c:5c:fb:cf:
                    db:6d:83:d4:81:8a:24:ef:ef:b1:d5:2c:62:e8:a9:
                    d0:67:5a:08:f9:15:32:53:33:3d:5d:65:4e:e3:ae:
                    4b:12:98:9c:ef:3d:e6:85:94:c3:8e:21:99:52:3e:
                    86:cd:5a:43:78:7d:eb:70:0f:8b:c2:f1:a2:9e:bc:
                    66:c0:91:3d:54:fc:1b:1f:61:b8:d7:32:a4:d9:0e:
                    bb:2a:30:ff:f3:93:e0:e4:22:3a:c4:e5:36:e2:2b:
                    81:41:11:a3:a4:b9:d0:50:f7:a2:0c:ba:42:de:f5:
                    86:6b:d2:64:2e:fb:4f:9e:13:a7:15:3e:f0:32:01:
                    a5:7f:e8:0f:05:d0:03:43:65:7c:cb:df:c5:89:0a:
                    d5:9b:59:36:97:fe:28:54:1d:be:1f:1f:a9:bf:fb:
                    8c:2f:6f:e6:47:72:63:63:12:ae:84:e7:ab:55:e9:
                    f4:81:fe:33:1b:45:a9:74:00:05:68:f2:b6:23:3e:
                    80:73:f8:1d:99:c0:71:bc:24:0a:09:a3:ba:4a:eb:
                    f1:68:b1:d3:28:8b:6f:07:b7:27:fa:92:66:ea:d6:
                    db:e4:d6:4b:b1:3f:71:be:c6:0a:31:43:87:ff:4e:
                    18:05:0f:d0:3c:76:dd:63:98:20:14:63:81:69:45:
                    bf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AB:E6:94:F2:AC:63:CC:3C:69:94:C5:34:BB:F4:CE:0D:FC:6B:16
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/9KvmlPKsY8w8aZTFNLv0zg38axY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8140:fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:6c:50:00:3b:bf:8e:8a:82:53:0e:e2:31:f0:42:14:8e:ca:
         17:c8:d0:61:b2:9c:f5:71:85:bc:48:a0:2c:f7:e6:65:a2:95:
         09:f2:a8:79:98:22:d5:58:ea:44:09:dc:9b:52:39:5b:87:5b:
         99:70:66:ba:fb:aa:b1:9d:33:c5:e1:59:83:49:c1:b0:22:5b:
         6f:e3:29:ef:23:20:03:d9:07:0b:57:75:40:e4:e5:cd:b0:82:
         b5:6d:3b:00:2c:a4:0e:ab:32:a0:b8:0c:07:2b:1b:00:cd:73:
         73:14:4c:59:46:74:4c:f4:f0:ac:78:1a:78:07:8a:45:d4:1d:
         a5:d5:7f:0a:45:ef:73:0e:2f:44:43:78:e2:17:c1:91:d1:c9:
         4d:94:05:f2:98:94:63:5b:cc:80:af:43:a1:49:ed:6e:90:61:
         0a:b8:b2:49:e9:49:fd:2b:3c:45:07:b4:c0:0a:99:d6:a4:45:
         bc:a2:20:34:f6:a1:99:dd:9d:ab:ab:79:51:3b:41:f2:88:91:
         44:87:f5:32:60:a2:ea:ee:d9:df:51:26:63:7f:8d:22:89:0c:
         2a:59:29:80:ef:73:5d:d9:03:13:cd:2e:0c:3b:8f:6b:9a:6e:
         57:7a:b4:2e:83:e8:13:ea:b9:b6:3b:bc:80:63:38:3d:bd:77:
         b1:4b:59:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NP5bx0yXACjivc3IaZbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjYwMTAxMDYxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFiZTY5NGYyYWM2M2NjM2M2OTk0YzUzNGJiZjRjZTBkZmM2YjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIcon8NI2LZyDoxc+8/bbYPUgYok
7++x1Sxi6KnQZ1oI+RUyUzM9XWVO465LEpic7z3mhZTDjiGZUj6GzVpDeH3rcA+L
wvGinrxmwJE9VPwbH2G41zKk2Q67KjD/85Pg5CI6xOU24iuBQRGjpLnQUPeiDLpC
3vWGa9JkLvtPnhOnFT7wMgGlf+gPBdADQ2V8y9/FiQrVm1k2l/4oVB2+Hx+pv/uM
L2/mR3JjYxKuhOerVen0gf4zG0WpdAAFaPK2Iz6Ac/gdmcBxvCQKCaO6SuvxaLHT
KItvB7cn+pJm6tbb5NZLsT9xvsYKMUOH/04YBQ/QPHbdY5ggFGOBaUW/swIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSr5pTyrGPMPGmUxTS79M4N/GsWMB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvOUt2bWxQS3NZOHc4YVpURk5MdjB6ZzM4YXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5NjgtYTU2YmRmYWRiODFl
LzEvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2BQA//
MA0GCSqGSIb3DQEBCwUAA4IBAQCybFAAO7+OioJTDuIx8EIUjsoXyNBhspz1cYW8
SKAs9+ZlopUJ8qh5mCLVWOpECdybUjlbh1uZcGa6+6qxnTPF4VmDScGwIltv4ynv
IyAD2QcLV3VA5OXNsIK1bTsALKQOqzKguAwHKxsAzXNzFExZRnRM9PCseBp4B4pF
1B2l1X8KRe9zDi9EQ3jiF8GR0clNlAXymJRjW8yAr0OhSe1ukGEKuLJJ6Un9KzxF
B7TACpnWpEW8oiA09qGZ3Z2rq3lRO0HyiJFEh/UyYKLq7tnfUSZjf40iiQwqWSmA
73Nd2QMTzS4MO49rmm5XerQug+gT6rm2O7yAYzg9vXexS1la
-----END CERTIFICATE-----