This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/Ukx2pX6eNsn9qNUR2nCL2LPZvjA.roa
File:                     Ukx2pX6eNsn9qNUR2nCL2LPZvjA.roa (raw, json)
Hash identifier:          au3fqQ6RcZ2zMdL3gn35FM2inTn32yGF3JxGQGNFq+U=
Subject key identifier:   52:4C:76:A5:7E:9E:36:C9:FD:A8:D5:11:DA:70:8B:D8:B3:D9:BE:30
Certificate issuer:       /CN=ff32d6463621b13f78e530d144feac023e1e4582
Certificate serial:       019B7EA722D8893521BD490DC6AA4B4F1A6B
Authority key identifier: FF:32:D6:46:36:21:B1:3F:78:E5:30:D1:44:FE:AC:02:3E:1E:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/Ukx2pX6eNsn9qNUR2nCL2LPZvjA.roa
Signing time:             Fri 02 Jan 2026 12:20:41 +0000
ROA not before:           Fri 02 Jan 2026 12:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36352
IP address blocks:        2a14:15c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:22:d8:89:35:21:bd:49:0d:c6:aa:4b:4f:1a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff32d6463621b13f78e530d144feac023e1e4582
        Validity
            Not Before: Jan  2 12:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=524c76a57e9e36c9fda8d511da708bd8b3d9be30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:92:27:c3:c2:2c:9e:24:75:0f:af:6e:4e:cb:
                    e5:b0:73:67:32:46:e2:de:36:95:a0:68:d2:70:d7:
                    ff:56:ef:cd:94:55:41:c6:f4:2c:c6:6b:57:5b:42:
                    7c:a3:d9:d8:b0:5e:41:c3:c7:21:d3:8c:70:5c:38:
                    fd:fb:8e:f2:6b:3b:d5:08:36:8c:ac:a3:a2:40:5d:
                    4e:21:d4:7f:42:b5:63:e5:56:72:48:44:7f:21:f6:
                    b5:85:7c:1d:eb:d4:77:93:2a:f3:99:30:80:6c:91:
                    bd:ae:ba:99:9b:36:4c:a2:03:7f:c5:85:43:52:e8:
                    85:09:30:71:b5:a0:cf:71:fb:f5:ae:fa:4c:8f:44:
                    f2:84:82:66:b6:84:2f:f3:7a:e8:35:33:cf:67:11:
                    f7:39:21:97:c9:d3:42:f9:6b:21:99:cd:7f:c0:b1:
                    0c:73:79:87:69:68:79:83:e4:fc:ba:fb:7f:b4:6f:
                    bb:b6:17:44:cf:a8:83:03:7e:94:89:37:a7:dc:93:
                    56:fe:97:8b:ae:c5:63:85:71:3a:da:66:65:fb:0f:
                    c0:dd:c0:d1:0e:e4:35:d8:88:15:20:fd:5f:56:e7:
                    9c:f5:b8:f8:a4:aa:f1:79:66:41:26:48:83:1f:82:
                    4e:9b:ff:92:06:d4:41:38:4a:a5:e6:d0:81:33:54:
                    bb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4C:76:A5:7E:9E:36:C9:FD:A8:D5:11:DA:70:8B:D8:B3:D9:BE:30
            X509v3 Authority Key Identifier:
                keyid:FF:32:D6:46:36:21:B1:3F:78:E5:30:D1:44:FE:AC:02:3E:1E:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/Ukx2pX6eNsn9qNUR2nCL2LPZvjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:15c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:2a:a1:3b:ca:1e:48:12:c4:c7:d5:c8:27:c9:9a:40:c7:8a:
         49:1c:e5:5c:c6:3e:d8:59:28:c9:8a:ed:8c:cc:a9:24:9a:51:
         30:cf:82:9b:a8:ab:2d:45:c3:ea:b9:95:0f:99:0f:e9:84:b7:
         85:34:f8:21:2a:8f:e1:5f:dd:5f:01:fc:de:8e:50:69:51:a7:
         07:18:c3:fc:ed:e0:0e:0b:3b:e9:f5:1b:98:1c:2b:4d:6f:ec:
         01:28:8e:4c:41:f7:0f:58:8d:f5:73:24:0c:e3:4a:95:f5:ed:
         06:7e:24:2d:ff:90:02:98:aa:28:2b:9c:97:6d:11:60:7e:bd:
         c5:40:f8:6f:3f:fa:ef:13:2a:f2:d0:25:b1:79:67:13:c9:63:
         8d:e4:1d:10:b9:5d:2e:03:48:21:63:5d:6a:ef:1a:f1:8a:6e:
         db:6c:31:20:12:c8:a5:03:6b:0d:04:fa:72:4f:73:76:be:e8:
         fb:45:e8:dd:dd:1f:ec:a9:d1:2e:db:3d:b1:06:2a:a8:88:cd:
         ec:1a:57:b6:1f:cb:03:50:92:16:0e:63:fb:d9:75:2f:66:b5:
         ee:62:56:0b:91:f9:ab:d3:64:0f:ab:40:da:38:af:df:18:31:
         59:8f:83:86:35:b2:c0:df:04:7a:fd:86:28:63:1b:9f:c5:34:
         f4:45:03:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pyLYiTUhvUkNxqpLTxprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzJkNjQ2MzYyMWIxM2Y3OGU1MzBkMTQ0ZmVhYzAyM2Ux
ZTQ1ODIwHhcNMjYwMTAyMTIyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRjNzZhNTdlOWUzNmM5ZmRhOGQ1MTFkYTcwOGJkOGIzZDliZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpInw8IsniR1D69uTsvlsHNnMkbi
3jaVoGjScNf/Vu/NlFVBxvQsxmtXW0J8o9nYsF5Bw8ch04xwXDj9+47yazvVCDaM
rKOiQF1OIdR/QrVj5VZySER/Ifa1hXwd69R3kyrzmTCAbJG9rrqZmzZMogN/xYVD
UuiFCTBxtaDPcfv1rvpMj0TyhIJmtoQv83roNTPPZxH3OSGXydNC+Wshmc1/wLEM
c3mHaWh5g+T8uvt/tG+7thdEz6iDA36UiTen3JNW/peLrsVjhXE62mZl+w/A3cDR
DuQ12IgVIP1fVuec9bj4pKrxeWZBJkiDH4JOm/+SBtRBOEql5tCBM1S7aQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFJMdqV+njbJ/ajVEdpwi9iz2b4wMB8GA1UdIwQY
MBaAFP8y1kY2IbE/eOUw0UT+rAI+HkWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pMV1JqWWhzVDk0NVREUlJQNnNBajRlUllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mOTY5MDAtY2YxNy00MWY1LWFlMjgt
MmIwMGVhMzI5MzdiLzEvVWt4MnBYNmVOc245cU5VUjJuQ0wyTFBadmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mOTY5MDAtY2YxNy00MWY1LWFlMjgtMmIwMGVhMzI5Mzdi
LzEvX3pMV1JqWWhzVDk0NVREUlJQNnNBajRlUllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQVwDAN
BgkqhkiG9w0BAQsFAAOCAQEADiqhO8oeSBLEx9XIJ8maQMeKSRzlXMY+2FkoyYrt
jMypJJpRMM+Cm6irLUXD6rmVD5kP6YS3hTT4ISqP4V/dXwH83o5QaVGnBxjD/O3g
Dgs76fUbmBwrTW/sASiOTEH3D1iN9XMkDONKlfXtBn4kLf+QApiqKCucl20RYH69
xUD4bz/67xMq8tAlsXlnE8ljjeQdELldLgNIIWNdau8a8Ypu22wxIBLIpQNrDQT6
ck9zdr7o+0Xo3d0f7KnRLts9sQYqqIjN7BpXth/LA1CSFg5j+9l1L2a17mJWC5H5
q9NkD6tA2jiv3xgxWY+DhjWywN8Eev2GKGMbn8U09EUDeA==
-----END CERTIFICATE-----