This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/XUgse1SVG2LYV88Lp4UVNGgo6_8.roa
File:                     XUgse1SVG2LYV88Lp4UVNGgo6_8.roa (raw, json)
Hash identifier:          g7ViDtzqv8KPcw50VAZhPz4xcsCIQITUrXQJTHZp81Q=
Subject key identifier:   5D:48:2C:7B:54:95:1B:62:D8:57:CF:0B:A7:85:15:34:68:28:EB:FF
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019B76EB67181B1AB62136B69325C7B2065D
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/XUgse1SVG2LYV88Lp4UVNGgo6_8.roa
Signing time:             Thu 01 Jan 2026 00:18:17 +0000
ROA not before:           Thu 01 Jan 2026 00:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207885
IP address blocks:        2a0b:6b86:1100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:67:18:1b:1a:b6:21:36:b6:93:25:c7:b2:06:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 00:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d482c7b54951b62d857cf0ba78515346828ebff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ee:7a:36:b4:d5:be:d4:18:af:e3:e1:dc:6f:
                    0c:4c:4a:5a:ae:99:06:df:c7:8f:73:b2:3d:5f:b3:
                    f1:d8:3f:10:28:0f:83:30:cc:ca:92:2d:a0:8a:92:
                    e0:4a:7d:b9:0e:d2:23:25:b7:82:5a:27:fe:0b:29:
                    f5:64:57:15:1c:67:b5:9b:43:de:43:73:54:81:cf:
                    d9:db:fa:56:d7:35:fc:b3:25:0b:93:b3:c4:45:2b:
                    d3:c0:4c:00:c2:1d:b5:ce:84:71:56:79:9a:a4:8b:
                    1d:5c:53:fb:15:aa:82:fa:2e:02:3a:91:05:fc:a3:
                    7a:55:ed:06:f1:ce:6e:40:04:9a:10:e1:fd:3e:81:
                    ee:82:9e:0e:ed:a9:b9:b0:65:89:8c:f3:a0:76:6a:
                    7a:c9:91:79:7a:7f:07:2b:a0:6d:c9:ad:17:90:16:
                    e8:59:98:50:1e:e9:18:fb:48:60:f5:75:be:1b:39:
                    f0:7d:be:42:4b:30:4a:c1:77:9b:cf:1a:f2:fb:e3:
                    5c:f3:08:2d:50:2c:93:49:9e:ce:df:28:39:01:96:
                    7b:2b:56:a9:06:64:76:9f:bc:66:1d:e1:d3:23:3f:
                    d7:67:26:d5:8a:28:7d:46:bb:74:cf:98:c9:84:11:
                    c5:36:34:d2:76:96:65:f7:c1:5b:20:88:96:ec:b2:
                    f3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:48:2C:7B:54:95:1B:62:D8:57:CF:0B:A7:85:15:34:68:28:EB:FF
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/XUgse1SVG2LYV88Lp4UVNGgo6_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:1d:49:70:70:59:d6:c4:a8:2f:98:0b:74:2e:2c:d0:e7:22:
         53:6d:66:52:1e:e4:d7:f9:84:b1:68:c8:f8:b4:31:09:8b:88:
         16:d0:b2:67:0e:80:bd:77:5b:1d:b0:39:c9:92:21:f8:60:31:
         0b:b7:b9:a4:cd:3f:d5:02:10:ce:d2:45:d4:cb:11:f2:7b:c0:
         18:39:55:5d:5d:0e:13:3f:bc:4d:3b:f4:bb:3a:df:34:4d:a2:
         9f:55:ac:5c:06:9e:ca:ed:d8:78:4a:18:1e:23:19:0d:cc:3d:
         cb:38:65:6d:d5:6b:9a:b3:58:af:b8:ce:7e:2c:ce:dc:d6:49:
         05:b8:89:1d:04:d4:52:28:64:c7:50:01:b5:75:3d:86:80:8a:
         05:34:b2:ad:ee:52:9f:c9:bc:89:df:ca:d6:b4:3f:59:ac:92:
         7f:6f:1f:f1:cf:57:c7:81:7a:8d:b6:59:9e:38:32:1d:55:c9:
         8f:09:5a:00:e7:39:39:eb:f3:8c:87:ec:81:df:92:b8:0d:ed:
         f5:b2:38:ca:d5:a6:79:7c:ef:2c:15:cf:2a:8f:89:a7:df:b5:
         cd:dd:c7:12:5b:db:80:28:89:ce:b8:29:70:f7:eb:eb:6f:1f:
         a2:aa:51:ed:d1:7e:30:92:10:35:5d:81:84:6c:58:fe:21:77:
         44:f8:36:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt262cYGxq2ITa2kyXHsgZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjYwMTAxMDAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQ4MmM3YjU0OTUxYjYyZDg1N2NmMGJhNzg1MTUzNDY4MjhlYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+56NrTVvtQYr+Ph3G8MTEparpkG
38ePc7I9X7Px2D8QKA+DMMzKki2gipLgSn25DtIjJbeCWif+Cyn1ZFcVHGe1m0Pe
Q3NUgc/Z2/pW1zX8syULk7PERSvTwEwAwh21zoRxVnmapIsdXFP7FaqC+i4COpEF
/KN6Ve0G8c5uQASaEOH9PoHugp4O7am5sGWJjPOgdmp6yZF5en8HK6Btya0XkBbo
WZhQHukY+0hg9XW+Gznwfb5CSzBKwXebzxry++Nc8wgtUCyTSZ7O3yg5AZZ7K1ap
BmR2n7xmHeHTIz/XZybViih9Rrt0z5jJhBHFNjTSdpZl98FbIIiW7LLzAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF1ILHtUlRti2FfPC6eFFTRoKOv/MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvWFVnc2UxU1ZHMkxZVjg4THA0VVZOR2dvNl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhhEw
DQYJKoZIhvcNAQELBQADggEBAJ0dSXBwWdbEqC+YC3QuLNDnIlNtZlIe5Nf5hLFo
yPi0MQmLiBbQsmcOgL13Wx2wOcmSIfhgMQu3uaTNP9UCEM7SRdTLEfJ7wBg5VV1d
DhM/vE079Ls63zRNop9VrFwGnsrt2HhKGB4jGQ3MPcs4ZW3Va5qzWK+4zn4sztzW
SQW4iR0E1FIoZMdQAbV1PYaAigU0sq3uUp/JvInfyta0P1mskn9vH/HPV8eBeo22
WZ44Mh1VyY8JWgDnOTnr84yH7IHfkrgN7fWyOMrVpnl87ywVzyqPiafftc3dxxJb
24Aoic64KXD36+tvH6KqUe3RfjCSEDVdgYRsWP4hd0T4NtY=
-----END CERTIFICATE-----