This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/h4qnmgZvvV6hazj9Xn7cghOv6uI.roa
File:                     h4qnmgZvvV6hazj9Xn7cghOv6uI.roa (raw, json)
Hash identifier:          vjv4+ammuobmFm2l5IQ69DMODD0qU4CxTRycj23fFCA=
Subject key identifier:   87:8A:A7:9A:06:6F:BD:5E:A1:6B:38:FD:5E:7E:DC:82:13:AF:EA:E2
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019B76EB6745D26751DEBD2F4B8FA6294A4E
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/h4qnmgZvvV6hazj9Xn7cghOv6uI.roa
Signing time:             Thu 01 Jan 2026 00:18:17 +0000
ROA not before:           Thu 01 Jan 2026 00:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208249
IP address blocks:        2a0b:6b83::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:67:45:d2:67:51:de:bd:2f:4b:8f:a6:29:4a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 00:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=878aa79a066fbd5ea16b38fd5e7edc8213afeae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d5:64:4a:6d:65:3f:cb:17:05:f0:df:76:6c:
                    f8:d9:20:00:bc:89:76:79:99:af:71:02:24:06:d0:
                    9c:f1:28:21:f3:9c:26:e7:b7:ec:1e:71:f6:69:85:
                    06:ff:78:8f:02:b6:c3:b6:f3:e4:d5:03:35:42:0b:
                    52:f3:fe:c7:f3:f0:a8:2a:24:b4:71:74:88:b3:f6:
                    40:0b:d0:2f:1e:a1:fe:b7:78:3e:72:f6:90:7b:c9:
                    b0:1c:7f:9c:85:e4:6a:a5:45:32:6d:58:0f:e0:4a:
                    f0:e5:11:dd:35:22:74:eb:e5:07:79:3c:70:6e:68:
                    98:ac:11:3a:af:64:87:bc:7d:0b:6d:95:ca:8c:e7:
                    a5:b7:45:b3:7d:c2:b2:d0:09:3d:9c:3d:69:87:35:
                    78:8c:d2:4b:0e:e3:17:0e:bb:cf:2d:c0:7b:f8:16:
                    48:b4:19:15:75:be:6d:45:e2:44:9d:3b:7a:0a:ac:
                    a2:f4:75:f7:94:29:c0:b4:48:8a:17:b1:ec:80:1c:
                    2e:3f:35:55:57:2b:5d:08:2f:86:42:fd:8e:a8:9e:
                    47:16:78:6e:01:3d:10:84:86:6b:80:ee:60:25:79:
                    b0:d6:3c:06:dd:52:cf:55:85:d7:71:93:37:82:3b:
                    65:49:ec:8f:30:67:4f:af:2a:a9:1b:0e:34:33:4d:
                    2f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8A:A7:9A:06:6F:BD:5E:A1:6B:38:FD:5E:7E:DC:82:13:AF:EA:E2
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/h4qnmgZvvV6hazj9Xn7cghOv6uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b83::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:4a:45:8f:16:d1:de:fe:15:d9:5a:cb:40:f2:17:f2:a4:7b:
         c4:80:3e:37:69:0b:b4:e3:ad:89:d8:06:3f:d3:9b:26:3e:23:
         c6:c5:6c:16:8f:ad:32:e7:92:71:20:5c:7c:cc:bd:66:9b:66:
         ae:85:a8:2d:e8:48:08:57:39:80:a1:bf:02:58:77:e2:df:96:
         c6:75:af:22:c7:28:c8:fa:db:4d:5d:21:86:32:05:8e:8c:5d:
         c8:8d:6f:c0:c3:52:33:9b:08:d1:f0:28:7c:28:7d:7f:4c:cd:
         fb:43:e6:46:6f:52:4c:6d:0d:5c:48:0f:97:15:b2:7e:c7:2c:
         96:25:59:0a:ec:f2:cd:21:c8:bd:c9:20:50:0b:10:2c:c6:67:
         67:3f:1d:68:7c:1b:27:6a:51:11:8c:44:f0:cb:36:86:8c:c6:
         e6:dd:59:8f:8f:ae:92:af:07:aa:6d:62:68:44:d7:4e:8c:69:
         ef:04:01:65:bf:63:47:17:11:34:89:68:a8:73:5e:f1:02:ab:
         93:4f:8d:0a:d1:fb:e6:21:c8:82:eb:89:90:74:df:dc:48:ce:
         de:3e:2a:bb:6b:b7:fd:b0:29:06:f2:a3:4a:27:2a:76:e1:e7:
         22:6c:36:d2:c8:7b:03:8c:2f:2f:91:86:50:2f:52:5b:bb:ca:
         7e:19:1b:fc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt262dF0mdR3r0vS4+mKUpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjYwMTAxMDAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhhYTc5YTA2NmZiZDVlYTE2YjM4ZmQ1ZTdlZGM4MjEzYWZlYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dVkSm1lP8sXBfDfdmz42SAAvIl2
eZmvcQIkBtCc8Sgh85wm57fsHnH2aYUG/3iPArbDtvPk1QM1QgtS8/7H8/CoKiS0
cXSIs/ZAC9AvHqH+t3g+cvaQe8mwHH+cheRqpUUybVgP4Erw5RHdNSJ06+UHeTxw
bmiYrBE6r2SHvH0LbZXKjOelt0WzfcKy0Ak9nD1phzV4jNJLDuMXDrvPLcB7+BZI
tBkVdb5tReJEnTt6Cqyi9HX3lCnAtEiKF7HsgBwuPzVVVytdCC+GQv2OqJ5HFnhu
AT0QhIZrgO5gJXmw1jwG3VLPVYXXcZM3gjtlSeyPMGdPryqpGw40M00vfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIeKp5oGb71eoWs4/V5+3IITr+riMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvaDRxbm1nWnZ2VjZoYXpqOVhuN2NnaE92NnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtrgzAN
BgkqhkiG9w0BAQsFAAOCAQEArkpFjxbR3v4V2VrLQPIX8qR7xIA+N2kLtOOtidgG
P9ObJj4jxsVsFo+tMueScSBcfMy9ZptmroWoLehICFc5gKG/Alh34t+WxnWvIsco
yPrbTV0hhjIFjoxdyI1vwMNSM5sI0fAofCh9f0zN+0PmRm9STG0NXEgPlxWyfscs
liVZCuzyzSHIvckgUAsQLMZnZz8daHwbJ2pREYxE8Ms2hozG5t1Zj4+ukq8Hqm1i
aETXToxp7wQBZb9jRxcRNIloqHNe8QKrk0+NCtH75iHIguuJkHTf3EjO3j4qu2u3
/bApBvKjSicqduHnImw20sh7A4wvL5GGUC9SW7vKfhkb/A==
-----END CERTIFICATE-----