This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ID3uGpE-dcekqFUA9CaskNQTHgw.roa
File:                     ID3uGpE-dcekqFUA9CaskNQTHgw.roa (raw, json)
Hash identifier:          +8FnPQxela/00fZdYSydOiN682t6g2gq5E5EtP0QcC8=
Subject key identifier:   20:3D:EE:1A:91:3E:75:C7:A4:A8:55:00:F4:26:AC:90:D4:13:1E:0C
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019B7E391C75CE29F58BD4EA9DC7616D1DC0
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ID3uGpE-dcekqFUA9CaskNQTHgw.roa
Signing time:             Fri 02 Jan 2026 10:20:30 +0000
ROA not before:           Fri 02 Jan 2026 10:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56835
IP address blocks:        2a0a:2c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:1c:75:ce:29:f5:8b:d4:ea:9d:c7:61:6d:1d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 10:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=203dee1a913e75c7a4a85500f426ac90d4131e0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:41:3d:e1:4c:e8:bd:40:98:4d:62:15:0d:8f:
                    0b:94:35:ae:9f:44:9e:62:9c:a2:49:0d:9c:39:ac:
                    8d:83:51:82:cc:2b:ec:20:2a:44:14:39:6d:67:35:
                    a7:5c:6d:ed:f8:32:dc:d0:5a:6a:d5:47:d0:ad:bf:
                    01:18:25:30:fd:e5:6c:df:87:6a:53:6b:06:f7:c1:
                    89:43:04:3f:35:6a:1f:61:a8:53:8b:ef:6d:29:74:
                    ff:73:c3:47:2f:87:1a:d3:17:e8:5e:4c:2a:fc:39:
                    47:ae:85:8d:ba:27:05:23:56:79:05:6d:47:91:86:
                    fc:54:94:1e:a6:68:5a:5e:78:37:15:4a:51:dc:39:
                    8d:ac:66:1b:51:0b:78:2a:81:fa:4b:a3:74:5f:bd:
                    9e:5d:61:3f:62:71:07:f0:26:67:2b:7e:27:74:2e:
                    59:f2:95:75:1c:a6:18:c7:aa:9c:1b:ae:77:3b:88:
                    2b:56:ef:5f:1c:17:41:61:96:d0:72:56:e1:7d:75:
                    fc:48:b9:40:f8:b3:1d:fa:9f:7e:0c:ac:71:cc:01:
                    f6:70:12:a9:43:89:02:9a:05:af:2c:61:b2:b4:fd:
                    8c:3a:4e:a2:8d:ae:52:b6:f2:da:8e:c0:e1:ac:27:
                    25:fd:7f:63:cc:a1:ce:31:3d:a2:13:59:8e:a8:e5:
                    21:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3D:EE:1A:91:3E:75:C7:A4:A8:55:00:F4:26:AC:90:D4:13:1E:0C
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ID3uGpE-dcekqFUA9CaskNQTHgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:cd:6a:7f:4d:de:1f:dd:92:26:c0:08:3c:17:b6:c7:01:5a:
         b6:6a:1c:9f:18:19:b4:fa:90:35:ad:d7:a0:d5:d8:91:8b:e7:
         a8:f5:89:78:49:29:04:32:87:0f:14:dd:da:1c:d3:8c:a6:db:
         42:f3:70:30:c1:84:17:1a:a3:40:c6:3d:a9:82:ca:ec:4c:11:
         34:cc:a8:61:7b:42:47:e8:7e:7f:7a:d8:2c:51:ac:6e:56:5a:
         6e:49:e3:4f:5b:d0:d8:5d:26:70:3b:bf:c8:36:51:fa:10:b9:
         31:51:22:47:2c:97:0a:41:fd:90:23:a3:d7:d5:e8:0d:c4:a5:
         85:e9:88:8e:0a:bd:18:70:3f:6d:c0:53:82:d8:fd:f7:e0:fe:
         5b:7c:10:7d:73:36:57:5d:e8:79:1a:21:07:88:ec:ea:7f:54:
         f0:a4:0e:a9:76:3d:fc:a3:67:4c:2b:cd:90:e2:31:e0:c6:3b:
         d5:a4:f7:f8:e4:a8:86:a9:49:88:6b:09:50:01:ab:a0:8e:88:
         23:50:20:2e:1c:44:f4:38:8b:04:69:46:3d:90:ed:eb:3b:2e:
         fd:e8:7e:67:2c:ed:94:3a:fc:25:97:41:ce:6b:8a:e0:04:e8:
         a1:4d:46:fc:55:75:b6:bd:1b:ac:98:f9:ad:b5:77:e5:81:42:
         2d:11:2e:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+ORx1zin1i9TqncdhbR3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjYwMTAyMTAyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDNkZWUxYTkxM2U3NWM3YTRhODU1MDBmNDI2YWM5MGQ0MTMxZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUE94UzovUCYTWIVDY8LlDWun0Se
YpyiSQ2cOayNg1GCzCvsICpEFDltZzWnXG3t+DLc0Fpq1UfQrb8BGCUw/eVs34dq
U2sG98GJQwQ/NWofYahTi+9tKXT/c8NHL4ca0xfoXkwq/DlHroWNuicFI1Z5BW1H
kYb8VJQepmhaXng3FUpR3DmNrGYbUQt4KoH6S6N0X72eXWE/YnEH8CZnK34ndC5Z
8pV1HKYYx6qcG653O4grVu9fHBdBYZbQclbhfXX8SLlA+LMd+p9+DKxxzAH2cBKp
Q4kCmgWvLGGytP2MOk6ija5StvLajsDhrCcl/X9jzKHOMT2iE1mOqOUh6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCA97hqRPnXHpKhVAPQmrJDUEx4MMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvSUQzdUdwRS1kY2VrcUZVQTlDYXNrTlFUSGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQByzWp/Td4f3ZImwAg8F7bHAVq2ahyfGBm0+pA1
rdeg1diRi+eo9Yl4SSkEMocPFN3aHNOMpttC83AwwYQXGqNAxj2pgsrsTBE0zKhh
e0JH6H5/etgsUaxuVlpuSeNPW9DYXSZwO7/INlH6ELkxUSJHLJcKQf2QI6PX1egN
xKWF6YiOCr0YcD9twFOC2P334P5bfBB9czZXXeh5GiEHiOzqf1TwpA6pdj38o2dM
K82Q4jHgxjvVpPf45KiGqUmIawlQAaugjogjUCAuHET0OIsEaUY9kO3rOy796H5n
LO2UOvwll0HOa4rgBOihTUb8VXW2vRusmPmttXflgUItES5U
-----END CERTIFICATE-----