This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/nURomofbDgSrxYM0O1_tcq9RI08.roa
File:                     nURomofbDgSrxYM0O1_tcq9RI08.roa (raw, json)
Hash identifier:          tbGTgdyklPOm5IjmielhkBjtWa6HmczItFnGfm4z+A8=
Subject key identifier:   9D:44:68:9A:87:DB:0E:04:AB:C5:83:34:3B:5F:ED:72:AF:51:23:4F
Certificate issuer:       /CN=6223f564163f64eaf1e1ada6d668cad59d5ab0a3
Certificate serial:       019B7B35D129FDD8DD3461DCD3BD4080EB71
Authority key identifier: 62:23:F5:64:16:3F:64:EA:F1:E1:AD:A6:D6:68:CA:D5:9D:5A:B0:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/nURomofbDgSrxYM0O1_tcq9RI08.roa
Signing time:             Thu 01 Jan 2026 20:18:03 +0000
ROA not before:           Thu 01 Jan 2026 20:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213599
IP address blocks:        2a12:5480::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:d1:29:fd:d8:dd:34:61:dc:d3:bd:40:80:eb:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6223f564163f64eaf1e1ada6d668cad59d5ab0a3
        Validity
            Not Before: Jan  1 20:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d44689a87db0e04abc583343b5fed72af51234f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7f:83:3b:95:cf:16:57:be:fb:87:ee:8f:3e:
                    4a:ad:d4:73:b9:f4:c1:d7:9b:f4:eb:c3:ee:1d:e1:
                    4b:96:10:9f:1a:03:ea:d6:d6:28:c4:34:65:5f:e7:
                    25:12:b8:75:4f:08:f0:b5:ea:cb:46:9d:5f:86:7a:
                    f8:4c:ec:f7:d1:10:bf:03:76:73:12:1e:01:37:72:
                    5d:fc:57:c6:97:e5:eb:e2:a9:4d:ab:87:44:ac:13:
                    7d:9a:1b:c3:83:61:b3:92:88:e9:02:62:d9:38:6e:
                    b3:9b:0a:60:65:a6:00:03:31:9a:16:a0:1f:43:a7:
                    b6:bd:02:e8:be:43:b2:42:96:e6:c7:b5:ab:f8:f0:
                    f0:2f:75:27:48:86:bf:c7:69:93:79:90:35:22:aa:
                    5f:91:a3:eb:b2:10:ea:b8:a5:8f:1c:46:71:b1:8a:
                    38:e1:d8:10:ed:5d:08:f5:92:db:29:bf:0a:cb:f0:
                    ba:ff:02:37:4d:5e:40:00:50:37:59:77:34:a6:b9:
                    10:02:1e:77:fc:b1:2e:29:db:cb:24:22:12:a6:32:
                    fd:42:c7:09:e8:4b:48:59:da:9c:71:dd:d7:85:d3:
                    0c:fa:a9:ad:ab:ac:c7:2a:99:1e:f6:28:bb:83:6d:
                    ec:7f:82:f6:e1:b3:ab:b2:8b:8f:20:78:7c:ef:2b:
                    5e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:44:68:9A:87:DB:0E:04:AB:C5:83:34:3B:5F:ED:72:AF:51:23:4F
            X509v3 Authority Key Identifier:
                keyid:62:23:F5:64:16:3F:64:EA:F1:E1:AD:A6:D6:68:CA:D5:9D:5A:B0:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/nURomofbDgSrxYM0O1_tcq9RI08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d6ebf8-9c35-4dd3-abf5-e97b65794439/1/YiP1ZBY_ZOrx4a2m1mjK1Z1asKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5480::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:66:51:58:e0:ca:1a:29:76:11:1b:3f:7f:3f:ae:f9:7c:15:
         3f:76:03:32:d4:c8:94:05:cc:ec:ab:61:b1:68:dd:54:5e:cc:
         a7:66:8d:84:54:7d:36:55:7d:0a:6a:be:5c:65:18:53:91:cf:
         b6:63:7c:e3:46:02:15:21:5f:c0:50:49:c2:2f:81:2e:d9:d5:
         1f:bc:a3:5a:9c:d2:67:c9:74:c4:a7:78:d1:8d:ed:66:17:a2:
         ad:72:c3:34:3c:4f:3c:bb:e4:49:05:88:6c:9c:98:3b:ff:0d:
         d4:30:bb:95:45:ea:f8:a0:88:06:94:6c:02:58:94:f5:b6:91:
         04:15:0e:07:3a:fd:7d:dd:b2:ab:71:da:f3:a7:7b:bc:8f:ee:
         cf:9e:b1:b0:73:94:b3:c1:29:a5:ef:11:4c:04:73:52:6a:87:
         f5:98:a3:80:24:32:fe:04:95:d2:2d:a8:8e:c8:cd:9e:b2:de:
         db:4a:fd:de:8c:02:99:e9:87:18:23:58:01:9d:1e:70:c0:bd:
         a0:fb:2c:39:4f:1d:6a:19:ad:40:8a:86:27:31:4a:64:9c:f7:
         33:e8:97:b6:27:e5:8f:06:9d:7f:b2:0b:89:88:15:ab:3d:01:
         87:ac:7f:5d:da:b5:89:3e:41:15:03:60:2e:35:d2:8e:93:d8:
         73:27:13:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7NdEp/djdNGHc071AgOtxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjNmNTY0MTYzZjY0ZWFmMWUxYWRhNmQ2NjhjYWQ1OWQ1
YWIwYTMwHhcNMjYwMTAxMjAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ0Njg5YTg3ZGIwZTA0YWJjNTgzMzQzYjVmZWQ3MmFmNTEyMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX+DO5XPFle++4fujz5KrdRzufTB
15v068PuHeFLlhCfGgPq1tYoxDRlX+clErh1TwjwterLRp1fhnr4TOz30RC/A3Zz
Eh4BN3Jd/FfGl+Xr4qlNq4dErBN9mhvDg2GzkojpAmLZOG6zmwpgZaYAAzGaFqAf
Q6e2vQLovkOyQpbmx7Wr+PDwL3UnSIa/x2mTeZA1IqpfkaPrshDquKWPHEZxsYo4
4dgQ7V0I9ZLbKb8Ky/C6/wI3TV5AAFA3WXc0prkQAh53/LEuKdvLJCISpjL9QscJ
6EtIWdqccd3XhdMM+qmtq6zHKpke9ii7g23sf4L24bOrsouPIHh87yteqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ1EaJqH2w4Eq8WDNDtf7XKvUSNPMB8GA1UdIwQY
MBaAFGIj9WQWP2Tq8eGtptZoytWdWrCjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlQMVpCWV9aT3J4NGEybTFtaksxWjFhc0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNmViZjgtOWMzNS00ZGQzLWFiZjUt
ZTk3YjY1Nzk0NDM5LzEvblVSb21vZmJEZ1NyeFlNME8xX3RjcTlSSTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNmViZjgtOWMzNS00ZGQzLWFiZjUtZTk3YjY1Nzk0NDM5
LzEvWWlQMVpCWV9aT3J4NGEybTFtaksxWjFhc0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJUgDAN
BgkqhkiG9w0BAQsFAAOCAQEAAmZRWODKGil2ERs/fz+u+XwVP3YDMtTIlAXM7Kth
sWjdVF7Mp2aNhFR9NlV9Cmq+XGUYU5HPtmN840YCFSFfwFBJwi+BLtnVH7yjWpzS
Z8l0xKd40Y3tZheirXLDNDxPPLvkSQWIbJyYO/8N1DC7lUXq+KCIBpRsAliU9baR
BBUOBzr9fd2yq3Ha86d7vI/uz56xsHOUs8Eppe8RTARzUmqH9ZijgCQy/gSV0i2o
jsjNnrLe20r93owCmemHGCNYAZ0ecMC9oPssOU8dahmtQIqGJzFKZJz3M+iXtifl
jwadf7ILiYgVqz0Bh6x/Xdq1iT5BFQNgLjXSjpPYcycTpg==
-----END CERTIFICATE-----