This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/QcxSXFyqidHUk327u_nSMoqZheg.roa
File:                     QcxSXFyqidHUk327u_nSMoqZheg.roa (raw, json)
Hash identifier:          4xwfEjK2GS0Bj8Odb8CMpXnbw4DAt7dP8ep7zLWLlyw=
Subject key identifier:   41:CC:52:5C:5C:AA:89:D1:D4:93:7D:BB:BB:F9:D2:32:8A:99:85:E8
Certificate issuer:       /CN=7af51229773af9157e317160f9dc800f381e0b2b
Certificate serial:       019B79ECCAAE62E1E5E1695977D2D588F6FE
Authority key identifier: 7A:F5:12:29:77:3A:F9:15:7E:31:71:60:F9:DC:80:0F:38:1E:0B:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evUSKXc6-RV-MXFg-dyADzgeCys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/QcxSXFyqidHUk327u_nSMoqZheg.roa
Signing time:             Thu 01 Jan 2026 14:18:40 +0000
ROA not before:           Thu 01 Jan 2026 14:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43357
IP address blocks:        2a11:3:500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/evUSKXc6-RV-MXFg-dyADzgeCys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/evUSKXc6-RV-MXFg-dyADzgeCys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evUSKXc6-RV-MXFg-dyADzgeCys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ca:ae:62:e1:e5:e1:69:59:77:d2:d5:88:f6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af51229773af9157e317160f9dc800f381e0b2b
        Validity
            Not Before: Jan  1 14:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41cc525c5caa89d1d4937dbbbbf9d2328a9985e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f2:e0:52:14:c4:ba:30:52:a8:50:59:96:75:
                    b2:c1:4e:6b:94:fa:5b:42:af:60:93:0f:a5:8b:5c:
                    81:2c:2d:d9:89:24:9d:59:bb:ae:62:c2:82:e7:31:
                    92:61:bf:a6:63:d7:43:08:52:d7:50:c9:f6:fe:3e:
                    75:d3:16:9a:03:5c:ad:89:4e:1e:e1:0a:e2:89:fc:
                    74:00:5e:43:c2:02:7f:70:cf:db:d0:bd:ed:e3:0c:
                    94:44:ef:71:86:8c:7b:79:82:fa:82:25:58:fc:90:
                    3d:9f:78:ae:2d:35:dc:dd:35:bf:9f:b9:13:6e:d6:
                    d0:7a:4c:49:99:8d:72:ed:28:fd:87:46:7f:f4:cc:
                    81:c8:20:a9:99:58:b2:c8:17:ca:42:d6:31:e4:e1:
                    e8:06:49:e0:86:f7:16:8b:ca:05:de:cc:5c:f9:66:
                    8a:c0:c2:01:c7:fc:7e:36:34:dc:af:90:a7:01:64:
                    a8:b7:d1:73:29:ac:89:84:52:39:47:da:ef:92:de:
                    be:07:97:78:de:a5:f7:17:36:a7:94:d4:ce:a2:5e:
                    a6:dd:a8:40:1a:8a:19:02:d6:e2:d4:01:ea:4f:03:
                    f1:1b:50:61:c8:27:d3:98:6c:94:29:ff:04:e4:bb:
                    c5:db:c1:3a:c2:cb:b7:0a:fd:36:a8:c4:5f:e3:ab:
                    fe:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CC:52:5C:5C:AA:89:D1:D4:93:7D:BB:BB:F9:D2:32:8A:99:85:E8
            X509v3 Authority Key Identifier:
                keyid:7A:F5:12:29:77:3A:F9:15:7E:31:71:60:F9:DC:80:0F:38:1E:0B:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evUSKXc6-RV-MXFg-dyADzgeCys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/QcxSXFyqidHUk327u_nSMoqZheg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e06916-9003-4195-b0f2-ee1ea636ed4f/1/evUSKXc6-RV-MXFg-dyADzgeCys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:ee:58:b1:12:59:24:a2:41:a7:a9:86:1a:7e:8a:90:ab:5e:
         65:e0:74:a5:36:54:62:86:1a:35:9d:cd:e9:30:0e:8a:8a:e2:
         17:8e:4b:a3:d2:dd:06:25:5b:66:30:fe:c0:bc:20:f6:df:a4:
         19:10:7c:f4:0b:7f:5e:a9:09:1e:8c:a4:70:ce:29:f1:a2:77:
         2d:75:5e:7a:8c:c6:a2:73:cf:23:87:54:ea:13:ad:53:7a:86:
         a8:ea:54:ae:3f:37:b5:a0:ca:b9:33:d2:3c:4b:7d:06:62:94:
         5d:8d:88:fb:21:74:0e:7e:c8:e2:bc:fb:43:6c:7c:ad:34:df:
         cb:9e:2d:67:85:1a:41:b7:08:62:97:b5:3b:4b:29:e9:7a:8e:
         82:3d:77:0c:e6:5b:57:51:3c:1a:69:29:8d:1a:cf:62:c1:21:
         eb:28:49:ba:a1:0f:8f:27:93:a6:05:a3:01:d6:26:f3:60:39:
         96:82:77:48:cb:ac:9e:93:48:27:ef:6f:29:f6:ae:82:eb:54:
         b0:77:7d:35:7c:9f:4d:9d:15:cf:1f:21:76:8b:8e:db:74:7c:
         8f:b8:55:a2:da:f7:c2:a1:ee:73:58:5d:66:a8:16:79:6a:fd:
         ef:6e:0d:43:71:06:9b:11:58:d6:3d:89:29:d8:98:9d:87:fa:
         0c:b6:0f:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt57MquYuHl4WlZd9LViPb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjUxMjI5NzczYWY5MTU3ZTMxNzE2MGY5ZGM4MDBmMzgx
ZTBiMmIwHhcNMjYwMTAxMTQxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNjNTI1YzVjYWE4OWQxZDQ5MzdkYmJiYmY5ZDIzMjhhOTk4NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvLgUhTEujBSqFBZlnWywU5rlPpb
Qq9gkw+li1yBLC3ZiSSdWbuuYsKC5zGSYb+mY9dDCFLXUMn2/j510xaaA1ytiU4e
4Qriifx0AF5DwgJ/cM/b0L3t4wyURO9xhox7eYL6giVY/JA9n3iuLTXc3TW/n7kT
btbQekxJmY1y7Sj9h0Z/9MyByCCpmViyyBfKQtYx5OHoBknghvcWi8oF3sxc+WaK
wMIBx/x+NjTcr5CnAWSot9FzKayJhFI5R9rvkt6+B5d43qX3FzanlNTOol6m3ahA
GooZAtbi1AHqTwPxG1BhyCfTmGyUKf8E5LvF28E6wsu3Cv02qMRf46v+WQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEHMUlxcqonR1JN9u7v50jKKmYXoMB8GA1UdIwQY
MBaAFHr1Eil3OvkVfjFxYPncgA84HgsrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZVU0tYYzYtUlYtTVhGZy1keUFEemdlQ3lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lMDY5MTYtOTAwMy00MTk1LWIwZjIt
ZWUxZWE2MzZlZDRmLzEvUWN4U1hGeXFpZEhVazMyN3VfblNNb3FaaGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lMDY5MTYtOTAwMy00MTk1LWIwZjItZWUxZWE2MzZlZDRm
LzEvZXZVU0tYYzYtUlYtTVhGZy1keUFEemdlQ3lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhEAAwUw
DQYJKoZIhvcNAQELBQADggEBAMfuWLESWSSiQaephhp+ipCrXmXgdKU2VGKGGjWd
zekwDoqK4heOS6PS3QYlW2Yw/sC8IPbfpBkQfPQLf16pCR6MpHDOKfGidy11XnqM
xqJzzyOHVOoTrVN6hqjqVK4/N7Wgyrkz0jxLfQZilF2NiPshdA5+yOK8+0NsfK00
38ueLWeFGkG3CGKXtTtLKel6joI9dwzmW1dRPBppKY0az2LBIesoSbqhD48nk6YF
owHWJvNgOZaCd0jLrJ6TSCfvbyn2roLrVLB3fTV8n02dFc8fIXaLjtt0fI+4VaLa
98Kh7nNYXWaoFnlq/e9uDUNxBpsRWNY9iSnYmJ2H+gy2DxQ=
-----END CERTIFICATE-----