This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/12Bkajqn8hY_Tq-T8WCRlP0nznI.roa
File:                     12Bkajqn8hY_Tq-T8WCRlP0nznI.roa (raw, json)
Hash identifier:          jWtonX7g3GC6/5xeR6p1a9rNHCNPlB4P0Uas2A2bjUs=
Subject key identifier:   D7:60:64:6A:3A:A7:F2:16:3F:4E:AF:93:F1:60:91:94:FD:27:CE:72
Certificate issuer:       /CN=8ecc229e5699105828564b78509f3b72f3090a21
Certificate serial:       019B7E38516BB67D436AF73C779DFEBCA1B2
Authority key identifier: 8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/12Bkajqn8hY_Tq-T8WCRlP0nznI.roa
Signing time:             Fri 02 Jan 2026 10:19:38 +0000
ROA not before:           Fri 02 Jan 2026 10:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46997
IP address blocks:        2a02:7080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:51:6b:b6:7d:43:6a:f7:3c:77:9d:fe:bc:a1:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecc229e5699105828564b78509f3b72f3090a21
        Validity
            Not Before: Jan  2 10:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d760646a3aa7f2163f4eaf93f1609194fd27ce72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:17:29:9a:dc:32:db:20:6e:9f:08:e2:bb:69:
                    09:70:22:ca:bc:a9:0d:c5:0f:9f:ff:01:ca:07:6f:
                    66:b5:d7:00:87:15:4a:2a:1b:f4:96:12:c5:eb:50:
                    f5:e8:3c:3e:d8:9f:94:cc:6b:db:90:3e:bf:1d:96:
                    6c:46:1a:90:b2:9f:18:1e:c9:60:8e:66:99:8e:84:
                    2e:4e:4c:44:f7:59:b3:7d:44:70:28:5d:00:e5:d3:
                    84:ad:32:26:da:f1:86:51:75:41:5f:6a:86:bd:ce:
                    c5:22:8b:dc:85:01:33:95:ff:1a:5d:0d:27:ce:f5:
                    fb:b0:88:b0:02:0e:7e:5a:f9:fa:4a:e2:55:9a:93:
                    50:8a:99:58:70:04:88:91:b6:d1:0d:16:6b:3c:67:
                    a7:a7:3a:a6:1e:65:ab:47:67:fc:a8:2e:c4:9e:99:
                    a8:7a:86:3f:f8:66:14:2d:06:42:69:01:fd:37:93:
                    55:67:78:90:e7:24:ba:56:10:0a:e7:f7:63:96:37:
                    75:fc:65:93:29:85:87:70:c3:68:d9:87:88:6f:ef:
                    e9:0c:7b:7d:f4:c7:5e:f7:f6:00:65:26:06:42:da:
                    71:d1:c8:3d:02:f8:68:78:8d:de:c6:03:e3:b7:dc:
                    59:b4:ea:3e:3c:d9:b5:9c:be:c9:de:5a:8c:68:f3:
                    ad:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:60:64:6A:3A:A7:F2:16:3F:4E:AF:93:F1:60:91:94:FD:27:CE:72
            X509v3 Authority Key Identifier:
                keyid:8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/12Bkajqn8hY_Tq-T8WCRlP0nznI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7080::/48

    Signature Algorithm: sha256WithRSAEncryption
         c5:e1:dc:d8:d4:c4:2d:ce:00:db:ff:c7:63:40:c1:20:71:15:
         6c:eb:4a:dc:e8:22:50:55:f4:4a:39:a8:78:31:a5:4c:25:80:
         9d:7e:c3:fd:86:41:a5:bf:6c:d0:85:9d:ab:12:4b:4d:b7:16:
         97:a1:d0:a7:24:b6:1a:6b:39:30:0e:01:93:fd:e0:3d:cd:7a:
         15:25:67:51:7c:bf:82:dc:8f:d3:09:9c:52:d3:6d:96:e5:c3:
         c8:98:14:a5:fa:c7:6b:7c:70:3e:ba:a5:99:af:25:33:6c:f5:
         30:5a:16:78:21:b5:61:60:05:7e:eb:22:90:47:3e:33:d4:72:
         79:a1:12:93:2b:da:df:18:48:e6:5a:2f:0c:13:65:84:60:5d:
         52:a5:ef:79:a7:ea:e5:8d:59:d1:de:ed:2c:93:0b:b5:98:5a:
         16:c1:2b:5a:d6:1d:0e:82:fc:fa:6c:03:45:ac:19:7b:25:99:
         ac:a7:5e:8a:e7:95:07:88:4f:2a:cf:32:7e:0e:bc:ed:dd:15:
         e2:53:04:9c:04:01:6a:68:1f:fb:e1:21:1d:07:86:49:8e:a8:
         9b:f3:a7:af:4a:17:ca:26:0e:5e:92:ed:f7:9a:9e:ba:ad:73:
         93:7e:79:21:f2:82:bb:14:10:03:cc:db:ed:9f:2a:be:99:6c:
         bb:7b:54:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OFFrtn1Davc8d53+vKGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2MyMjllNTY5OTEwNTgyODU2NGI3ODUwOWYzYjcyZjMw
OTBhMjEwHhcNMjYwMTAyMTAxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzYwNjQ2YTNhYTdmMjE2M2Y0ZWFmOTNmMTYwOTE5NGZkMjdjZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxcpmtwy2yBunwjiu2kJcCLKvKkN
xQ+f/wHKB29mtdcAhxVKKhv0lhLF61D16Dw+2J+UzGvbkD6/HZZsRhqQsp8YHslg
jmaZjoQuTkxE91mzfURwKF0A5dOErTIm2vGGUXVBX2qGvc7FIovchQEzlf8aXQ0n
zvX7sIiwAg5+Wvn6SuJVmpNQiplYcASIkbbRDRZrPGenpzqmHmWrR2f8qC7Enpmo
eoY/+GYULQZCaQH9N5NVZ3iQ5yS6VhAK5/djljd1/GWTKYWHcMNo2YeIb+/pDHt9
9Mde9/YAZSYGQtpx0cg9AvhoeI3exgPjt9xZtOo+PNm1nL7J3lqMaPOtEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNdgZGo6p/IWP06vk/FgkZT9J85yMB8GA1UdIwQY
MBaAFI7MIp5WmRBYKFZLeFCfO3LzCQohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMt
M2M5ZWJjNDU2NjIzLzEvMTJCa2FqcW44aFlfVHEtVDhXQ1JsUDBuem5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMtM2M5ZWJjNDU2NjIz
LzEvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJwgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDF4dzY1MQtzgDb/8djQMEgcRVs60rc6CJQVfRK
Oah4MaVMJYCdfsP9hkGlv2zQhZ2rEktNtxaXodCnJLYaazkwDgGT/eA9zXoVJWdR
fL+C3I/TCZxS022W5cPImBSl+sdrfHA+uqWZryUzbPUwWhZ4IbVhYAV+6yKQRz4z
1HJ5oRKTK9rfGEjmWi8ME2WEYF1Spe95p+rljVnR3u0skwu1mFoWwSta1h0Ogvz6
bANFrBl7JZmsp16K55UHiE8qzzJ+Drzt3RXiUwScBAFqaB/74SEdB4ZJjqib86ev
ShfKJg5eku33mp66rXOTfnkh8oK7FBADzNvtnyq+mWy7e1TY
-----END CERTIFICATE-----