This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/OfWV2U6d2G66IUWsrNxQqrV7mss.roa
File:                     OfWV2U6d2G66IUWsrNxQqrV7mss.roa (raw, json)
Hash identifier:          gASQVd+Sh51sow2h+7M1wSuBugvFozeRnIy6awd7pEU=
Subject key identifier:   39:F5:95:D9:4E:9D:D8:6E:BA:21:45:AC:AC:DC:50:AA:B5:7B:9A:CB
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       019B77C712A0CC92B402F3EF97BFBAB400EB
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/OfWV2U6d2G66IUWsrNxQqrV7mss.roa
Signing time:             Thu 01 Jan 2026 04:18:13 +0000
ROA not before:           Thu 01 Jan 2026 04:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28848
IP address blocks:        2a01:190:15e9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:12:a0:cc:92:b4:02:f3:ef:97:bf:ba:b4:00:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 04:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39f595d94e9dd86eba2145acacdc50aab57b9acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f6:9c:35:e6:5a:1c:03:de:13:f6:1e:a8:4c:
                    d4:69:e7:4c:68:35:33:3a:79:16:fb:1a:15:cb:7c:
                    a2:5c:7f:31:87:fe:36:e4:1e:a7:c0:f6:d0:56:26:
                    98:a3:76:da:44:b5:26:c8:d2:ef:af:7b:64:25:7d:
                    f6:85:38:72:3c:eb:c2:cf:4e:84:f6:0a:d6:a5:67:
                    90:e8:43:14:2b:d3:84:b3:62:34:54:81:50:ea:d0:
                    b3:16:ae:47:1f:96:ca:f7:1f:29:d2:47:55:79:a8:
                    a1:59:34:28:8b:67:57:a6:a8:22:38:d4:b8:49:7a:
                    f3:d3:65:78:00:a9:8c:f0:6f:6a:c0:4b:91:c4:ad:
                    e8:b4:f8:24:4b:bf:71:06:2d:92:ed:da:84:3e:cf:
                    82:77:60:7d:dd:ce:40:1f:f8:27:0f:96:6f:ca:6e:
                    7d:ed:01:54:56:31:d4:c0:5d:6b:1c:79:fd:27:4e:
                    01:85:57:85:40:9f:79:34:7b:5c:e4:bf:b5:b9:d0:
                    7e:98:7c:f2:e1:50:7e:95:00:c3:61:a4:c9:60:35:
                    65:8c:da:96:17:6f:9c:ff:19:93:09:74:29:a9:9b:
                    dc:dd:1f:b7:68:86:62:61:ef:44:44:48:cf:a6:96:
                    58:f5:9b:57:02:be:d8:a9:42:ae:4d:d6:6e:24:69:
                    66:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F5:95:D9:4E:9D:D8:6E:BA:21:45:AC:AC:DC:50:AA:B5:7B:9A:CB
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/OfWV2U6d2G66IUWsrNxQqrV7mss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:190:15e9::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:e2:70:48:ce:5d:b4:0f:1b:a8:56:94:db:a7:c3:61:5e:e4:
         bc:aa:b9:c8:6c:20:01:17:4e:2f:71:76:dc:a0:21:98:56:5b:
         ad:77:a2:75:be:d2:06:38:94:a5:5a:66:b5:0f:e8:4c:53:86:
         99:05:e3:40:b8:3b:01:73:33:03:8b:d4:b4:44:ed:08:73:fd:
         fe:e0:60:d0:89:a3:85:be:7e:c8:8f:b5:d3:a5:d8:0b:aa:c0:
         f3:c2:24:f0:66:6e:e9:2c:f0:64:7d:15:d7:68:f9:12:25:f1:
         de:63:de:aa:cd:be:fd:34:df:83:a1:2c:c3:de:03:51:2d:70:
         0b:5f:1b:17:ee:1b:7b:48:f1:b4:d3:34:66:cb:76:e1:6c:dc:
         e1:8e:ce:38:3c:a4:04:b2:a0:bb:6b:a2:04:7b:42:95:7c:5d:
         7d:68:7b:04:5a:24:cc:07:34:c3:ef:a5:7c:e7:f9:7e:8b:64:
         13:dc:de:a3:a1:db:8c:db:ef:b4:ba:c4:51:55:35:8c:77:cd:
         4c:53:38:63:8c:04:36:99:ba:bb:d5:69:32:a2:42:7a:f7:51:
         78:f4:83:45:ff:2c:b0:78:37:c9:63:6c:c6:d5:ab:c3:e7:39:
         f4:de:56:24:2c:59:73:bd:69:ad:c6:f9:75:83:82:11:cf:2e:
         2c:67:8a:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xxKgzJK0AvPvl7+6tADrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjYwMTAxMDQxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWY1OTVkOTRlOWRkODZlYmEyMTQ1YWNhY2RjNTBhYWI1N2I5YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/acNeZaHAPeE/YeqEzUaedMaDUz
OnkW+xoVy3yiXH8xh/425B6nwPbQViaYo3baRLUmyNLvr3tkJX32hThyPOvCz06E
9grWpWeQ6EMUK9OEs2I0VIFQ6tCzFq5HH5bK9x8p0kdVeaihWTQoi2dXpqgiONS4
SXrz02V4AKmM8G9qwEuRxK3otPgkS79xBi2S7dqEPs+Cd2B93c5AH/gnD5Zvym59
7QFUVjHUwF1rHHn9J04BhVeFQJ95NHtc5L+1udB+mHzy4VB+lQDDYaTJYDVljNqW
F2+c/xmTCXQpqZvc3R+3aIZiYe9EREjPppZY9ZtXAr7YqUKuTdZuJGlmTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDn1ldlOndhuuiFFrKzcUKq1e5rLMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvT2ZXVjJVNmQyRzY2SVVXc3JOeFFxclY3bXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBkBXp
MA0GCSqGSIb3DQEBCwUAA4IBAQBk4nBIzl20DxuoVpTbp8NhXuS8qrnIbCABF04v
cXbcoCGYVlutd6J1vtIGOJSlWma1D+hMU4aZBeNAuDsBczMDi9S0RO0Ic/3+4GDQ
iaOFvn7Ij7XTpdgLqsDzwiTwZm7pLPBkfRXXaPkSJfHeY96qzb79NN+DoSzD3gNR
LXALXxsX7ht7SPG00zRmy3bhbNzhjs44PKQEsqC7a6IEe0KVfF19aHsEWiTMBzTD
76V85/l+i2QT3N6joduM2++0usRRVTWMd81MUzhjjAQ2mbq71WkyokJ691F49INF
/yyweDfJY2zG1avD5zn03lYkLFlzvWmtxvl1g4IRzy4sZ4qo
-----END CERTIFICATE-----