This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/PrGwU2TW-rYM4XlKNokSqvhickE.roa
File:                     PrGwU2TW-rYM4XlKNokSqvhickE.roa (raw, json)
Hash identifier:          fwpVBF6tUhobxteId7IZ9kM2ae4pupPUogMY1BLAryM=
Subject key identifier:   3E:B1:B0:53:64:D6:FA:B6:0C:E1:79:4A:36:89:12:AA:F8:62:72:41
Certificate issuer:       /CN=6af9c540b146bb44c8219d01375c10124920ae9f
Certificate serial:       019B7C118D97DE2BF65F8C8CB9F54DE2DB5A
Authority key identifier: 6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/PrGwU2TW-rYM4XlKNokSqvhickE.roa
Signing time:             Fri 02 Jan 2026 00:18:03 +0000
ROA not before:           Fri 02 Jan 2026 00:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211442
IP address blocks:        2a10:e1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:8d:97:de:2b:f6:5f:8c:8c:b9:f5:4d:e2:db:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af9c540b146bb44c8219d01375c10124920ae9f
        Validity
            Not Before: Jan  2 00:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3eb1b05364d6fab60ce1794a368912aaf8627241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:aa:f8:ec:de:97:6a:be:4b:19:84:be:f3:0e:
                    eb:f9:2c:35:69:47:a8:fe:4f:ae:70:f6:5e:d3:cb:
                    de:54:a6:96:f6:04:64:17:57:8b:82:be:5f:ce:9e:
                    32:b5:a3:53:8c:b5:a5:92:32:28:93:a4:b9:c8:a5:
                    9a:bd:54:a2:18:92:32:a1:1a:1a:81:5e:14:ea:e6:
                    d1:2b:ab:9a:ee:1b:2b:1e:33:d4:d6:77:57:0a:02:
                    53:58:69:f3:f1:c8:c1:63:ac:3b:d0:3c:bb:2c:09:
                    a5:32:f8:90:7c:6a:4b:20:70:06:2c:66:c7:38:55:
                    5a:53:8f:99:fb:f7:80:9c:05:0f:4e:b5:fa:55:55:
                    a3:9e:62:0c:8f:9f:96:14:88:af:e9:ea:fa:74:a5:
                    0e:56:ab:9b:7b:e6:dd:08:df:99:a8:49:e6:d8:41:
                    c3:a6:d6:71:78:a1:d0:e5:26:5c:b6:aa:12:54:dc:
                    f3:08:9e:69:87:39:e8:bb:66:8d:d1:0a:84:c0:a2:
                    1e:c1:64:d6:48:10:45:51:6d:78:2d:9b:ba:05:f1:
                    37:21:23:ab:65:25:d3:64:b7:fa:47:47:d9:13:10:
                    77:71:f1:ba:48:01:b7:4c:cf:44:6a:72:f2:a3:dc:
                    a2:ab:3d:ef:0c:cd:b7:8f:d8:3a:6c:ce:94:33:e3:
                    db:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B1:B0:53:64:D6:FA:B6:0C:E1:79:4A:36:89:12:AA:F8:62:72:41
            X509v3 Authority Key Identifier:
                keyid:6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/PrGwU2TW-rYM4XlKNokSqvhickE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:e1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:cf:dd:1c:e5:ac:dd:19:3a:54:cf:08:28:18:b8:58:da:ed:
         63:b1:ad:e6:64:5a:d3:3f:a6:67:e0:6f:63:ef:7a:3b:4c:da:
         60:71:ee:7b:c0:2d:41:ca:c4:b3:51:4f:ba:d0:9c:d9:90:07:
         54:48:2f:1e:75:79:98:9a:1b:c1:c5:af:68:b5:e5:0d:2f:18:
         4e:a8:59:81:45:52:a9:80:de:f1:ad:17:32:3d:d0:67:f3:04:
         26:6c:78:69:90:a9:b2:80:38:db:01:bf:bd:8f:cc:68:23:38:
         e4:32:36:a0:9f:3d:85:0b:82:21:52:f6:f2:58:3b:2d:13:1d:
         44:f7:df:ed:da:bc:9f:1f:14:bb:73:a5:de:af:27:a6:e7:dc:
         f7:98:77:51:24:65:b9:cb:ee:7d:a3:20:48:9f:16:0c:32:32:
         7f:95:c6:77:4a:a0:56:bb:22:f1:9a:55:8e:16:c0:85:f4:c6:
         ed:2b:5e:d6:0f:f5:af:db:2d:67:12:f1:3c:f4:45:f7:ac:da:
         26:8d:6e:66:5e:db:3f:e7:62:65:a6:36:5a:9d:43:f9:50:cf:
         51:db:f3:99:01:e5:87:d8:b3:1a:cd:44:de:97:fb:05:fb:20:
         96:20:7a:49:37:90:a4:08:42:d0:11:7f:d0:22:5a:56:08:88:
         29:c9:68:a4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8EY2X3iv2X4yMufVN4ttaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjljNTQwYjE0NmJiNDRjODIxOWQwMTM3NWMxMDEyNDky
MGFlOWYwHhcNMjYwMTAyMDAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIxYjA1MzY0ZDZmYWI2MGNlMTc5NGEzNjg5MTJhYWY4NjI3MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6r47N6Xar5LGYS+8w7r+Sw1aUeo
/k+ucPZe08veVKaW9gRkF1eLgr5fzp4ytaNTjLWlkjIok6S5yKWavVSiGJIyoRoa
gV4U6ubRK6ua7hsrHjPU1ndXCgJTWGnz8cjBY6w70Dy7LAmlMviQfGpLIHAGLGbH
OFVaU4+Z+/eAnAUPTrX6VVWjnmIMj5+WFIiv6er6dKUOVqube+bdCN+ZqEnm2EHD
ptZxeKHQ5SZctqoSVNzzCJ5phznou2aN0QqEwKIewWTWSBBFUW14LZu6BfE3ISOr
ZSXTZLf6R0fZExB3cfG6SAG3TM9EanLyo9yiqz3vDM23j9g6bM6UM+PbtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD6xsFNk1vq2DOF5SjaJEqr4YnJBMB8GA1UdIwQY
MBaAFGr5xUCxRrtEyCGdATdcEBJJIK6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODct
NDIxYTk5YmRkNzhmLzEvUHJHd1UyVFctcllNNFhsS05va1NxdmhpY2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODctNDIxYTk5YmRkNzhm
LzEvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDhwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMc/dHOWs3Rk6VM8IKBi4WNrtY7Gt5mRa0z+mZ+Bv
Y+96O0zaYHHue8AtQcrEs1FPutCc2ZAHVEgvHnV5mJobwcWvaLXlDS8YTqhZgUVS
qYDe8a0XMj3QZ/MEJmx4aZCpsoA42wG/vY/MaCM45DI2oJ89hQuCIVL28lg7LRMd
RPff7dq8nx8Uu3Ol3q8npufc95h3USRlucvufaMgSJ8WDDIyf5XGd0qgVrsi8ZpV
jhbAhfTG7Ste1g/1r9stZxLxPPRF96zaJo1uZl7bP+diZaY2Wp1D+VDPUdvzmQHl
h9izGs1E3pf7BfsgliB6STeQpAhC0BF/0CJaVgiIKclopA==
-----END CERTIFICATE-----