This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5utcJHsfBrjTs_UOTB5AJlV11DM.roa
File:                     5utcJHsfBrjTs_UOTB5AJlV11DM.roa (raw, json)
Hash identifier:          p9JiIAKdi3ntcnSsoekfJmDvvRvUwFnZwfz4Ft5kAjc=
Subject key identifier:   E6:EB:5C:24:7B:1F:06:B8:D3:B3:F5:0E:4C:1E:40:26:55:75:D4:33
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       019B7EA73CC2A51122D9CE74DED4DA5FF543
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5utcJHsfBrjTs_UOTB5AJlV11DM.roa
Signing time:             Fri 02 Jan 2026 12:20:47 +0000
ROA not before:           Fri 02 Jan 2026 12:20:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48944
IP address blocks:        2a05:63c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:3c:c2:a5:11:22:d9:ce:74:de:d4:da:5f:f5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Jan  2 12:20:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6eb5c247b1f06b8d3b3f50e4c1e40265575d433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d1:b1:7d:4d:5e:43:36:82:02:6f:78:86:5e:
                    44:1e:e0:f7:2b:3c:67:13:f3:a6:9a:16:24:a9:da:
                    6d:ae:af:1c:ea:44:98:9b:6d:56:dc:a9:ea:6b:71:
                    bc:c5:36:c8:11:da:f6:b8:3b:e1:6d:c1:f3:95:62:
                    b1:5c:53:95:79:c2:3e:f0:03:fa:53:12:2b:e0:7b:
                    eb:4e:26:f3:dd:eb:39:9f:f5:b5:70:d6:39:0c:c1:
                    fe:c4:ae:a5:7a:a2:7e:0d:1f:5a:d2:e3:c6:d6:0a:
                    d9:40:31:3a:d1:4f:8e:2e:fd:c7:85:03:2a:4a:4e:
                    ee:54:9d:a5:6f:1f:54:20:7d:27:69:3b:88:bd:0d:
                    1e:be:1f:9a:98:87:d3:cd:61:66:06:c0:00:7a:4b:
                    ce:86:32:ce:2b:a2:3f:9d:b2:a1:49:3f:af:b9:58:
                    36:20:9e:33:d5:d0:97:b5:49:0d:9c:39:7a:1f:06:
                    10:cd:97:3b:d4:cb:3d:49:2a:cd:e4:b4:2a:93:44:
                    70:ef:c3:91:d6:93:cc:fc:76:10:20:e2:bf:a2:8c:
                    19:04:b4:41:9e:ae:30:a3:3c:8f:1b:8e:76:b9:d8:
                    a8:70:35:0f:0c:6a:14:bc:76:e2:8d:9d:8d:fc:db:
                    90:ec:0d:a3:49:a2:17:65:50:fc:8c:9b:22:c6:0a:
                    aa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EB:5C:24:7B:1F:06:B8:D3:B3:F5:0E:4C:1E:40:26:55:75:D4:33
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5utcJHsfBrjTs_UOTB5AJlV11DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:a4:8d:21:f3:78:f5:74:1a:ad:87:7c:35:fb:be:f4:73:b5:
         56:90:c8:9c:43:e0:78:75:25:72:5a:38:27:44:6c:79:84:81:
         80:13:62:e8:51:d5:d0:29:b7:8b:8d:ac:f6:80:af:2d:a7:eb:
         e7:fd:af:ae:5f:ae:45:71:16:f8:fc:b3:b9:ae:3f:68:5d:8b:
         8d:f7:a6:86:f6:a3:cb:7b:d0:49:fa:34:89:f6:6e:da:11:ee:
         26:d9:21:aa:8f:aa:8d:51:f7:68:32:12:60:c5:8d:2f:61:39:
         17:bd:c3:a7:14:6c:16:35:24:37:e7:e3:07:ef:65:8e:b7:73:
         8d:e3:72:93:40:13:f5:9c:3e:2f:75:00:4d:34:b7:71:05:fc:
         a5:b3:fa:c6:43:c4:c0:a2:5a:c4:73:e4:38:bd:8b:95:85:aa:
         8c:0a:bc:f6:6c:d2:f0:c6:d9:4c:e4:90:49:c2:d5:52:25:9d:
         87:bf:f5:30:c4:16:cf:6c:81:aa:03:6c:e7:cd:a8:b0:3b:23:
         b1:f8:01:0f:98:23:32:f3:c9:bd:cd:93:bc:81:f7:a3:c0:2b:
         a1:d3:79:4a:4b:b8:74:da:ab:bb:2b:37:54:94:f0:28:ce:7d:
         3e:e8:ae:73:df:5c:f5:f4:ad:c1:da:a2:42:f7:17:6c:a9:ca:
         92:6b:21:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pzzCpREi2c503tTaX/VDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjYwMTAyMTIyMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmViNWMyNDdiMWYwNmI4ZDNiM2Y1MGU0YzFlNDAyNjU1NzVkNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutGxfU1eQzaCAm94hl5EHuD3Kzxn
E/OmmhYkqdptrq8c6kSYm21W3Knqa3G8xTbIEdr2uDvhbcHzlWKxXFOVecI+8AP6
UxIr4HvrTibz3es5n/W1cNY5DMH+xK6leqJ+DR9a0uPG1grZQDE60U+OLv3HhQMq
Sk7uVJ2lbx9UIH0naTuIvQ0evh+amIfTzWFmBsAAekvOhjLOK6I/nbKhST+vuVg2
IJ4z1dCXtUkNnDl6HwYQzZc71Ms9SSrN5LQqk0Rw78OR1pPM/HYQIOK/oowZBLRB
nq4wozyPG452udiocDUPDGoUvHbijZ2N/NuQ7A2jSaIXZVD8jJsixgqqIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFObrXCR7Hwa407P1DkweQCZVddQzMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvNXV0Y0pIc2ZCcmpUc19VT1RCNUFKbFYxMURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgVjwDAN
BgkqhkiG9w0BAQsFAAOCAQEAEaSNIfN49XQarYd8Nfu+9HO1VpDInEPgeHUlclo4
J0RseYSBgBNi6FHV0Cm3i42s9oCvLafr5/2vrl+uRXEW+Pyzua4/aF2Ljfemhvaj
y3vQSfo0ifZu2hHuJtkhqo+qjVH3aDISYMWNL2E5F73DpxRsFjUkN+fjB+9ljrdz
jeNyk0AT9Zw+L3UATTS3cQX8pbP6xkPEwKJaxHPkOL2LlYWqjAq89mzS8MbZTOSQ
ScLVUiWdh7/1MMQWz2yBqgNs582osDsjsfgBD5gjMvPJvc2TvIH3o8ArodN5Sku4
dNqruys3VJTwKM59Puiuc99c9fStwdqiQvcXbKnKkmsh4g==
-----END CERTIFICATE-----