This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/Zae_gMNSGLYpjvDka3zKlP-S3hQ.roa
File:                     Zae_gMNSGLYpjvDka3zKlP-S3hQ.roa (raw, json)
Hash identifier:          KFAqhbt9W5g+ZaeRsfu703acWAo0iC27yLXUw/eFD2k=
Subject key identifier:   65:A7:BF:80:C3:52:18:B6:29:8E:F0:E4:6B:7C:CA:94:FF:92:DE:14
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       019B7CEDDBDDEF48211160A635AAC905D42D
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/Zae_gMNSGLYpjvDka3zKlP-S3hQ.roa
Signing time:             Fri 02 Jan 2026 04:18:41 +0000
ROA not before:           Fri 02 Jan 2026 04:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214339
IP address blocks:        2a07:6d40:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:db:dd:ef:48:21:11:60:a6:35:aa:c9:05:d4:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jan  2 04:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65a7bf80c35218b6298ef0e46b7cca94ff92de14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:67:bc:0f:e9:eb:1d:c0:99:66:54:86:d2:ed:
                    ae:6d:79:7a:3a:cc:ab:3a:de:38:7b:12:5c:06:dc:
                    21:73:7c:e7:0e:1a:58:9b:bb:35:29:fb:d2:23:b0:
                    0b:a6:56:74:fa:78:a4:d7:3f:2b:fe:58:91:62:97:
                    f5:e6:89:84:ce:ba:5c:b4:77:32:13:b6:37:fc:1d:
                    7a:dc:ef:d8:19:dc:b5:9c:de:cb:2b:ee:57:7e:d7:
                    0f:14:2f:4e:c9:e5:57:d5:c7:0d:b1:b9:3e:df:1b:
                    b6:39:4f:08:4f:53:a6:71:98:88:67:6b:88:3a:02:
                    fc:2a:72:38:d4:0c:c6:d6:f8:08:8b:03:ae:4c:09:
                    ae:36:70:14:6b:85:9b:22:ce:8c:af:fc:d5:f3:19:
                    15:12:d8:b5:b5:e2:9e:8f:f8:96:0b:2a:ea:54:a4:
                    95:15:85:7a:66:77:62:82:93:3c:84:fd:1b:29:53:
                    ec:89:23:b6:a9:9c:89:64:21:38:11:74:06:16:ff:
                    93:9f:6b:59:f3:73:da:06:6e:b7:43:8b:04:e1:be:
                    87:3e:03:d7:8e:57:81:48:40:9a:64:af:35:b4:ef:
                    9e:44:bd:0c:e1:70:f4:d3:b6:ec:00:17:c8:56:61:
                    36:3a:62:5f:38:24:88:70:bb:37:37:03:3d:e3:fe:
                    ce:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A7:BF:80:C3:52:18:B6:29:8E:F0:E4:6B:7C:CA:94:FF:92:DE:14
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/Zae_gMNSGLYpjvDka3zKlP-S3hQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:6d40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:fa:00:86:e2:4b:b1:2a:62:83:89:f5:bb:c1:e8:80:f8:f6:
         45:a3:e4:63:58:46:a8:4b:97:52:e0:51:36:f7:25:e3:88:04:
         31:60:e4:ec:07:e5:94:ff:bd:2e:14:f4:bb:58:4c:6b:9a:78:
         e4:91:d7:77:7d:6a:56:f5:4f:eb:f0:93:b6:82:78:3e:22:88:
         5a:e9:ef:2f:78:67:8a:da:00:cb:b1:13:5b:b9:a3:af:f0:ad:
         62:ed:d5:45:49:1f:ae:ce:9c:6e:dc:9f:99:1e:1d:14:d1:d9:
         82:53:a6:c9:be:ba:38:56:1c:db:fd:a2:d9:2a:ca:2b:e8:7c:
         af:e5:82:e9:f4:0b:1b:c4:30:fb:24:34:f4:93:24:cc:7a:71:
         6c:c5:7d:7e:a9:38:f8:f0:6a:5d:36:67:3d:de:1d:f3:5f:d3:
         6d:bb:e4:3d:20:07:eb:8a:53:18:f3:ee:4f:60:1b:9a:3a:19:
         85:77:2f:ff:b3:1b:c7:f5:9c:32:a9:0b:10:cb:75:9f:44:e6:
         da:e6:b3:e6:bd:1e:94:c3:8a:52:7c:d3:e6:49:ab:12:6a:0a:
         92:15:6a:d4:3b:4c:09:c1:dc:25:08:25:19:6d:91:b1:8d:d6:
         72:25:2d:a5:b1:de:c8:00:46:c5:2e:8b:07:3e:a0:3a:e0:8d:
         88:8e:8a:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87dvd70ghEWCmNarJBdQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjYwMTAyMDQxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE3YmY4MGMzNTIxOGI2Mjk4ZWYwZTQ2YjdjY2E5NGZmOTJkZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzme8D+nrHcCZZlSG0u2ubXl6Osyr
Ot44exJcBtwhc3znDhpYm7s1KfvSI7ALplZ0+nik1z8r/liRYpf15omEzrpctHcy
E7Y3/B163O/YGdy1nN7LK+5XftcPFC9OyeVX1ccNsbk+3xu2OU8IT1OmcZiIZ2uI
OgL8KnI41AzG1vgIiwOuTAmuNnAUa4WbIs6Mr/zV8xkVEti1teKej/iWCyrqVKSV
FYV6ZndigpM8hP0bKVPsiSO2qZyJZCE4EXQGFv+Tn2tZ83PaBm63Q4sE4b6HPgPX
jleBSECaZK81tO+eRL0M4XD007bsABfIVmE2OmJfOCSIcLs3NwM94/7OsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGWnv4DDUhi2KY7w5Gt8ypT/kt4UMB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvWmFlX2dNTlNHTFlwanZEa2EzektsUC1TM2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgdtQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB0+gCG4kuxKmKDifW7weiA+PZFo+RjWEaoS5dS
4FE29yXjiAQxYOTsB+WU/70uFPS7WExrmnjkkdd3fWpW9U/r8JO2gng+Ioha6e8v
eGeK2gDLsRNbuaOv8K1i7dVFSR+uzpxu3J+ZHh0U0dmCU6bJvro4Vhzb/aLZKsor
6Hyv5YLp9AsbxDD7JDT0kyTMenFsxX1+qTj48GpdNmc93h3zX9Ntu+Q9IAfrilMY
8+5PYBuaOhmFdy//sxvH9ZwyqQsQy3WfROba5rPmvR6Uw4pSfNPmSasSagqSFWrU
O0wJwdwlCCUZbZGxjdZyJS2lsd7IAEbFLosHPqA64I2Ijoom
-----END CERTIFICATE-----