This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/0HKg8uH6cdYkhCmod68CGVyEJVY.roa
File:                     0HKg8uH6cdYkhCmod68CGVyEJVY.roa (raw, json)
Hash identifier:          nHekJ9B0E/EBXFK9sjaa2GSBNkwPlvZK9aL2VrpgqLc=
Subject key identifier:   D0:72:A0:F2:E1:FA:71:D6:24:84:29:A8:77:AF:02:19:5C:84:25:56
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       019B7E37972AF5E8D89F5FDDD13AB6B50813
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/0HKg8uH6cdYkhCmod68CGVyEJVY.roa
Signing time:             Fri 02 Jan 2026 10:18:50 +0000
ROA not before:           Fri 02 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42474
IP address blocks:        2a06:dd01::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:97:2a:f5:e8:d8:9f:5f:dd:d1:3a:b6:b5:08:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jan  2 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d072a0f2e1fa71d6248429a877af02195c842556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3b:8b:20:17:67:aa:7c:63:31:c4:59:5e:3e:
                    03:6e:e1:2c:9e:d0:1d:bc:e5:94:8c:3d:84:92:ec:
                    6d:4b:b4:d2:36:97:4c:6a:39:69:43:78:6b:04:ba:
                    29:e0:6c:0b:7a:dd:02:a0:d3:66:cf:c8:59:d3:b5:
                    61:0a:fd:ff:f8:58:7b:8e:e0:fe:0c:95:bb:a8:72:
                    77:8c:00:f4:b6:25:8a:7e:e2:d6:e3:4b:a0:1c:a7:
                    46:b3:b6:36:f7:b3:2a:36:51:22:5c:8f:7e:17:e8:
                    14:09:1a:07:3d:69:0c:85:c5:6d:19:69:90:26:51:
                    3f:6d:cd:97:e8:66:bf:ee:8d:2c:d8:4a:e7:0e:2f:
                    d9:2b:c7:32:1d:57:83:bb:31:e6:af:30:ab:c6:98:
                    6b:5d:e5:72:12:39:99:02:57:7e:d5:d7:a9:16:c0:
                    77:32:f8:3c:1e:8a:38:b5:4e:44:d9:7d:3c:6b:c4:
                    89:48:7a:4f:f5:1c:c0:8d:fb:5f:2e:de:75:78:72:
                    df:23:2e:e8:03:b9:52:12:f3:9e:fc:24:67:49:24:
                    af:79:06:c8:70:0b:56:25:1e:7b:35:d6:28:d7:bd:
                    40:a0:08:fb:bf:c3:ea:39:b6:f0:d3:4d:e5:e1:25:
                    32:df:6b:a9:8d:28:b9:de:6b:a6:36:d6:ef:c1:5a:
                    fd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:72:A0:F2:E1:FA:71:D6:24:84:29:A8:77:AF:02:19:5C:84:25:56
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/0HKg8uH6cdYkhCmod68CGVyEJVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:dd01::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:ee:d9:3d:69:cf:85:0f:7b:33:d7:f6:e4:64:c9:17:e9:8f:
         1e:61:ec:47:e4:f5:dc:50:59:b3:ab:85:67:b5:f5:f0:1b:d6:
         3d:7f:02:ed:02:da:c8:f7:37:d3:33:05:7a:cc:3f:71:aa:1e:
         a6:81:1b:1a:7d:d5:8a:7d:e4:d9:2a:33:76:98:f3:d2:f2:98:
         9e:a5:a0:ce:af:de:7d:00:f8:2d:ef:b7:a0:a5:cc:16:1e:b2:
         79:dd:85:f2:61:45:04:4e:93:fa:be:98:1e:03:b3:a7:36:2f:
         34:03:17:34:bd:0e:e6:75:46:c5:68:78:16:df:22:c5:e1:bc:
         4c:d5:cc:a6:e9:bb:aa:d7:0d:64:67:5e:06:10:f1:35:5e:4c:
         8a:60:9b:70:91:ad:ef:90:44:8b:95:cb:85:0c:f4:32:60:79:
         46:96:9e:ca:3d:64:f5:a5:64:c4:6b:e1:8b:35:3d:c4:1e:d1:
         58:a8:bd:c2:10:64:6a:c9:30:53:80:c1:4d:16:af:55:c2:9a:
         a7:7f:e6:3e:83:21:94:9b:9c:f3:63:d8:06:c4:f7:94:db:cc:
         34:e2:f1:14:51:0c:d9:1b:06:19:27:5d:99:d2:1e:d0:27:ee:
         60:f9:6a:ac:7b:9b:62:f3:14:aa:2b:92:e9:6f:77:05:d3:5b:
         41:d7:4a:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+N5cq9ejYn1/d0Tq2tQgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjYwMTAyMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDcyYTBmMmUxZmE3MWQ2MjQ4NDI5YTg3N2FmMDIxOTVjODQyNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzuLIBdnqnxjMcRZXj4DbuEsntAd
vOWUjD2EkuxtS7TSNpdMajlpQ3hrBLop4GwLet0CoNNmz8hZ07VhCv3/+Fh7juD+
DJW7qHJ3jAD0tiWKfuLW40ugHKdGs7Y297MqNlEiXI9+F+gUCRoHPWkMhcVtGWmQ
JlE/bc2X6Ga/7o0s2ErnDi/ZK8cyHVeDuzHmrzCrxphrXeVyEjmZAld+1depFsB3
Mvg8Hoo4tU5E2X08a8SJSHpP9RzAjftfLt51eHLfIy7oA7lSEvOe/CRnSSSveQbI
cAtWJR57NdYo171AoAj7v8PqObbw003l4SUy32upjSi53mumNtbvwVr9SQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNByoPLh+nHWJIQpqHevAhlchCVWMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvMEhLZzh1SDZjZFlraENtb2Q2OENHVnlFSlZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbdATAN
BgkqhkiG9w0BAQsFAAOCAQEAgu7ZPWnPhQ97M9f25GTJF+mPHmHsR+T13FBZs6uF
Z7X18BvWPX8C7QLayPc30zMFesw/caoepoEbGn3Vin3k2Sozdpjz0vKYnqWgzq/e
fQD4Le+3oKXMFh6yed2F8mFFBE6T+r6YHgOzpzYvNAMXNL0O5nVGxWh4Ft8ixeG8
TNXMpum7qtcNZGdeBhDxNV5MimCbcJGt75BEi5XLhQz0MmB5Rpaeyj1k9aVkxGvh
izU9xB7RWKi9whBkaskwU4DBTRavVcKap3/mPoMhlJuc82PYBsT3lNvMNOLxFFEM
2RsGGSddmdIe0CfuYPlqrHubYvMUqiuS6W93BdNbQddK8w==
-----END CERTIFICATE-----