This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/pfH2GwBcvDoKyHCIT0cM2iz_ms0.roa
File:                     pfH2GwBcvDoKyHCIT0cM2iz_ms0.roa (raw, json)
Hash identifier:          Mm7/tRb+RTedsr3+m2DHJUxAaM0FcO0MUgT9eZ4XDVI=
Subject key identifier:   A5:F1:F6:1B:00:5C:BC:3A:0A:C8:70:88:4F:47:0C:DA:2C:FF:9A:CD
Certificate issuer:       /CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
Certificate serial:       019B7CEDC58EA9F826A865634265B61090B7
Authority key identifier: 53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/pfH2GwBcvDoKyHCIT0cM2iz_ms0.roa
Signing time:             Fri 02 Jan 2026 04:18:35 +0000
ROA not before:           Fri 02 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203647
IP address blocks:        2a12:e340::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:c5:8e:a9:f8:26:a8:65:63:42:65:b6:10:90:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
        Validity
            Not Before: Jan  2 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5f1f61b005cbc3a0ac870884f470cda2cff9acd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:31:7b:73:08:44:b5:e0:9d:bb:2d:41:a7:08:
                    11:b1:82:46:e4:69:c7:80:1c:14:bc:c0:4a:00:7b:
                    d5:62:d7:34:06:ee:55:49:80:56:b0:d8:b6:ac:09:
                    98:79:a4:14:e7:9d:77:14:fc:b5:90:66:ae:78:73:
                    7c:92:65:44:17:97:dc:c2:00:ff:9e:23:32:c9:5c:
                    00:1a:b7:21:c7:7a:44:a4:c9:da:42:ea:67:ce:99:
                    24:48:92:72:98:71:6e:b2:8d:8a:da:64:42:df:ab:
                    66:dd:b3:70:0e:22:6c:67:6f:ba:44:18:77:19:cd:
                    11:01:57:bc:cb:8c:c9:da:fd:8f:c1:00:a3:51:ac:
                    4a:55:bd:cf:92:88:76:2c:34:02:6c:67:ca:31:ef:
                    0d:cf:5b:22:6e:30:88:b9:42:2c:13:c0:32:4d:76:
                    47:53:d0:18:e7:36:58:03:fb:23:65:37:4b:50:c9:
                    6f:e6:45:dc:45:a3:4c:94:01:31:04:ae:69:05:01:
                    b8:a1:57:a2:f6:fc:af:01:c7:32:b9:da:57:18:85:
                    a0:d0:a5:c7:11:1a:12:f4:ed:38:37:a7:c9:ce:12:
                    db:72:41:2e:68:e2:ab:59:e2:d6:d8:88:ed:f6:08:
                    19:18:7a:3f:93:02:0e:15:60:75:4c:4c:a3:eb:23:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F1:F6:1B:00:5C:BC:3A:0A:C8:70:88:4F:47:0C:DA:2C:FF:9A:CD
            X509v3 Authority Key Identifier:
                keyid:53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/pfH2GwBcvDoKyHCIT0cM2iz_ms0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e340::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:6a:4d:33:72:c6:ea:37:29:c2:c7:5b:bc:85:9c:90:f6:fe:
         3c:29:8d:32:89:21:68:0f:49:ae:f2:c2:be:ea:c4:ba:94:d4:
         19:92:af:52:e9:b9:5e:b3:f8:50:65:6f:7f:6d:9f:b8:7b:e9:
         e9:31:45:9c:0b:91:3f:d1:7c:50:8e:9a:3b:f3:72:21:22:25:
         a4:a2:4e:63:47:17:19:42:db:5e:2a:d6:c6:56:d7:da:05:15:
         66:41:5a:0f:cf:17:a3:b1:89:1c:01:29:a0:41:c2:1d:62:19:
         f3:37:2d:44:27:63:3f:e5:d6:74:62:7d:e5:4b:cf:07:99:ed:
         5f:d2:e9:66:24:6a:66:16:45:4f:c7:a9:4c:a6:6c:b8:15:6a:
         08:5e:28:9a:24:2f:58:a4:e2:35:00:29:ca:d2:e3:50:a1:e7:
         e3:ae:1b:e1:7d:85:41:cd:ab:65:dd:95:89:b0:73:63:5a:3e:
         b1:08:66:a3:f3:7b:39:ba:39:31:d6:f4:f5:e4:d9:61:dc:38:
         ef:ef:d5:86:d1:8c:ce:7a:36:88:61:8b:6a:a6:6b:37:7e:92:
         e7:60:f1:49:2a:fb:69:ec:5e:cb:df:eb:39:39:63:a9:22:30:
         f8:a0:ce:92:7a:0c:fc:36:bc:5c:e1:e6:73:8e:82:06:9f:eb:
         f3:ed:fb:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt87cWOqfgmqGVjQmW2EJC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzM1Y2E4M2ZjZGY3MWIyNDRlZDgwM2FjNDY4ZTE0NTNk
ODI2OGYwHhcNMjYwMTAyMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWYxZjYxYjAwNWNiYzNhMGFjODcwODg0ZjQ3MGNkYTJjZmY5YWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDF7cwhEteCduy1BpwgRsYJG5GnH
gBwUvMBKAHvVYtc0Bu5VSYBWsNi2rAmYeaQU5513FPy1kGaueHN8kmVEF5fcwgD/
niMyyVwAGrchx3pEpMnaQupnzpkkSJJymHFuso2K2mRC36tm3bNwDiJsZ2+6RBh3
Gc0RAVe8y4zJ2v2PwQCjUaxKVb3Pkoh2LDQCbGfKMe8Nz1sibjCIuUIsE8AyTXZH
U9AY5zZYA/sjZTdLUMlv5kXcRaNMlAExBK5pBQG4oVei9vyvAccyudpXGIWg0KXH
ERoS9O04N6fJzhLbckEuaOKrWeLW2Ijt9ggZGHo/kwIOFWB1TEyj6yNNvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKXx9hsAXLw6CshwiE9HDNos/5rNMB8GA1UdIwQY
MBaAFFPDXKg/zfcbJE7YA6xGjhRT2CaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQt
NDExYTI3MTIxNjRkLzEvcGZIMkd3QmN2RG9LeUhDSVQwY00yaXpfbXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQtNDExYTI3MTIxNjRk
LzEvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLjQDAN
BgkqhkiG9w0BAQsFAAOCAQEABWpNM3LG6jcpwsdbvIWckPb+PCmNMokhaA9JrvLC
vurEupTUGZKvUum5XrP4UGVvf22fuHvp6TFFnAuRP9F8UI6aO/NyISIlpKJOY0cX
GULbXirWxlbX2gUVZkFaD88Xo7GJHAEpoEHCHWIZ8zctRCdjP+XWdGJ95UvPB5nt
X9LpZiRqZhZFT8epTKZsuBVqCF4omiQvWKTiNQApytLjUKHn464b4X2FQc2rZd2V
ibBzY1o+sQhmo/N7Obo5Mdb09eTZYdw47+/VhtGMzno2iGGLaqZrN36S52DxSSr7
aexey9/rOTljqSIw+KDOknoM/Da8XOHmc46CBp/r8+374A==
-----END CERTIFICATE-----