This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/hzQ7tMh6oqC5v0mKv_jBU_A9aCw.roa
File:                     hzQ7tMh6oqC5v0mKv_jBU_A9aCw.roa (raw, json)
Hash identifier:          fUyvgz1r/egD8D0UE0/Rhf6tbMxfTD9jAEgan6se/FA=
Subject key identifier:   87:34:3B:B4:C8:7A:A2:A0:B9:BF:49:8A:BF:F8:C1:53:F0:3D:68:2C
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019B7FF2408B18267A590CB10E0B93C1674D
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/hzQ7tMh6oqC5v0mKv_jBU_A9aCw.roa
Signing time:             Fri 02 Jan 2026 18:22:21 +0000
ROA not before:           Fri 02 Jan 2026 18:22:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213169
IP address blocks:        2a0e:da40:3000::/36 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:40:8b:18:26:7a:59:0c:b1:0e:0b:93:c1:67:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 18:22:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87343bb4c87aa2a0b9bf498abff8c153f03d682c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:43:45:31:5c:01:56:2a:ee:7c:32:3f:39:1d:
                    97:0c:aa:03:c8:c6:46:a4:02:e7:30:39:89:be:79:
                    03:53:d1:bc:37:92:e4:a6:99:e6:ed:75:c4:f0:8c:
                    98:1a:de:61:a4:47:8f:72:d7:a0:b3:6a:a1:63:38:
                    62:62:aa:5d:5b:5c:f1:68:44:36:58:6e:5a:b5:d0:
                    58:5c:81:62:07:58:d9:53:d0:89:40:04:27:b7:61:
                    f1:72:a9:54:c7:74:9a:90:05:70:34:a2:57:a4:cd:
                    00:7c:c8:f2:ac:e8:05:51:5b:28:ae:31:13:ab:5a:
                    b5:ba:67:f5:99:7c:b3:da:8c:42:a9:12:b4:6f:90:
                    d1:89:ac:e8:ae:5c:b6:b2:51:68:2c:44:de:ac:c4:
                    b6:d4:75:1f:49:60:17:57:09:87:33:47:18:f5:fd:
                    50:49:8a:e2:5d:cb:9e:08:13:fe:be:84:7c:4a:4f:
                    67:06:bd:d3:f6:da:33:ea:7b:9c:81:02:8a:b2:43:
                    f1:d9:be:e2:95:37:ed:88:e8:8f:ac:2f:00:ac:7f:
                    8b:ca:5b:a3:27:b0:60:f4:20:bf:fa:90:8c:7e:4e:
                    b6:0a:b4:66:d6:51:97:b2:6d:48:1c:66:5a:4b:d5:
                    36:0c:bc:2a:fd:33:5b:64:2a:ac:82:6c:9b:b9:65:
                    b5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:34:3B:B4:C8:7A:A2:A0:B9:BF:49:8A:BF:F8:C1:53:F0:3D:68:2C
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/hzQ7tMh6oqC5v0mKv_jBU_A9aCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         04:b6:81:d6:1e:51:b3:57:ed:3c:42:17:ea:59:b4:ec:1f:c2:
         71:be:06:40:58:cd:38:c5:0b:d8:de:e2:7e:fe:f7:09:c5:cc:
         cb:a3:e8:db:2b:60:11:75:f1:91:a1:1d:df:62:4e:a0:dc:61:
         4d:c9:b7:9b:5f:3f:bf:16:d0:56:d8:a3:1a:60:18:e2:34:a8:
         13:8e:fc:e1:53:b0:bf:f0:fc:33:cf:88:12:0f:29:05:79:31:
         ea:5f:5c:9b:f1:95:c8:c0:ca:a4:52:ab:86:88:3a:da:3b:2d:
         95:25:0b:85:3e:7b:cf:8c:6c:1f:4c:9d:c8:a8:60:67:37:d5:
         70:dd:5c:c7:97:35:da:1a:94:4f:7d:59:35:21:39:59:ef:20:
         0e:bd:0a:f2:10:ad:e1:81:0c:33:5d:fb:3a:b4:87:5e:e9:50:
         aa:9c:f8:ed:11:b0:14:b8:16:7c:45:5c:71:cf:83:8b:8f:a2:
         41:ce:38:da:66:88:83:d8:db:1e:cf:aa:05:56:7f:36:9d:1a:
         8c:ba:dd:27:08:4b:bb:6a:b8:a5:3b:83:b5:40:7c:43:3c:81:
         87:9a:66:03:aa:d0:32:af:41:ef:5e:4e:da:54:3b:67:f0:56:
         a6:53:f0:f1:ad:cd:fd:48:8f:ff:53:9f:06:cd:e1:c0:31:cb:
         40:72:b7:d0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/8kCLGCZ6WQyxDguTwWdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjYwMTAyMTgyMjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM0M2JiNGM4N2FhMmEwYjliZjQ5OGFiZmY4YzE1M2YwM2Q2ODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUNFMVwBVirufDI/OR2XDKoDyMZG
pALnMDmJvnkDU9G8N5Lkppnm7XXE8IyYGt5hpEePctegs2qhYzhiYqpdW1zxaEQ2
WG5atdBYXIFiB1jZU9CJQAQnt2HxcqlUx3SakAVwNKJXpM0AfMjyrOgFUVsorjET
q1q1umf1mXyz2oxCqRK0b5DRiazorly2slFoLETerMS21HUfSWAXVwmHM0cY9f1Q
SYriXcueCBP+voR8Sk9nBr3T9toz6nucgQKKskPx2b7ilTftiOiPrC8ArH+Lyluj
J7Bg9CC/+pCMfk62CrRm1lGXsm1IHGZaS9U2DLwq/TNbZCqsgmybuWW10wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIc0O7TIeqKgub9Jir/4wVPwPWgsMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvaHpRN3RNaDZvcUM1djBtS3ZfakJVX0E5YUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg7aQDAw
DQYJKoZIhvcNAQELBQADggEBAAS2gdYeUbNX7TxCF+pZtOwfwnG+BkBYzTjFC9je
4n7+9wnFzMuj6NsrYBF18ZGhHd9iTqDcYU3Jt5tfP78W0FbYoxpgGOI0qBOO/OFT
sL/w/DPPiBIPKQV5MepfXJvxlcjAyqRSq4aIOto7LZUlC4U+e8+MbB9MncioYGc3
1XDdXMeXNdoalE99WTUhOVnvIA69CvIQreGBDDNd+zq0h17pUKqc+O0RsBS4FnxF
XHHPg4uPokHOONpmiIPY2x7PqgVWfzadGoy63ScIS7tquKU7g7VAfEM8gYeaZgOq
0DKvQe9eTtpUO2fwVqZT8PGtzf1Ij/9TnwbN4cAxy0Byt9A=
-----END CERTIFICATE-----