This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6l7uEXF7WRqDya2yrBsOPLK2834.roa
File:                     6l7uEXF7WRqDya2yrBsOPLK2834.roa (raw, json)
Hash identifier:          36bIgrD7TZww55q+aa83SaExHnqOumzetlhZkegCJWg=
Subject key identifier:   EA:5E:EE:11:71:7B:59:1A:83:C9:AD:B2:AC:1B:0E:3C:B2:B6:F3:7E
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       019B7758EF5F609FF088A4FF818A0A9B0C95
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6l7uEXF7WRqDya2yrBsOPLK2834.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212000
IP address blocks:        2a0f:5707:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ef:5f:60:9f:f0:88:a4:ff:81:8a:0a:9b:0c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea5eee11717b591a83c9adb2ac1b0e3cb2b6f37e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fc:b5:de:33:3f:eb:a2:be:b4:0f:42:21:e1:
                    3e:02:9a:b8:b7:c4:6c:8b:71:26:76:5d:35:c9:a4:
                    02:96:32:e1:d9:fc:1d:54:a8:56:7a:66:c2:56:0d:
                    0d:60:3f:76:56:92:8c:8d:a3:86:73:41:73:7c:3d:
                    20:de:3e:29:38:bc:d5:a4:21:7e:e6:bd:ea:0e:20:
                    73:c4:8a:80:b2:30:bd:98:15:01:28:c3:73:17:c7:
                    e5:e5:cc:4e:ea:a8:68:8c:3e:7e:5b:f3:b0:1a:eb:
                    49:50:f3:9d:32:a0:57:2a:96:8a:3f:1f:f9:24:2c:
                    a1:a2:e0:92:be:f5:e8:1a:e1:36:bd:73:93:ba:72:
                    44:bb:58:10:2d:d9:db:73:ae:93:0f:65:2e:69:eb:
                    7f:23:d5:4e:d7:8d:a4:dd:f7:27:20:d8:9b:04:c2:
                    8f:36:73:4d:57:3d:07:45:0f:f8:2b:56:7b:60:3c:
                    b4:1d:10:da:0f:b9:91:a4:49:5c:2f:74:d4:0f:6d:
                    1b:24:84:44:a3:84:bd:ab:44:51:ef:2c:17:0d:01:
                    53:7f:fe:8f:e4:60:b0:86:db:b5:b5:fa:0e:75:50:
                    a0:12:2f:f2:9b:1c:07:d9:4e:31:73:2c:c1:fd:8c:
                    4f:a8:d0:0c:82:d4:54:0f:1d:5e:d7:6f:16:ee:03:
                    8a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:5E:EE:11:71:7B:59:1A:83:C9:AD:B2:AC:1B:0E:3C:B2:B6:F3:7E
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6l7uEXF7WRqDya2yrBsOPLK2834.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:8a:75:6c:7a:ff:6f:06:65:1b:71:d9:a0:db:40:0e:d3:46:
         55:8a:cf:71:0d:8a:8b:13:59:5c:f0:a6:1f:cd:3b:7c:4c:eb:
         35:78:c7:ab:e7:3a:5e:98:69:78:ee:81:e4:39:04:c6:2b:aa:
         3a:48:c4:64:55:b5:d4:e9:9d:b6:a7:26:3b:0a:c4:ba:22:f0:
         b1:7d:5c:44:e4:a6:77:b3:03:60:6f:f4:66:59:90:c3:ee:e4:
         24:eb:97:59:d7:ef:6c:5e:1d:99:a1:9c:30:c1:32:a7:6a:32:
         2e:7c:af:50:fb:0d:8d:ab:19:9c:f4:5c:d3:e7:37:38:c8:53:
         f9:f7:ba:7a:dc:92:ec:ab:d1:b5:90:26:ee:07:78:fc:f3:ec:
         c7:4f:dd:0a:5d:e2:34:7b:3b:07:0a:00:27:c0:de:b5:79:30:
         a2:17:78:4f:77:34:d1:a5:fd:df:57:16:88:80:cc:5e:b6:84:
         d4:a0:49:0d:bf:8b:46:a0:6d:8f:3f:92:46:b4:72:7e:9f:5f:
         f8:d7:03:e6:d6:e8:9a:a7:7d:b0:78:31:b1:1e:6a:05:41:de:
         0e:b1:88:2b:ca:27:5c:f8:2a:54:e8:a4:64:ff:1f:99:31:11:
         0a:d7:19:04:cf:8a:0e:5d:2d:a5:76:c9:76:bb:f6:74:e4:af:
         99:d5:ae:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WO9fYJ/wiKT/gYoKmwyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTVlZWUxMTcxN2I1OTFhODNjOWFkYjJhYzFiMGUzY2IyYjZmMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/y13jM/66K+tA9CIeE+Apq4t8Rs
i3Emdl01yaQCljLh2fwdVKhWembCVg0NYD92VpKMjaOGc0FzfD0g3j4pOLzVpCF+
5r3qDiBzxIqAsjC9mBUBKMNzF8fl5cxO6qhojD5+W/OwGutJUPOdMqBXKpaKPx/5
JCyhouCSvvXoGuE2vXOTunJEu1gQLdnbc66TD2Uuaet/I9VO142k3fcnINibBMKP
NnNNVz0HRQ/4K1Z7YDy0HRDaD7mRpElcL3TUD20bJIREo4S9q0RR7ywXDQFTf/6P
5GCwhtu1tfoOdVCgEi/ymxwH2U4xcyzB/YxPqNAMgtRUDx1e128W7gOKbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOpe7hFxe1kag8mtsqwbDjyytvN+MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvNmw3dUVYRjdXUnFEeWEyeXJCc09QTEsyODM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XBwAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB2inVsev9vBmUbcdmg20AO00ZVis9xDYqLE1lc
8KYfzTt8TOs1eMer5zpemGl47oHkOQTGK6o6SMRkVbXU6Z22pyY7CsS6IvCxfVxE
5KZ3swNgb/RmWZDD7uQk65dZ1+9sXh2ZoZwwwTKnajIufK9Q+w2Nqxmc9FzT5zc4
yFP597p63JLsq9G1kCbuB3j88+zHT90KXeI0ezsHCgAnwN61eTCiF3hPdzTRpf3f
VxaIgMxetoTUoEkNv4tGoG2PP5JGtHJ+n1/41wPm1uiap32weDGxHmoFQd4OsYgr
yidc+CpU6KRk/x+ZMREK1xkEz4oOXS2ldsl2u/Z05K+Z1a5L
-----END CERTIFICATE-----