This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/13x6q0kK4jWtFgTsaQE2IuvYeC0.roa
File:                     13x6q0kK4jWtFgTsaQE2IuvYeC0.roa (raw, json)
Hash identifier:          jOVJU7qUmDkbddDyA5OyhBcSOp8ncmsAOoZ16mvRU1k=
Subject key identifier:   D7:7C:7A:AB:49:0A:E2:35:AD:16:04:EC:69:01:36:22:EB:D8:78:2D
Certificate issuer:       /CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
Certificate serial:       019B7A5AF7B4528A4106BD4598012CC692AB
Authority key identifier: 6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/13x6q0kK4jWtFgTsaQE2IuvYeC0.roa
Signing time:             Thu 01 Jan 2026 16:19:00 +0000
ROA not before:           Thu 01 Jan 2026 16:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208168
IP address blocks:        2a0f:2480::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f7:b4:52:8a:41:06:bd:45:98:01:2c:c6:92:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
        Validity
            Not Before: Jan  1 16:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d77c7aab490ae235ad1604ec69013622ebd8782d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c3:93:52:8d:4a:fd:89:94:b5:ec:7b:5c:ba:
                    b9:a6:75:7c:2d:d6:04:3c:ae:24:d3:cf:ac:c3:38:
                    fc:2d:9e:55:c0:85:22:72:69:4a:3c:96:ab:ed:68:
                    18:95:62:eb:28:69:08:79:b3:42:2c:f4:9d:7d:3d:
                    bb:de:43:7c:e6:00:79:57:5d:a3:b7:fa:c4:82:19:
                    16:e0:b6:73:35:65:71:b3:85:c7:80:17:e7:61:73:
                    71:ac:82:27:68:69:34:dd:d5:60:e2:89:23:97:49:
                    fe:85:df:bb:a6:17:c6:03:a3:c7:c0:48:95:02:09:
                    a4:80:e7:ee:36:fe:7f:a8:78:88:81:4c:45:6b:85:
                    da:f3:17:dd:53:c9:a4:74:78:a9:fb:c3:2d:7d:8b:
                    b5:45:1a:5f:2c:f8:af:0f:46:1e:03:99:18:67:7b:
                    f2:8a:e7:b1:a5:b6:78:f0:f8:46:9b:80:a4:3f:b3:
                    d3:3b:7c:68:27:80:68:18:9e:b2:05:34:df:1b:95:
                    5d:a5:cf:79:a2:2d:3e:b8:70:bc:78:c7:c4:39:c6:
                    39:7f:b6:51:73:59:4c:aa:60:8a:66:a3:9e:06:d1:
                    77:9a:46:7e:73:f4:d1:62:cb:2a:05:24:de:78:3b:
                    6a:07:e3:70:0f:28:e1:62:52:57:09:d9:e8:4a:75:
                    7a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7C:7A:AB:49:0A:E2:35:AD:16:04:EC:69:01:36:22:EB:D8:78:2D
            X509v3 Authority Key Identifier:
                keyid:6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/13x6q0kK4jWtFgTsaQE2IuvYeC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:33:23:07:fa:2f:96:a4:26:8b:13:e4:5a:e4:62:db:e2:12:
         4f:43:66:17:49:17:5a:9d:aa:4b:28:dd:93:ea:b7:7d:12:1f:
         82:e2:e0:55:fe:2c:b7:11:d9:e8:8e:1e:55:92:b0:98:c8:9e:
         ab:ec:c3:49:70:ce:dd:e6:f0:f8:d7:4c:ee:d2:c3:9c:cd:e5:
         58:6f:ea:3c:11:5a:84:30:86:c2:16:fa:6c:45:be:be:dc:6b:
         1d:d6:c8:8c:a6:e4:f3:b4:e1:68:11:8d:ba:e3:77:21:cd:e3:
         dd:e9:68:ec:9e:e5:e4:1e:58:37:98:ac:cc:3b:4f:09:07:ff:
         46:5b:4c:d3:59:ea:4b:10:c9:e4:bf:fe:ac:46:58:5e:f0:c3:
         88:1f:15:81:69:39:8c:17:dc:2b:d0:85:5f:fc:c7:6d:bd:05:
         0c:13:75:5f:d8:a9:75:1b:7d:44:07:09:ca:99:71:8e:6d:52:
         7d:31:36:9b:23:40:4c:15:c4:9c:a5:17:6a:1e:bf:3f:d9:66:
         61:cb:fa:3a:10:5f:d7:91:a3:30:98:69:89:f7:20:68:30:f9:
         63:49:23:41:f1:9b:03:43:24:e8:84:a8:4a:17:90:8d:29:84:
         ef:7f:60:c1:87:ab:48:df:2b:4a:27:e9:83:80:da:e0:4a:c5:
         57:71:56:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6Wve0UopBBr1FmAEsxpKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjliMjRmMmMwODQ3ZDA0MWMxZTY2YTEyZjAxZWFiYTQ3
OGI0ZmMwHhcNMjYwMTAxMTYxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdjN2FhYjQ5MGFlMjM1YWQxNjA0ZWM2OTAxMzYyMmViZDg3ODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cOTUo1K/YmUtex7XLq5pnV8LdYE
PK4k08+swzj8LZ5VwIUicmlKPJar7WgYlWLrKGkIebNCLPSdfT273kN85gB5V12j
t/rEghkW4LZzNWVxs4XHgBfnYXNxrIInaGk03dVg4okjl0n+hd+7phfGA6PHwEiV
AgmkgOfuNv5/qHiIgUxFa4Xa8xfdU8mkdHip+8MtfYu1RRpfLPivD0YeA5kYZ3vy
iuexpbZ48PhGm4CkP7PTO3xoJ4BoGJ6yBTTfG5Vdpc95oi0+uHC8eMfEOcY5f7ZR
c1lMqmCKZqOeBtF3mkZ+c/TRYssqBSTeeDtqB+NwDyjhYlJXCdnoSnV67wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNd8eqtJCuI1rRYE7GkBNiLr2HgtMB8GA1UdIwQY
MBaAFGz5sk8sCEfQQcHmahLwHqukeLT8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWIt
OTQ2ODkyZjg4YmViLzEvMTN4NnEwa0s0ald0RmdUc2FRRTJJdXZZZUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWItOTQ2ODkyZjg4YmVi
LzEvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8kgDAN
BgkqhkiG9w0BAQsFAAOCAQEAcjMjB/ovlqQmixPkWuRi2+IST0NmF0kXWp2qSyjd
k+q3fRIfguLgVf4stxHZ6I4eVZKwmMieq+zDSXDO3ebw+NdM7tLDnM3lWG/qPBFa
hDCGwhb6bEW+vtxrHdbIjKbk87ThaBGNuuN3Ic3j3elo7J7l5B5YN5iszDtPCQf/
RltM01nqSxDJ5L/+rEZYXvDDiB8VgWk5jBfcK9CFX/zHbb0FDBN1X9ipdRt9RAcJ
yplxjm1SfTE2myNATBXEnKUXah6/P9lmYcv6OhBf15GjMJhpifcgaDD5Y0kjQfGb
A0Mk6ISoSheQjSmE739gwYerSN8rSifpg4Da4ErFV3FWqg==
-----END CERTIFICATE-----