This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/QOx2LcItYAde8Bu7yyYezAd_b5U.roa
File:                     QOx2LcItYAde8Bu7yyYezAd_b5U.roa (raw, json)
Hash identifier:          recLbl2iES5/0aXRvjtkzbHI5bXaE/LjpnXC8P4lC98=
Subject key identifier:   40:EC:76:2D:C2:2D:60:07:5E:F0:1B:BB:CB:26:1E:CC:07:7F:6F:95
Certificate issuer:       /CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
Certificate serial:       019B7A5B897304669192AD4C2E85E2DDC759
Authority key identifier: BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/QOx2LcItYAde8Bu7yyYezAd_b5U.roa
Signing time:             Thu 01 Jan 2026 16:19:37 +0000
ROA not before:           Thu 01 Jan 2026 16:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207893
IP address blocks:        2a0f:ec80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:89:73:04:66:91:92:ad:4c:2e:85:e2:dd:c7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
        Validity
            Not Before: Jan  1 16:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40ec762dc22d60075ef01bbbcb261ecc077f6f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4f:84:30:7e:bc:bc:b8:0e:f5:d1:90:c4:cd:
                    72:bf:a6:7e:8e:9d:6b:34:66:76:8b:13:49:39:d4:
                    43:b0:a1:f1:89:2f:25:1e:f4:19:94:f5:16:61:21:
                    63:f5:b4:5f:f2:44:06:f2:2d:15:a8:1b:73:77:3f:
                    d8:d5:35:21:da:d5:fd:44:04:f1:c2:94:d3:fc:0a:
                    0e:a2:a4:84:07:bd:54:f7:52:2d:aa:78:a6:2b:69:
                    e6:23:3f:b3:af:1d:b6:9b:bf:2c:78:56:e7:25:c6:
                    22:56:60:02:1f:69:5b:be:4a:38:97:40:35:68:5e:
                    59:36:b1:e3:ad:39:f2:d2:c7:59:25:a3:7e:6f:73:
                    d1:ac:6a:ce:fe:2f:2e:fe:0c:1b:83:f6:4c:a7:8d:
                    9d:f0:a0:7b:41:7f:2b:72:a8:55:b3:a1:7b:4c:eb:
                    b2:ae:11:44:5b:53:00:26:5e:4b:c3:86:f7:f5:7f:
                    bf:5d:3f:5d:3a:9f:f5:06:7b:ad:cd:11:aa:c0:51:
                    56:19:67:88:2f:de:10:29:f2:fe:1c:f1:e1:f5:db:
                    e8:fa:90:4a:e9:a4:97:20:bb:66:ad:89:3c:2f:39:
                    dc:13:a5:70:6a:8b:14:b9:35:1e:9d:a6:09:c2:40:
                    ee:0d:4d:e0:d7:f6:ec:76:bf:ff:f3:01:c7:7c:00:
                    72:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EC:76:2D:C2:2D:60:07:5E:F0:1B:BB:CB:26:1E:CC:07:7F:6F:95
            X509v3 Authority Key Identifier:
                keyid:BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/QOx2LcItYAde8Bu7yyYezAd_b5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ec80::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:87:5e:77:aa:5a:24:06:ce:a9:36:a9:41:72:89:7a:c7:23:
         49:08:40:88:82:6d:d8:c4:dc:7d:63:09:d5:20:9b:d7:3e:45:
         3b:41:d7:2a:ce:15:f1:88:68:23:d5:4a:26:87:6f:f8:30:0f:
         7d:12:42:db:8c:e6:ef:2f:a7:08:f9:dd:13:16:c7:47:19:24:
         d9:1f:1f:db:8c:c5:29:69:7f:ae:4d:46:ba:0c:b7:4a:a1:88:
         e7:40:c1:c4:01:3f:03:2c:ce:9d:39:aa:70:9a:cc:ce:0d:7b:
         5d:10:27:13:50:45:c7:87:5c:d8:f3:65:18:f0:cf:da:f0:97:
         ba:d1:09:c9:67:da:d5:65:c4:48:60:1f:53:2b:49:24:60:63:
         7b:0e:5f:59:c5:bf:e4:37:de:bf:67:f5:e7:a0:67:d4:f7:07:
         6b:5b:f3:48:21:cd:57:32:75:2c:da:9d:81:8d:5d:75:ec:29:
         5b:04:08:d3:16:19:3c:e5:6b:cf:c9:41:50:29:3d:f0:a6:a3:
         1f:7b:72:a9:73:09:93:05:6d:65:f6:0a:a6:53:b8:b8:3b:32:
         d7:e3:04:e8:84:6b:1c:b2:5d:63:29:4a:6d:ba:f8:f3:b2:9d:
         77:75:77:56:47:cd:c6:ad:e9:3e:ff:e1:46:7b:f8:c6:58:b9:
         28:eb:55:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6W4lzBGaRkq1MLoXi3cdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjViNGJhNGQ3ODY5ZDVjYjhmOTU3NGYwZjRmZWVlNzBl
YmM2YzUwHhcNMjYwMTAxMTYxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVjNzYyZGMyMmQ2MDA3NWVmMDFiYmJjYjI2MWVjYzA3N2Y2Zjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE+EMH68vLgO9dGQxM1yv6Z+jp1r
NGZ2ixNJOdRDsKHxiS8lHvQZlPUWYSFj9bRf8kQG8i0VqBtzdz/Y1TUh2tX9RATx
wpTT/AoOoqSEB71U91ItqnimK2nmIz+zrx22m78seFbnJcYiVmACH2lbvko4l0A1
aF5ZNrHjrTny0sdZJaN+b3PRrGrO/i8u/gwbg/ZMp42d8KB7QX8rcqhVs6F7TOuy
rhFEW1MAJl5Lw4b39X+/XT9dOp/1BnutzRGqwFFWGWeIL94QKfL+HPHh9dvo+pBK
6aSXILtmrYk8LzncE6VwaosUuTUenaYJwkDuDU3g1/bsdr//8wHHfAByKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEDsdi3CLWAHXvAbu8smHswHf2+VMB8GA1UdIwQY
MBaAFLxltLpNeGnVy4+VdPD0/u5w68bFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2Qt
ZjllN2NiMDNjNTI3LzEvUU94MkxjSXRZQWRlOEJ1N3l5WWV6QWRfYjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2QtZjllN2NiMDNjNTI3
LzEvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/sgDAN
BgkqhkiG9w0BAQsFAAOCAQEAgoded6paJAbOqTapQXKJescjSQhAiIJt2MTcfWMJ
1SCb1z5FO0HXKs4V8YhoI9VKJodv+DAPfRJC24zm7y+nCPndExbHRxkk2R8f24zF
KWl/rk1Gugy3SqGI50DBxAE/AyzOnTmqcJrMzg17XRAnE1BFx4dc2PNlGPDP2vCX
utEJyWfa1WXESGAfUytJJGBjew5fWcW/5Dfev2f156Bn1PcHa1vzSCHNVzJ1LNqd
gY1ddewpWwQI0xYZPOVrz8lBUCk98KajH3tyqXMJkwVtZfYKplO4uDsy1+ME6IRr
HLJdYylKbbr487Kdd3V3VkfNxq3pPv/hRnv4xli5KOtVQw==
-----END CERTIFICATE-----