This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/On2nk-aByUGs4ZA6emj31XEJdso.roa
File:                     On2nk-aByUGs4ZA6emj31XEJdso.roa (raw, json)
Hash identifier:          DD3HadfYy5dPFXQsNsDN3ezTTc4+paMyIyZQDpChk8M=
Subject key identifier:   3A:7D:A7:93:E6:81:C9:41:AC:E1:90:3A:7A:68:F7:D5:71:09:76:CA
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       019B78A2BCADE49546377F43220782B975D8
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/On2nk-aByUGs4ZA6emj31XEJdso.roa
Signing time:             Thu 01 Jan 2026 08:18:09 +0000
ROA not before:           Thu 01 Jan 2026 08:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201078
IP address blocks:        2a07:7940:49::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:bc:ad:e4:95:46:37:7f:43:22:07:82:b9:75:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Jan  1 08:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a7da793e681c941ace1903a7a68f7d5710976ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ef:1d:54:c0:cf:cb:25:22:12:c8:a5:90:1a:
                    20:bf:f2:7a:57:94:5b:21:ad:e9:8e:43:95:32:39:
                    75:b4:3f:1b:b6:24:9b:63:bc:77:8e:ce:98:06:ed:
                    f2:d2:fd:cf:e8:d2:2e:81:c1:59:f2:39:bc:17:70:
                    b9:a1:cf:2d:e9:96:27:a5:1b:7f:41:1d:d0:5f:d4:
                    67:b1:14:35:f6:f3:49:94:04:4c:74:33:82:41:4b:
                    67:29:88:d3:96:22:d6:16:99:02:be:43:94:f9:7d:
                    1f:e9:38:59:0e:79:2c:23:47:05:e4:4b:31:21:ea:
                    70:1e:7e:bd:61:8e:40:01:f4:ff:5c:62:0c:4f:da:
                    fe:16:8c:bc:ad:68:e9:87:45:11:0b:91:a4:11:dc:
                    24:5a:fe:aa:63:5f:6d:0e:6c:1d:45:24:a8:28:ef:
                    fb:e0:a9:a3:53:52:0f:ee:2f:c4:6c:96:a9:63:c8:
                    13:13:60:da:79:e8:a4:f0:8e:69:a5:d1:14:d7:db:
                    6c:95:a1:2a:a3:81:32:d2:b7:0b:23:7d:78:b4:b0:
                    dd:a4:aa:f9:2c:31:bf:48:85:0b:f5:28:2f:da:36:
                    8e:75:f2:76:5b:03:42:d1:1d:69:a7:84:fa:29:0f:
                    e4:c1:c6:57:15:99:9a:92:27:cc:74:f1:81:40:28:
                    e8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7D:A7:93:E6:81:C9:41:AC:E1:90:3A:7A:68:F7:D5:71:09:76:CA
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/On2nk-aByUGs4ZA6emj31XEJdso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7940:49::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:e4:7e:55:4b:62:ca:6a:f9:82:f5:26:0e:77:a4:9d:ee:3f:
         34:93:e8:3c:25:56:13:0e:76:8c:d3:39:7c:d9:e1:ec:6a:f1:
         d8:64:1e:53:1d:70:ea:e8:6f:09:df:11:af:d3:1b:eb:43:d2:
         49:d3:b1:7e:8b:e3:35:ad:da:7f:ae:2d:f8:71:a3:9f:6c:da:
         a7:47:49:a9:d1:22:c3:39:0d:f5:c7:94:3d:52:35:f9:20:f0:
         21:e4:72:b5:3c:d5:c8:a6:c8:78:f2:f8:32:c4:d2:05:43:ca:
         9b:25:96:f9:2e:99:23:0c:28:34:e3:3c:4b:25:61:9c:4b:03:
         01:70:31:2f:3c:fd:56:c2:e3:29:9d:d9:ce:b3:90:c1:57:0d:
         ec:0d:f7:a6:36:11:77:d5:27:a8:79:5c:32:8e:9a:82:ee:a6:
         aa:dc:91:ce:10:b1:68:2c:bc:30:d5:08:88:24:7e:3d:ad:86:
         45:a9:1a:d4:1d:7f:3f:88:08:47:d3:e8:4c:9e:f1:76:7a:20:
         63:9f:f7:18:5e:8e:3c:9a:4f:84:1a:6f:25:d0:17:ff:c7:67:
         52:d6:52:b3:ff:7a:84:7e:8f:1c:ba:44:ce:83:92:19:30:43:
         b7:13:16:79:0a:fa:51:75:45:4b:5a:9f:7d:8d:5d:d2:d1:16:
         15:d4:1c:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4oryt5JVGN39DIgeCuXXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjYwMTAxMDgxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdkYTc5M2U2ODFjOTQxYWNlMTkwM2E3YTY4ZjdkNTcxMDk3NmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu8dVMDPyyUiEsilkBogv/J6V5Rb
Ia3pjkOVMjl1tD8btiSbY7x3js6YBu3y0v3P6NIugcFZ8jm8F3C5oc8t6ZYnpRt/
QR3QX9RnsRQ19vNJlARMdDOCQUtnKYjTliLWFpkCvkOU+X0f6ThZDnksI0cF5Esx
IepwHn69YY5AAfT/XGIMT9r+Foy8rWjph0URC5GkEdwkWv6qY19tDmwdRSSoKO/7
4KmjU1IP7i/EbJapY8gTE2Daeeik8I5ppdEU19tslaEqo4Ey0rcLI314tLDdpKr5
LDG/SIUL9Sgv2jaOdfJ2WwNC0R1pp4T6KQ/kwcZXFZmakifMdPGBQCjonwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDp9p5PmgclBrOGQOnpo99VxCXbKMB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEvT24ybmstYUJ5VUdzNFpBNmVtajMxWEVKZHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgd5QABJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDD5H5VS2LKavmC9SYOd6Sd7j80k+g8JVYTDnaM
0zl82eHsavHYZB5THXDq6G8J3xGv0xvrQ9JJ07F+i+M1rdp/ri34caOfbNqnR0mp
0SLDOQ31x5Q9UjX5IPAh5HK1PNXIpsh48vgyxNIFQ8qbJZb5LpkjDCg04zxLJWGc
SwMBcDEvPP1WwuMpndnOs5DBVw3sDfemNhF31SeoeVwyjpqC7qaq3JHOELFoLLww
1QiIJH49rYZFqRrUHX8/iAhH0+hMnvF2eiBjn/cYXo48mk+EGm8l0Bf/x2dS1lKz
/3qEfo8cukTOg5IZMEO3ExZ5CvpRdUVLWp99jV3S0RYV1Bwj
-----END CERTIFICATE-----