This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JNMVyTALye_DACPOPwQUjJOe8UI.roa
File:                     JNMVyTALye_DACPOPwQUjJOe8UI.roa (raw, json)
Hash identifier:          eSNG/pLoD0WuAOuLEO3KUrGPA4kEBVedkDk3w5cPeHU=
Subject key identifier:   24:D3:15:C9:30:0B:C9:EF:C3:00:23:CE:3F:04:14:8C:93:9E:F1:42
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EAC16F066DFBA9B82CF483A26B6B9E
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JNMVyTALye_DACPOPwQUjJOe8UI.roa
Signing time:             Thu 01 Jan 2026 00:17:35 +0000
ROA not before:           Thu 01 Jan 2026 00:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58285
IP address blocks:        2a11:f087::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c1:6f:06:6d:fb:a9:b8:2c:f4:83:a2:6b:6b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24d315c9300bc9efc30023ce3f04148c939ef142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:48:8c:ee:65:e6:77:e2:d7:3b:16:58:3b:aa:
                    dd:a5:c0:e8:7c:cb:e1:f0:1e:7e:3d:1d:46:9d:2b:
                    8c:a4:47:5e:4a:94:7e:0a:63:fc:48:19:14:06:8b:
                    27:52:41:ac:ce:30:e7:da:14:97:6c:9d:67:15:48:
                    59:b9:6f:a2:06:d7:89:03:aa:fa:b6:66:7c:00:03:
                    12:e4:dc:d7:ce:ad:46:38:a9:df:33:4a:57:60:3b:
                    88:07:5c:61:04:23:11:0f:28:58:22:2f:a4:e3:99:
                    a0:2a:6e:0b:8a:b4:c0:a4:1a:ef:25:55:92:70:22:
                    a3:80:75:c0:e3:29:a9:e7:78:05:70:bb:6e:84:94:
                    17:30:68:99:f4:08:7d:38:79:a9:cb:db:ed:ac:25:
                    e4:42:83:f5:cf:41:5a:c3:b6:8e:28:88:ce:b4:cc:
                    da:bf:09:e1:7c:6e:73:34:24:5f:0d:32:26:78:83:
                    2f:d9:c0:d2:f7:1a:10:07:b8:48:b6:38:b7:75:65:
                    3a:01:d7:96:39:dc:81:b1:ec:82:07:80:52:1e:26:
                    34:10:d7:4a:8c:f2:c4:f4:4e:66:47:18:79:a2:69:
                    2e:c5:56:f1:5e:28:3d:f5:7c:92:68:8a:91:b5:2a:
                    71:dc:fb:ea:0d:19:4d:2d:7c:04:c3:54:5f:f8:a0:
                    fe:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D3:15:C9:30:0B:C9:EF:C3:00:23:CE:3F:04:14:8C:93:9E:F1:42
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JNMVyTALye_DACPOPwQUjJOe8UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f087::/32

    Signature Algorithm: sha256WithRSAEncryption
         d0:c2:e2:14:b7:86:9d:0b:ed:7a:bb:43:c9:3e:15:72:4c:96:
         5a:fa:a2:3a:45:f6:19:cc:6f:12:1a:f8:7a:aa:b1:aa:31:31:
         69:7a:cb:a4:33:40:98:15:f7:c3:80:f3:a8:4c:30:81:d1:c1:
         e8:50:f6:ba:3f:bb:e8:3a:86:82:68:67:ff:48:54:82:3b:08:
         cf:9c:c3:b5:a7:e0:52:a0:02:3e:13:0b:07:f3:c2:5e:22:e4:
         0e:9a:7b:fd:1e:f3:78:cb:5f:5e:31:99:04:53:4c:92:1c:ba:
         8a:8c:da:c4:d7:c3:3c:74:2d:9c:15:19:26:27:b2:87:f1:bd:
         a8:5b:e5:93:08:a9:fd:98:d7:58:dc:9a:17:98:7d:18:ac:1e:
         08:4a:c5:40:07:88:fc:23:87:c6:7e:bf:b3:dc:ce:e2:1b:d0:
         9e:00:fd:2d:1d:0b:7c:e9:f2:de:6d:aa:c2:82:99:bc:85:7a:
         3e:55:59:12:7a:b5:dd:9f:a1:b5:97:43:5c:9c:19:27:50:b8:
         00:6f:e4:4f:94:a4:5d:8a:ec:1e:62:27:a6:f3:f9:4d:df:d7:
         e9:7d:5b:0a:0e:85:4d:f8:6a:c1:55:53:2c:3b:c8:0c:89:9b:
         37:7b:d3:6c:a4:22:78:d0:19:92:e6:64:a5:0c:a9:5c:7d:14:
         35:55:1d:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt26sFvBm37qbgs9IOia2ueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQzMTVjOTMwMGJjOWVmYzMwMDIzY2UzZjA0MTQ4YzkzOWVmMTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0iM7mXmd+LXOxZYO6rdpcDofMvh
8B5+PR1GnSuMpEdeSpR+CmP8SBkUBosnUkGszjDn2hSXbJ1nFUhZuW+iBteJA6r6
tmZ8AAMS5NzXzq1GOKnfM0pXYDuIB1xhBCMRDyhYIi+k45mgKm4LirTApBrvJVWS
cCKjgHXA4ymp53gFcLtuhJQXMGiZ9Ah9OHmpy9vtrCXkQoP1z0Faw7aOKIjOtMza
vwnhfG5zNCRfDTImeIMv2cDS9xoQB7hItji3dWU6AdeWOdyBseyCB4BSHiY0ENdK
jPLE9E5mRxh5omkuxVbxXig99XySaIqRtSpx3PvqDRlNLXwEw1Rf+KD++wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCTTFckwC8nvwwAjzj8EFIyTnvFCMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvSk5NVnlUQUx5ZV9EQUNQT1B3UVVqSk9lOFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHwhzAN
BgkqhkiG9w0BAQsFAAOCAQEA0MLiFLeGnQvtertDyT4VckyWWvqiOkX2GcxvEhr4
eqqxqjExaXrLpDNAmBX3w4DzqEwwgdHB6FD2uj+76DqGgmhn/0hUgjsIz5zDtafg
UqACPhMLB/PCXiLkDpp7/R7zeMtfXjGZBFNMkhy6iozaxNfDPHQtnBUZJieyh/G9
qFvlkwip/ZjXWNyaF5h9GKweCErFQAeI/COHxn6/s9zO4hvQngD9LR0LfOny3m2q
woKZvIV6PlVZEnq13Z+htZdDXJwZJ1C4AG/kT5SkXYrsHmInpvP5Td/X6X1bCg6F
TfhqwVVTLDvIDImbN3vTbKQieNAZkuZkpQypXH0UNVUd9w==
-----END CERTIFICATE-----