This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/fX_omxDUI3xGZOv2xdP1AbphA0g.roa
File:                     fX_omxDUI3xGZOv2xdP1AbphA0g.roa (raw, json)
Hash identifier:          Z9dBfI9Iw28D8Sqmdj3pQsbSgNBX6YnHt/oYPvO8FtA=
Subject key identifier:   7D:7F:E8:9B:10:D4:23:7C:46:64:EB:F6:C5:D3:F5:01:BA:61:03:48
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       019B7C12310B1EFE03D49E1C1AFA56586DFC
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/fX_omxDUI3xGZOv2xdP1AbphA0g.roa
Signing time:             Fri 02 Jan 2026 00:18:45 +0000
ROA not before:           Fri 02 Jan 2026 00:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9095
IP address blocks:        2001:a98:8000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:31:0b:1e:fe:03:d4:9e:1c:1a:fa:56:58:6d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 00:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d7fe89b10d4237c4664ebf6c5d3f501ba610348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f1:31:fd:2e:40:2b:0f:03:18:c1:c6:29:81:
                    ad:77:53:22:09:f0:ef:2e:fb:67:b4:49:1d:b4:e6:
                    72:9e:26:ee:77:f4:8c:41:b8:6b:6c:e0:bb:16:b3:
                    54:10:c1:ca:9b:50:60:32:92:50:87:9c:34:99:30:
                    68:d9:96:49:e2:64:fd:af:a9:cb:bc:45:3f:a4:33:
                    c1:04:91:29:c3:bf:18:70:2c:7b:a1:6b:ef:19:a8:
                    48:6d:0a:69:fb:43:0c:ee:80:97:e6:ff:3b:dd:f7:
                    db:50:d6:97:37:8e:e0:b9:f4:0e:5c:4c:9f:77:56:
                    77:7c:a5:72:6e:10:21:47:bd:ea:ae:0e:4b:1e:01:
                    a1:9a:0d:c4:44:9f:10:2e:4d:32:28:eb:a0:99:fa:
                    dc:e9:88:93:e3:8c:d9:25:3a:dc:dd:b5:72:d1:6d:
                    38:ef:af:52:c2:fa:35:a3:04:7d:ee:52:0a:7b:cd:
                    33:99:8b:c5:de:4b:35:9d:e6:57:c0:4e:f3:1d:54:
                    83:7f:d1:b7:a9:24:06:4e:cd:00:d7:ef:fa:3f:5e:
                    de:f4:6c:f6:d2:1b:a8:94:9e:47:43:3d:ef:5e:29:
                    26:71:81:c3:cb:42:28:4f:bf:93:0c:69:a9:a2:84:
                    b2:1f:5d:9a:03:4c:bb:ea:df:73:4c:05:e0:72:1c:
                    82:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7F:E8:9B:10:D4:23:7C:46:64:EB:F6:C5:D3:F5:01:BA:61:03:48
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/fX_omxDUI3xGZOv2xdP1AbphA0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:a98:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:db:b1:21:9f:09:c0:c4:aa:f4:f9:01:28:17:ed:9f:dc:46:
         91:4a:df:e4:4a:ab:ed:e6:bb:3f:31:e2:ee:4f:18:20:20:82:
         aa:c2:8a:15:75:de:d0:3d:bf:1e:a8:f6:6c:e3:23:82:d2:81:
         98:88:68:fd:09:6f:0e:1e:14:f6:ac:3f:d2:02:13:79:78:38:
         6d:03:7b:ec:cd:8f:fe:b8:de:64:0a:4a:aa:8e:16:43:a7:62:
         71:b6:ac:fc:a8:b8:83:54:08:f5:95:39:5f:64:a3:63:8a:0e:
         32:b6:0b:c7:2d:f6:21:fe:4a:1d:d3:70:f2:68:3e:77:80:fd:
         a0:e0:7c:46:58:51:df:09:6a:aa:e8:f8:14:8d:ce:2e:84:2b:
         e5:24:09:27:25:eb:35:e4:30:01:cc:ee:e1:d6:96:2c:66:35:
         80:f3:fd:a7:16:48:57:8d:3f:54:ad:3d:79:b6:e9:b7:f8:ad:
         87:7c:de:4e:fa:81:a4:a1:ea:7e:6f:89:66:f3:2c:fd:0c:47:
         33:2d:c5:02:8e:c6:5b:8d:f6:5b:6c:76:60:69:ba:9b:c2:33:
         72:46:49:3c:d5:9d:b7:5b:f6:d2:ed:9c:ce:e1:0e:e6:fa:29:
         b4:e4:6e:a7:56:d9:8d:3a:0a:60:e4:31:e1:df:81:d5:52:8d:
         bc:04:78:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EjELHv4D1J4cGvpWWG38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjYwMTAyMDAxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdmZTg5YjEwZDQyMzdjNDY2NGViZjZjNWQzZjUwMWJhNjEwMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/Ex/S5AKw8DGMHGKYGtd1MiCfDv
LvtntEkdtOZynibud/SMQbhrbOC7FrNUEMHKm1BgMpJQh5w0mTBo2ZZJ4mT9r6nL
vEU/pDPBBJEpw78YcCx7oWvvGahIbQpp+0MM7oCX5v873ffbUNaXN47gufQOXEyf
d1Z3fKVybhAhR73qrg5LHgGhmg3ERJ8QLk0yKOugmfrc6YiT44zZJTrc3bVy0W04
769Swvo1owR97lIKe80zmYvF3ks1neZXwE7zHVSDf9G3qSQGTs0A1+/6P17e9Gz2
0huolJ5HQz3vXikmcYHDy0IoT7+TDGmpooSyH12aA0y76t9zTAXgchyCRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH1/6JsQ1CN8RmTr9sXT9QG6YQNIMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvZlhfb214RFVJM3hHWk92MnhkUDFBYnBoQTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEKmIAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAU27EhnwnAxKr0+QEoF+2f3EaRSt/kSqvt5rs/
MeLuTxggIIKqwooVdd7QPb8eqPZs4yOC0oGYiGj9CW8OHhT2rD/SAhN5eDhtA3vs
zY/+uN5kCkqqjhZDp2Jxtqz8qLiDVAj1lTlfZKNjig4ytgvHLfYh/kod03DyaD53
gP2g4HxGWFHfCWqq6PgUjc4uhCvlJAknJes15DABzO7h1pYsZjWA8/2nFkhXjT9U
rT15tum3+K2HfN5O+oGkoep+b4lm8yz9DEczLcUCjsZbjfZbbHZgabqbwjNyRkk8
1Z23W/bS7ZzO4Q7m+im05G6nVtmNOgpg5DHh34HVUo28BHim
-----END CERTIFICATE-----