This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/g6sf18n3xZl1TALCvAHdOtQxRg4.roa
File:                     g6sf18n3xZl1TALCvAHdOtQxRg4.roa (raw, json)
Hash identifier:          xF4qc4vWFwiPiBXPNEqALg9dNoI0YkOYJ4CNgjIGAJ4=
Subject key identifier:   83:AB:1F:D7:C9:F7:C5:99:75:4C:02:C2:BC:01:DD:3A:D4:31:46:0E
Certificate issuer:       /CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
Certificate serial:       019B7F858ECF1446112A4E395F75F10A1813
Authority key identifier: D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/g6sf18n3xZl1TALCvAHdOtQxRg4.roa
Signing time:             Fri 02 Jan 2026 16:23:37 +0000
ROA not before:           Fri 02 Jan 2026 16:23:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60960
IP address blocks:        2a07:7b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:8e:cf:14:46:11:2a:4e:39:5f:75:f1:0a:18:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
        Validity
            Not Before: Jan  2 16:23:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83ab1fd7c9f7c599754c02c2bc01dd3ad431460e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6c:22:84:5f:f8:ea:65:76:96:1d:c9:34:ad:
                    82:46:2b:5b:38:39:09:79:fd:22:a8:7d:1f:60:fc:
                    b4:bc:c7:1e:c0:30:81:2c:ca:98:b2:25:1f:f5:4d:
                    28:05:c7:fa:2e:a9:ee:89:a1:90:e4:4f:8f:b7:0f:
                    20:e4:d2:4d:06:60:b7:87:e8:32:ee:46:8c:e1:6b:
                    4d:6e:af:44:7d:55:c1:d7:29:77:90:05:27:c3:d7:
                    8d:f1:f3:b5:c4:c2:4f:9f:78:a9:bd:70:56:38:68:
                    62:17:6d:7f:01:c8:ab:ef:fd:8a:a2:57:b0:43:db:
                    ba:dc:04:d9:cb:fc:3a:d8:f4:e0:e7:aa:ec:ef:4b:
                    6f:ff:a4:69:3c:fd:77:82:e2:21:95:73:ef:61:bc:
                    28:e5:d6:fd:ba:86:02:0e:96:72:4c:1d:87:12:e3:
                    0b:39:1f:a2:48:36:8b:f1:00:c0:97:74:a9:a2:8d:
                    17:d0:86:d1:a3:2b:f4:72:cb:d8:6f:f8:7f:12:3d:
                    8e:23:24:2f:46:0d:9f:67:91:3c:88:bf:66:6d:22:
                    09:c2:6e:95:5d:f5:82:ae:21:43:8d:00:c5:f0:26:
                    3f:64:1c:8a:e2:c9:8d:3c:5c:4d:e2:da:2f:a9:a9:
                    1c:30:02:95:63:92:c8:01:1c:56:32:a2:05:6e:ae:
                    84:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AB:1F:D7:C9:F7:C5:99:75:4C:02:C2:BC:01:DD:3A:D4:31:46:0E
            X509v3 Authority Key Identifier:
                keyid:D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/g6sf18n3xZl1TALCvAHdOtQxRg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:78:57:9e:a4:53:ae:dc:63:bb:bf:e8:89:35:39:18:9a:4d:
         df:54:f4:81:ac:42:d7:66:42:9d:a3:ce:30:78:d4:b8:8b:f4:
         16:6c:1d:92:24:24:f9:53:c8:81:88:d0:c6:07:6c:bf:90:a0:
         14:d3:03:92:a1:93:c2:54:b0:b9:16:bc:36:72:af:9a:fb:47:
         3a:c8:81:ab:82:e1:5a:da:16:d4:7f:46:d5:98:27:dd:ff:80:
         e3:41:fd:8c:eb:c9:03:3a:f2:51:20:d7:9c:1e:07:97:c7:c4:
         a5:c1:2e:ca:d3:ca:80:62:b0:e0:df:e7:16:19:91:c4:bf:9d:
         79:ed:f4:10:61:3a:61:81:b3:ce:2f:21:e9:e5:45:9b:69:b8:
         fb:f5:3e:e7:1f:cf:d6:94:25:c4:17:81:dc:20:9b:a7:56:67:
         2f:f7:fd:92:08:46:f5:d6:b3:6f:7f:0d:1c:0f:84:6f:ee:39:
         49:54:4c:47:af:2e:03:75:3f:c0:cd:96:f5:94:24:bd:a5:43:
         93:86:c5:60:93:0b:17:66:d4:42:2b:53:50:e9:43:a9:5d:31:
         f9:94:55:f3:4d:8c:c0:e3:e8:6f:66:58:ec:75:90:02:c4:e3:
         d9:95:bd:2d:cb:74:4b:77:bf:dd:c9:99:2a:9c:4c:c1:63:4e:
         be:4a:dc:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/hY7PFEYRKk45X3XxChgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWZlOWQzNmY1Zjg4ZmRmMDQ3NDJjNDE0MGM3NTMyMDkw
YWI3NzAwHhcNMjYwMTAyMTYyMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2FiMWZkN2M5ZjdjNTk5NzU0YzAyYzJiYzAxZGQzYWQ0MzE0NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmwihF/46mV2lh3JNK2CRitbODkJ
ef0iqH0fYPy0vMcewDCBLMqYsiUf9U0oBcf6LqnuiaGQ5E+Ptw8g5NJNBmC3h+gy
7kaM4WtNbq9EfVXB1yl3kAUnw9eN8fO1xMJPn3ipvXBWOGhiF21/Acir7/2Kolew
Q9u63ATZy/w62PTg56rs70tv/6RpPP13guIhlXPvYbwo5db9uoYCDpZyTB2HEuML
OR+iSDaL8QDAl3Spoo0X0IbRoyv0csvYb/h/Ej2OIyQvRg2fZ5E8iL9mbSIJwm6V
XfWCriFDjQDF8CY/ZByK4smNPFxN4tovqakcMAKVY5LIARxWMqIFbq6EUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIOrH9fJ98WZdUwCwrwB3TrUMUYOMB8GA1UdIwQY
MBaAFNnv6dNvX4j98EdCxBQMdTIJCrdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1Yzkt
MzlmNmQ2NDI1MzM4LzEvZzZzZjE4bjN4WmwxVEFMQ3ZBSGRPdFF4Umc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1YzktMzlmNmQ2NDI1MzM4
LzEvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgd7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAlHhXnqRTrtxju7/oiTU5GJpN31T0gaxC12ZCnaPO
MHjUuIv0FmwdkiQk+VPIgYjQxgdsv5CgFNMDkqGTwlSwuRa8NnKvmvtHOsiBq4Lh
WtoW1H9G1Zgn3f+A40H9jOvJAzryUSDXnB4Hl8fEpcEuytPKgGKw4N/nFhmRxL+d
ee30EGE6YYGzzi8h6eVFm2m4+/U+5x/P1pQlxBeB3CCbp1ZnL/f9kghG9dazb38N
HA+Eb+45SVRMR68uA3U/wM2W9ZQkvaVDk4bFYJMLF2bUQitTUOlDqV0x+ZRV802M
wOPob2ZY7HWQAsTj2ZW9Lct0S3e/3cmZKpxMwWNOvkrcnQ==
-----END CERTIFICATE-----