This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/PvCNmMuHcK2-0lwoP1YXz8fG1-4.roa
File:                     PvCNmMuHcK2-0lwoP1YXz8fG1-4.roa (raw, json)
Hash identifier:          ZcKVkYaVisIZB6lNJ9Oj7RdZ3ktv/iO+kT0iuJRn4G8=
Subject key identifier:   3E:F0:8D:98:CB:87:70:AD:BE:D2:5C:28:3F:56:17:CF:C7:C6:D7:EE
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019B7BA515708F6402B7A5858CF18046ED3D
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/PvCNmMuHcK2-0lwoP1YXz8fG1-4.roa
Signing time:             Thu 01 Jan 2026 22:19:35 +0000
ROA not before:           Thu 01 Jan 2026 22:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3180
IP address blocks:        2a04:ac00:b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:15:70:8f:64:02:b7:a5:85:8c:f1:80:46:ed:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 22:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ef08d98cb8770adbed25c283f5617cfc7c6d7ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:82:9c:9a:aa:a5:58:45:7e:48:26:82:b7:
                    da:fe:e7:6a:1c:14:2d:61:ca:ca:e0:2f:1a:b2:40:
                    a3:3f:9f:b8:ba:05:d7:94:89:a9:07:ec:2f:b6:19:
                    28:f7:ef:95:21:86:05:d3:18:1f:7e:91:10:32:fa:
                    b3:b6:b6:ed:c4:46:1e:e3:f8:88:a0:f7:25:26:b8:
                    49:76:24:bb:d6:4a:5e:2d:1e:7c:6a:94:97:b2:2a:
                    e9:c4:d5:22:7a:57:83:26:13:e6:1d:f3:50:5f:c3:
                    44:33:7a:1d:86:03:ce:72:d4:5d:20:4d:f3:c7:7e:
                    18:ed:6c:8a:a1:24:72:6b:91:6c:14:c0:9e:ad:46:
                    59:34:b0:3f:fc:b7:68:4d:d6:45:95:ac:50:9b:96:
                    f2:c0:bd:63:45:14:3c:ed:62:ca:98:1a:a7:b3:3a:
                    c6:7d:00:0b:43:f7:08:dd:c9:f3:84:6f:f4:de:46:
                    7d:31:f1:28:8b:94:03:ee:82:81:e1:a5:63:fc:ec:
                    79:43:b9:76:bd:9f:6b:3f:d7:61:11:10:58:88:60:
                    b0:68:b9:9e:53:2d:63:d0:44:37:33:ef:02:8e:3a:
                    b7:ff:ad:30:63:f8:d8:a7:77:12:0c:1d:7e:b0:44:
                    f3:76:a2:0a:4c:bd:49:c7:e3:69:13:95:d8:77:2e:
                    3a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F0:8D:98:CB:87:70:AD:BE:D2:5C:28:3F:56:17:CF:C7:C6:D7:EE
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/PvCNmMuHcK2-0lwoP1YXz8fG1-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac00:b::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:cb:51:f9:84:5f:1a:6d:67:4b:c8:fb:7f:ff:64:45:3f:98:
         b4:e7:f2:94:f6:e7:bf:82:7b:63:ce:fd:98:10:7f:71:dc:ae:
         25:cd:60:13:50:c5:fa:f7:19:f4:a6:21:3e:43:08:4e:9a:1e:
         ba:f3:33:26:4e:92:1f:64:96:c8:60:65:07:11:a2:6d:29:61:
         d7:76:55:3a:0a:13:d4:59:0b:8e:e2:82:d5:52:61:c1:fe:6b:
         71:4a:dd:ea:83:4c:d8:06:a1:b4:5b:35:72:b1:55:b7:96:45:
         94:53:d6:91:f5:26:ba:bc:9b:51:c1:a4:3c:6e:0e:a8:88:0b:
         aa:1c:36:b2:a7:46:08:9d:43:bb:29:75:c9:5d:83:6e:d7:9d:
         de:9b:b1:64:6d:af:9a:c7:57:22:cc:f1:ea:8d:c4:d7:7a:08:
         1f:73:79:f2:b5:93:b3:93:56:4a:70:71:01:f9:f8:34:b8:70:
         72:3c:ec:91:26:17:a9:d3:e3:0d:bd:fa:7c:c0:0a:9f:2a:ef:
         51:b5:f4:c8:5c:e0:66:12:ec:a8:de:a8:75:16:1c:86:a5:4e:
         ec:ec:32:6c:2b:fc:36:12:17:37:2e:9f:7c:aa:08:b8:db:74:
         39:d5:18:3c:b6:eb:1d:66:21:34:de:1b:e6:60:74:34:79:06:
         c6:b0:1a:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pRVwj2QCt6WFjPGARu09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjYwMTAxMjIxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWYwOGQ5OGNiODc3MGFkYmVkMjVjMjgzZjU2MTdjZmM3YzZkN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumKCnJqqpVhFfkgmgrfa/udqHBQt
YcrK4C8askCjP5+4ugXXlImpB+wvthko9++VIYYF0xgffpEQMvqztrbtxEYe4/iI
oPclJrhJdiS71kpeLR58apSXsirpxNUieleDJhPmHfNQX8NEM3odhgPOctRdIE3z
x34Y7WyKoSRya5FsFMCerUZZNLA//LdoTdZFlaxQm5bywL1jRRQ87WLKmBqnszrG
fQALQ/cI3cnzhG/03kZ9MfEoi5QD7oKB4aVj/Ox5Q7l2vZ9rP9dhERBYiGCwaLme
Uy1j0EQ3M+8Cjjq3/60wY/jYp3cSDB1+sETzdqIKTL1Jx+NpE5XYdy46MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD7wjZjLh3CtvtJcKD9WF8/HxtfuMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvUHZDTm1NdUhjSzItMGx3b1AxWVh6OGZHMS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgSsAAAL
MA0GCSqGSIb3DQEBCwUAA4IBAQAKy1H5hF8abWdLyPt//2RFP5i05/KU9ue/gntj
zv2YEH9x3K4lzWATUMX69xn0piE+QwhOmh668zMmTpIfZJbIYGUHEaJtKWHXdlU6
ChPUWQuO4oLVUmHB/mtxSt3qg0zYBqG0WzVysVW3lkWUU9aR9Sa6vJtRwaQ8bg6o
iAuqHDayp0YInUO7KXXJXYNu153em7Fkba+ax1cizPHqjcTXeggfc3nytZOzk1ZK
cHEB+fg0uHByPOyRJhep0+MNvfp8wAqfKu9RtfTIXOBmEuyo3qh1FhyGpU7s7DJs
K/w2Ehc3Lp98qgi423Q51Rg8tusdZiE03hvmYHQ0eQbGsBrr
-----END CERTIFICATE-----