This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/iRdgIX5OxjNM1yQqzGrI-IlFYWU.roa
File:                     iRdgIX5OxjNM1yQqzGrI-IlFYWU.roa (raw, json)
Hash identifier:          o1VCuPGQGLom0fvLJJYHwM1EdofsHXcxsnsAuKlYpn4=
Subject key identifier:   89:17:60:21:7E:4E:C6:33:4C:D7:24:2A:CC:6A:C8:F8:89:45:61:65
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       019B78348D59501DD0515DF1E9FB0FECA19C
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/iRdgIX5OxjNM1yQqzGrI-IlFYWU.roa
Signing time:             Thu 01 Jan 2026 06:17:48 +0000
ROA not before:           Thu 01 Jan 2026 06:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215653
IP address blocks:        2a12:3e80:700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:8d:59:50:1d:d0:51:5d:f1:e9:fb:0f:ec:a1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan  1 06:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=891760217e4ec6334cd7242acc6ac8f889456165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:95:f8:7b:c0:48:8e:9f:e4:da:5f:43:1b:95:
                    5d:9a:f1:a7:5a:96:30:10:e1:45:17:c6:25:e9:1f:
                    c2:87:bf:83:98:77:2d:fd:0d:63:2f:c2:36:b2:f6:
                    5f:44:b5:cb:39:13:76:41:d9:b2:a3:c6:1f:5d:d9:
                    8d:fc:1e:2c:c2:7a:74:fc:25:f9:6d:da:91:1e:60:
                    1c:f0:22:2e:87:b1:6a:5d:8f:c4:ad:f3:8b:9a:cc:
                    d0:41:83:b2:27:a4:4a:f0:46:cb:d6:63:a6:01:f2:
                    d1:08:5e:e1:4a:c8:d8:f7:7d:10:a0:ee:5f:2c:6e:
                    dc:e5:1a:21:ac:d9:4d:b9:e0:a7:ba:43:38:2c:17:
                    05:a8:b8:01:33:c4:ec:c0:9e:b6:dc:0e:09:8c:0c:
                    8c:f9:13:08:66:2e:28:8e:5f:64:aa:58:d4:1d:c1:
                    9c:79:26:24:d2:89:00:3f:98:f5:3d:10:0f:65:3f:
                    62:bd:fa:45:fb:8f:20:c7:95:0e:e8:4d:2d:4a:0e:
                    18:4f:7b:2e:2f:60:4b:72:ed:83:e2:4a:17:93:a7:
                    93:d3:05:51:85:12:e0:6f:d4:60:8d:78:04:f3:1b:
                    fe:34:90:f6:6e:63:89:3f:31:a5:94:4f:24:10:56:
                    a1:66:7e:e6:9a:0c:fe:4e:61:70:26:70:7e:36:97:
                    3d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:17:60:21:7E:4E:C6:33:4C:D7:24:2A:CC:6A:C8:F8:89:45:61:65
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/iRdgIX5OxjNM1yQqzGrI-IlFYWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3e80:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:02:1b:e3:f8:96:06:a4:9c:b1:1c:82:93:54:5f:31:a8:af:
         5e:85:5f:80:d6:2d:27:e9:f2:dc:2b:e5:47:fb:2f:ca:80:5b:
         aa:5d:47:9a:43:56:73:91:d1:7a:b2:d8:0b:45:26:b8:29:11:
         bc:3f:34:40:e2:59:37:da:1b:b4:7d:85:c2:a3:17:87:50:d2:
         07:45:0c:3b:0f:01:ae:7f:93:02:5f:70:80:81:ec:a2:03:6d:
         23:b9:29:23:34:67:62:bc:9e:57:9a:26:a3:26:4d:3c:e9:96:
         1f:0f:6a:03:57:11:de:08:63:67:81:f9:52:ef:79:60:4c:0d:
         1b:91:d3:d3:8b:b8:f7:40:a9:16:d7:c8:3e:72:d6:e3:96:23:
         88:2f:07:b9:1c:17:d9:db:67:86:0e:13:da:27:17:8e:18:3b:
         bd:76:15:83:ad:d0:32:7d:12:8f:34:48:75:3c:a0:0c:76:4b:
         cd:2a:c5:b9:e3:78:dc:fc:bd:b3:7d:64:29:3f:0c:81:69:67:
         a9:da:f7:4c:28:96:97:fb:6e:d0:42:e3:38:c1:13:37:f9:5f:
         86:4d:d1:05:bd:5d:72:b0:e3:c7:68:5a:d4:88:15:07:c0:eb:
         c6:43:ab:c6:5d:1f:c2:3a:f7:2b:78:b9:0f:10:60:db:d3:3a:
         c7:22:07:65
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt4NI1ZUB3QUV3x6fsP7KGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjYwMTAxMDYxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTE3NjAyMTdlNGVjNjMzNGNkNzI0MmFjYzZhYzhmODg5NDU2MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJX4e8BIjp/k2l9DG5VdmvGnWpYw
EOFFF8Yl6R/Ch7+DmHct/Q1jL8I2svZfRLXLORN2Qdmyo8YfXdmN/B4swnp0/CX5
bdqRHmAc8CIuh7FqXY/ErfOLmszQQYOyJ6RK8EbL1mOmAfLRCF7hSsjY930QoO5f
LG7c5RohrNlNueCnukM4LBcFqLgBM8TswJ623A4JjAyM+RMIZi4ojl9kqljUHcGc
eSYk0okAP5j1PRAPZT9ivfpF+48gx5UO6E0tSg4YT3suL2BLcu2D4koXk6eT0wVR
hRLgb9RgjXgE8xv+NJD2bmOJPzGllE8kEFahZn7mmgz+TmFwJnB+Npc9zwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIkXYCF+TsYzTNckKsxqyPiJRWFlMB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvaVJkZ0lYNU94ak5NMXlRcXpHckktSWxGWVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI+gAcw
DQYJKoZIhvcNAQELBQADggEBAEACG+P4lgaknLEcgpNUXzGor16FX4DWLSfp8twr
5Uf7L8qAW6pdR5pDVnOR0Xqy2AtFJrgpEbw/NEDiWTfaG7R9hcKjF4dQ0gdFDDsP
Aa5/kwJfcICB7KIDbSO5KSM0Z2K8nleaJqMmTTzplh8PagNXEd4IY2eB+VLveWBM
DRuR09OLuPdAqRbXyD5y1uOWI4gvB7kcF9nbZ4YOE9onF44YO712FYOt0DJ9Eo80
SHU8oAx2S80qxbnjeNz8vbN9ZCk/DIFpZ6na90wolpf7btBC4zjBEzf5X4ZN0QW9
XXKw48doWtSIFQfA68ZDq8ZdH8I69yt4uQ8QYNvTOsciB2U=
-----END CERTIFICATE-----