This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/_ThG8IVbzuqUhc1osI4_Rpmzqio.roa
File:                     _ThG8IVbzuqUhc1osI4_Rpmzqio.roa (raw, json)
Hash identifier:          kZIjdDI7HB3X2nlD/j4MMUQcvs+mLLJs9i48KmxiWeQ=
Subject key identifier:   FD:38:46:F0:85:5B:CE:EA:94:85:CD:68:B0:8E:3F:46:99:B3:AA:2A
Certificate issuer:       /CN=db2303e96803793c3c48cda5207a41e74e50cb7c
Certificate serial:       019B783520984785331605CFACF0766518A0
Authority key identifier: DB:23:03:E9:68:03:79:3C:3C:48:CD:A5:20:7A:41:E7:4E:50:CB:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yMD6WgDeTw8SM2lIHpB505Qy3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/_ThG8IVbzuqUhc1osI4_Rpmzqio.roa
Signing time:             Thu 01 Jan 2026 06:18:26 +0000
ROA not before:           Thu 01 Jan 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202732
IP address blocks:        2001:3ac0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/2yMD6WgDeTw8SM2lIHpB505Qy3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/2yMD6WgDeTw8SM2lIHpB505Qy3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yMD6WgDeTw8SM2lIHpB505Qy3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:20:98:47:85:33:16:05:cf:ac:f0:76:65:18:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db2303e96803793c3c48cda5207a41e74e50cb7c
        Validity
            Not Before: Jan  1 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd3846f0855bceea9485cd68b08e3f4699b3aa2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c4:b3:08:7d:6d:ae:48:2f:8d:a6:cb:97:76:
                    3c:13:73:6f:2f:05:67:c6:85:13:cc:c2:cd:95:ed:
                    10:43:c3:76:5f:e2:85:d5:13:c7:61:84:aa:ed:3a:
                    be:0d:8a:22:43:6c:15:43:c4:08:e6:68:f5:9d:80:
                    49:d8:f0:ff:60:0b:6c:e2:9e:c4:d5:6f:79:a3:ac:
                    88:3e:76:ca:4f:35:97:ac:f9:39:c2:4a:5b:0a:ea:
                    e3:4d:15:30:3c:e9:ed:a7:0a:a1:bb:b2:85:25:c2:
                    c7:1f:f7:43:fc:f8:78:13:99:14:99:c9:ae:e8:db:
                    54:58:d3:ed:ff:a5:42:a5:12:d2:cc:8b:45:40:2e:
                    ea:e1:e9:38:01:3c:a2:dc:13:5e:b5:71:0b:47:f9:
                    47:3c:3b:a9:c9:a5:42:ed:7b:3f:cd:7c:28:19:c1:
                    ed:03:6f:22:23:9a:f7:33:5e:c4:c4:64:e5:96:6c:
                    0f:ff:93:70:9a:25:dc:f1:d3:4a:14:0e:78:d8:6c:
                    19:3c:87:14:11:db:b8:d8:d5:81:f9:01:37:28:ca:
                    8d:eb:7c:2d:86:a7:7f:9e:b2:cf:00:a6:f7:df:ee:
                    c7:2c:ea:4a:f5:e7:1b:00:b1:e0:6f:9c:ab:21:f6:
                    64:46:00:dc:d3:f1:ec:59:cf:ad:1b:39:af:92:af:
                    5b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:38:46:F0:85:5B:CE:EA:94:85:CD:68:B0:8E:3F:46:99:B3:AA:2A
            X509v3 Authority Key Identifier:
                keyid:DB:23:03:E9:68:03:79:3C:3C:48:CD:A5:20:7A:41:E7:4E:50:CB:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yMD6WgDeTw8SM2lIHpB505Qy3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/_ThG8IVbzuqUhc1osI4_Rpmzqio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d5f804-a193-4b3f-a652-45f2afc91d2d/1/2yMD6WgDeTw8SM2lIHpB505Qy3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:5e:f5:9a:d6:eb:ca:54:a9:47:55:d1:6f:c8:3d:68:72:69:
         6e:5d:79:a1:13:16:28:86:ef:7d:a1:ae:04:32:12:9b:6b:89:
         83:0c:80:e9:56:0a:fc:71:b3:df:f4:15:f0:12:26:51:74:d1:
         25:f5:3c:f3:3a:30:f5:80:84:55:01:21:5b:c1:d7:d0:e7:c4:
         cc:c0:0a:1c:cc:11:39:be:08:f9:f6:d3:37:ee:57:d6:a7:78:
         bf:70:91:a7:0d:8b:9f:db:f5:77:b5:6a:c9:d1:60:b1:da:71:
         81:7f:28:69:a5:ae:97:a1:86:77:d1:8b:27:37:41:19:53:29:
         26:2f:7b:4f:ec:8f:83:8e:28:f7:6b:3d:66:20:05:d3:bf:49:
         dc:49:6d:cc:ba:8b:c0:25:d9:ef:e2:ee:b5:fc:29:86:5c:bf:
         29:17:6b:d3:71:1a:99:a4:3f:8e:03:5f:1a:71:f3:1b:b1:fd:
         66:89:2b:74:a5:db:4b:45:d5:c9:bf:d8:c0:ae:08:92:30:6a:
         c7:93:28:ce:3c:07:b4:75:cf:07:42:ff:03:bc:c2:0b:c8:e5:
         7f:65:11:3a:04:2a:c9:84:28:5d:ab:b7:78:a5:86:56:dc:fe:
         a8:7e:e9:9a:b2:af:46:3e:a8:58:77:41:93:58:3c:0f:d6:a8:
         e7:74:ee:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4NSCYR4UzFgXPrPB2ZRigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjMwM2U5NjgwMzc5M2MzYzQ4Y2RhNTIwN2E0MWU3NGU1
MGNiN2MwHhcNMjYwMTAxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDM4NDZmMDg1NWJjZWVhOTQ4NWNkNjhiMDhlM2Y0Njk5YjNhYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMSzCH1trkgvjabLl3Y8E3NvLwVn
xoUTzMLNle0QQ8N2X+KF1RPHYYSq7Tq+DYoiQ2wVQ8QI5mj1nYBJ2PD/YAts4p7E
1W95o6yIPnbKTzWXrPk5wkpbCurjTRUwPOntpwqhu7KFJcLHH/dD/Ph4E5kUmcmu
6NtUWNPt/6VCpRLSzItFQC7q4ek4ATyi3BNetXELR/lHPDupyaVC7Xs/zXwoGcHt
A28iI5r3M17ExGTllmwP/5NwmiXc8dNKFA542GwZPIcUEdu42NWB+QE3KMqN63wt
hqd/nrLPAKb33+7HLOpK9ecbALHgb5yrIfZkRgDc0/HsWc+tGzmvkq9bkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP04RvCFW87qlIXNaLCOP0aZs6oqMB8GA1UdIwQY
MBaAFNsjA+loA3k8PEjNpSB6QedOUMt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlNRDZXZ0RlVHc4U00ybElIcEI1MDVReTN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNWY4MDQtYTE5My00YjNmLWE2NTIt
NDVmMmFmYzkxZDJkLzEvX1RoRzhJVmJ6dXFVaGMxb3NJNF9ScG16cWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNWY4MDQtYTE5My00YjNmLWE2NTItNDVmMmFmYzkxZDJk
LzEvMnlNRDZXZ0RlVHc4U00ybElIcEI1MDVReTN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE6wDAN
BgkqhkiG9w0BAQsFAAOCAQEAQ171mtbrylSpR1XRb8g9aHJpbl15oRMWKIbvfaGu
BDISm2uJgwyA6VYK/HGz3/QV8BImUXTRJfU88zow9YCEVQEhW8HX0OfEzMAKHMwR
Ob4I+fbTN+5X1qd4v3CRpw2Ln9v1d7VqydFgsdpxgX8oaaWul6GGd9GLJzdBGVMp
Ji97T+yPg44o92s9ZiAF079J3EltzLqLwCXZ7+Lutfwphly/KRdr03EamaQ/jgNf
GnHzG7H9ZokrdKXbS0XVyb/YwK4IkjBqx5MozjwHtHXPB0L/A7zCC8jlf2UROgQq
yYQoXau3eKWGVtz+qH7pmrKvRj6oWHdBk1g8D9ao53Tu9w==
-----END CERTIFICATE-----