This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/CkraNljOqkeSekJdoAbtNjJUZxU.roa
File:                     CkraNljOqkeSekJdoAbtNjJUZxU.roa (raw, json)
Hash identifier:          o4lFQ2jvZtAY9Qkbgut69KisZCd4iL38+vgSPqcwEK8=
Subject key identifier:   0A:4A:DA:36:58:CE:AA:47:92:7A:42:5D:A0:06:ED:36:32:54:67:15
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019B7CEE6B8CB0ABCC508EE1BA2D60B64065
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/CkraNljOqkeSekJdoAbtNjJUZxU.roa
Signing time:             Fri 02 Jan 2026 04:19:18 +0000
ROA not before:           Fri 02 Jan 2026 04:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203626
IP address blocks:        2a14:ae00:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:6b:8c:b0:ab:cc:50:8e:e1:ba:2d:60:b6:40:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Jan  2 04:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a4ada3658ceaa47927a425da006ed3632546715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:86:99:b8:0e:f0:2f:86:72:b3:41:a0:79:a3:
                    f1:47:47:d7:8c:12:de:e0:e1:3a:f8:96:58:86:4e:
                    d6:39:25:aa:2c:1a:b4:04:38:29:d8:ea:51:d2:e6:
                    42:f1:8d:34:88:c0:4d:04:ed:a4:e8:9d:d7:c7:56:
                    f3:cb:61:c4:ec:1b:67:7e:8c:9e:21:89:1a:07:29:
                    ef:7c:6e:8a:9d:97:98:ed:0d:f0:21:d9:72:c1:c2:
                    e7:54:86:db:0c:97:f9:e1:a3:5b:45:b0:b9:6d:b6:
                    42:97:fb:3d:3f:29:d0:13:a2:ae:39:e3:06:06:39:
                    88:47:59:26:8f:97:ea:ec:43:97:65:9c:f7:c9:e3:
                    c6:35:50:7e:3f:6d:9e:92:20:38:82:e0:44:8e:2f:
                    27:8c:66:99:21:f2:5e:4f:16:1f:60:e7:5c:f6:3f:
                    22:df:f0:fd:f0:60:4a:f7:08:68:0e:37:92:9c:d2:
                    95:4c:87:a3:89:7f:5a:57:ed:c9:69:7d:91:65:c6:
                    41:69:85:a7:a8:bd:22:03:4b:62:68:1a:18:73:b3:
                    1a:0a:3a:2d:4d:43:21:82:e5:04:67:73:56:bd:b5:
                    79:c7:b5:e3:e2:1d:91:5d:e3:9e:13:a9:40:76:a6:
                    ea:8d:47:66:d7:48:f3:6e:df:46:9a:35:9a:44:1c:
                    0e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4A:DA:36:58:CE:AA:47:92:7A:42:5D:A0:06:ED:36:32:54:67:15
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/CkraNljOqkeSekJdoAbtNjJUZxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:83:02:4d:2e:70:f3:6c:14:1c:72:cd:06:78:15:50:80:3a:
         3a:81:1f:76:28:b9:06:a9:0e:b8:b0:d4:05:0a:e6:29:71:9c:
         0c:bc:06:e5:27:3a:ec:70:52:44:94:c0:77:51:c7:0e:86:04:
         6d:18:e5:7b:b5:30:14:6e:d5:9c:e5:d5:39:58:dc:7a:4c:a6:
         5f:43:8e:f2:09:12:17:48:5b:d5:ba:4a:8c:f6:64:b6:14:ab:
         c7:44:bb:5a:e0:ca:8b:09:21:9a:3d:64:f7:6c:1a:4c:90:a2:
         2f:87:f7:4d:1d:d0:7b:ce:0c:44:55:bc:5f:45:01:b0:2a:57:
         da:84:20:d3:4a:0d:cb:bd:3b:a2:b8:bf:fb:60:d6:22:d7:4b:
         8e:55:a8:06:07:6a:53:38:55:d7:5a:67:c2:c1:01:32:77:3f:
         3b:33:7b:67:21:70:5e:7e:a1:e0:9d:c7:44:bc:cb:3b:15:22:
         1d:54:04:40:e2:a6:d8:1f:f3:0c:97:fa:da:02:c2:74:1c:50:
         be:7a:92:11:c6:61:0b:c9:1b:41:14:18:74:50:19:54:87:08:
         54:04:93:f1:99:f0:b9:3b:2a:18:a8:a8:d9:a2:37:6c:05:7c:
         43:2d:ba:d9:a6:80:96:ca:99:af:37:70:8f:ec:37:95:20:45:
         87:ef:48:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87muMsKvMUI7hui1gtkBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwMTAyMDQxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRhZGEzNjU4Y2VhYTQ3OTI3YTQyNWRhMDA2ZWQzNjMyNTQ2NzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoaZuA7wL4Zys0GgeaPxR0fXjBLe
4OE6+JZYhk7WOSWqLBq0BDgp2OpR0uZC8Y00iMBNBO2k6J3Xx1bzy2HE7Btnfoye
IYkaBynvfG6KnZeY7Q3wIdlywcLnVIbbDJf54aNbRbC5bbZCl/s9PynQE6KuOeMG
BjmIR1kmj5fq7EOXZZz3yePGNVB+P22ekiA4guBEji8njGaZIfJeTxYfYOdc9j8i
3/D98GBK9whoDjeSnNKVTIejiX9aV+3JaX2RZcZBaYWnqL0iA0tiaBoYc7MaCjot
TUMhguUEZ3NWvbV5x7Xj4h2RXeOeE6lAdqbqjUdm10jzbt9GmjWaRBwOwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFApK2jZYzqpHknpCXaAG7TYyVGcVMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvQ2tyYU5sak9xa2VTZWtKZG9BYnROakpVWnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQA9gwJNLnDzbBQccs0GeBVQgDo6gR92KLkGqQ64
sNQFCuYpcZwMvAblJzrscFJElMB3UccOhgRtGOV7tTAUbtWc5dU5WNx6TKZfQ47y
CRIXSFvVukqM9mS2FKvHRLta4MqLCSGaPWT3bBpMkKIvh/dNHdB7zgxEVbxfRQGw
KlfahCDTSg3LvTuiuL/7YNYi10uOVagGB2pTOFXXWmfCwQEydz87M3tnIXBefqHg
ncdEvMs7FSIdVARA4qbYH/MMl/raAsJ0HFC+epIRxmELyRtBFBh0UBlUhwhUBJPx
mfC5OyoYqKjZojdsBXxDLbrZpoCWypmvN3CP7DeVIEWH70gZ
-----END CERTIFICATE-----