This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/kMsITRvtaXC741Y_7AjN_jGGmv4.roa
File:                     kMsITRvtaXC741Y_7AjN_jGGmv4.roa (raw, json)
Hash identifier:          gbq77+xKSdpHzBJMY7zv47/LbqIo3f6akkibyM35M7Q=
Subject key identifier:   90:CB:08:4D:1B:ED:69:70:BB:E3:56:3F:EC:08:CD:FE:31:86:9A:FE
Certificate issuer:       /CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
Certificate serial:       019B76EB39E9FC463A8CC96289EF48271CA2
Authority key identifier: 57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/kMsITRvtaXC741Y_7AjN_jGGmv4.roa
Signing time:             Thu 01 Jan 2026 00:18:05 +0000
ROA not before:           Thu 01 Jan 2026 00:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204901
IP address blocks:        2a10:a642:aa00::/40 maxlen: 48
                          2a10:a642:aa00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:39:e9:fc:46:3a:8c:c9:62:89:ef:48:27:1c:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
        Validity
            Not Before: Jan  1 00:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90cb084d1bed6970bbe3563fec08cdfe31869afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:01:e7:fe:39:82:a0:d9:79:2e:d1:7a:1b:e5:
                    ea:b7:24:10:5d:d5:eb:cd:ce:12:7a:a3:e7:95:57:
                    b1:e4:63:cf:7f:db:30:53:74:ff:94:c1:96:72:f7:
                    16:99:0e:be:3f:2c:c8:ce:28:3c:e9:d5:49:4a:03:
                    bb:56:4e:d7:8e:4a:e1:c0:57:ef:1e:aa:bc:03:d7:
                    c4:65:19:87:47:b7:9f:b3:c3:84:e5:48:2d:ef:1c:
                    ac:ae:9d:81:e4:3a:92:a5:7e:67:e5:64:b8:39:b8:
                    79:64:ed:36:bc:2c:80:a4:5c:64:42:34:00:d2:c8:
                    6a:5b:9c:d6:7e:58:61:1f:5d:3a:81:61:04:80:95:
                    59:22:cf:33:02:f6:3f:23:78:17:38:09:0c:97:25:
                    b3:23:5a:e6:30:34:6f:d8:84:3d:93:7d:d1:ee:de:
                    08:45:81:8c:32:0e:1c:2c:d3:81:11:a7:5f:0e:8d:
                    5c:f7:8d:38:5d:95:13:79:fd:bc:10:fd:ce:ff:c6:
                    36:a2:e0:27:89:84:be:bd:2c:61:19:29:75:74:2b:
                    16:7c:fc:e5:51:53:04:d6:0c:43:00:7d:f4:ef:00:
                    2e:fb:e8:41:2e:d3:02:59:f7:67:e0:b2:dd:72:42:
                    05:d5:16:d7:1d:22:fc:cf:a2:59:10:2a:24:1a:57:
                    ff:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CB:08:4D:1B:ED:69:70:BB:E3:56:3F:EC:08:CD:FE:31:86:9A:FE
            X509v3 Authority Key Identifier:
                keyid:57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/kMsITRvtaXC741Y_7AjN_jGGmv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a642:aa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:c1:41:70:76:82:5a:5f:54:b9:85:c4:67:f4:ce:33:56:9d:
         1b:ee:6e:0d:2a:a6:4d:6a:ee:2a:d4:5a:47:96:0b:fe:ae:6a:
         88:d1:d7:7f:b2:3e:7b:8e:42:0a:7f:77:46:15:76:09:59:fb:
         ac:0f:60:c0:0c:7b:1a:8b:cb:6b:38:5d:fc:33:43:98:6c:9c:
         7e:7c:7e:2c:0d:c9:38:99:f9:45:3e:03:31:7e:03:2f:94:35:
         fd:4f:82:27:67:a7:50:c6:64:d3:47:27:3a:a7:33:7e:d6:ce:
         1e:ce:a9:0c:cc:1d:b7:40:33:a6:8b:77:2b:09:b1:8e:25:11:
         df:e8:0d:42:e7:f6:84:47:7d:34:c1:97:ee:ab:c5:15:62:c6:
         22:28:6a:38:89:63:e6:8a:83:23:2f:49:41:7e:21:d6:00:01:
         c2:3d:8a:89:f2:ef:39:1e:8d:cf:8e:57:a7:03:c5:92:25:9f:
         eb:4c:86:8a:ae:08:53:ae:3d:04:90:07:53:4b:0d:0e:cc:b0:
         25:fb:9b:85:df:34:7b:d2:75:d4:ab:33:7d:1d:2d:0f:7d:e6:
         01:bb:76:9d:c3:61:fa:f0:2f:05:13:65:92:53:3d:22:42:d3:
         82:72:3f:e1:d6:ca:dc:53:df:b7:15:40:88:63:7b:7c:70:f2:
         ca:d1:af:96
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt26znp/EY6jMliie9IJxyiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzZkOWEwYjU1YmQ0OTVhMWJlM2M1YzAzZmEyNTFkM2Rl
OGI4YzUwHhcNMjYwMTAxMDAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNiMDg0ZDFiZWQ2OTcwYmJlMzU2M2ZlYzA4Y2RmZTMxODY5YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAHn/jmCoNl5LtF6G+XqtyQQXdXr
zc4SeqPnlVex5GPPf9swU3T/lMGWcvcWmQ6+PyzIzig86dVJSgO7Vk7XjkrhwFfv
Hqq8A9fEZRmHR7efs8OE5Ugt7xysrp2B5DqSpX5n5WS4Obh5ZO02vCyApFxkQjQA
0shqW5zWflhhH106gWEEgJVZIs8zAvY/I3gXOAkMlyWzI1rmMDRv2IQ9k33R7t4I
RYGMMg4cLNOBEadfDo1c9404XZUTef28EP3O/8Y2ouAniYS+vSxhGSl1dCsWfPzl
UVME1gxDAH307wAu++hBLtMCWfdn4LLdckIF1RbXHSL8z6JZECokGlf/UwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJDLCE0b7Wlwu+NWP+wIzf4xhpr+MB8GA1UdIwQY
MBaAFFd22aC1W9SVob48XAP6JR096LjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUt
YzBiYTJmM2ZjNzJhLzEva01zSVRSdnRhWEM3NDFZXzdBak5fakdHbXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUtYzBiYTJmM2ZjNzJh
LzEvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhCmQqow
DQYJKoZIhvcNAQELBQADggEBAKnBQXB2glpfVLmFxGf0zjNWnRvubg0qpk1q7irU
WkeWC/6uaojR13+yPnuOQgp/d0YVdglZ+6wPYMAMexqLy2s4XfwzQ5hsnH58fiwN
yTiZ+UU+AzF+Ay+UNf1Pgidnp1DGZNNHJzqnM37Wzh7OqQzMHbdAM6aLdysJsY4l
Ed/oDULn9oRHfTTBl+6rxRVixiIoajiJY+aKgyMvSUF+IdYAAcI9iony7zkejc+O
V6cDxZIln+tMhoquCFOuPQSQB1NLDQ7MsCX7m4XfNHvSddSrM30dLQ995gG7dp3D
YfrwLwUTZZJTPSJC04JyP+HWytxT37cVQIhje3xw8srRr5Y=
-----END CERTIFICATE-----