This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/RFaEpCIQ7DiA3iF7lwwQ29jefIA.roa
File:                     RFaEpCIQ7DiA3iF7lwwQ29jefIA.roa (raw, json)
Hash identifier:          GOJnWj8oflUm6VfGwYR1lKiwH9eNwUJaLP/8I/2Ya6I=
Subject key identifier:   44:56:84:A4:22:10:EC:38:80:DE:21:7B:97:0C:10:DB:D8:DE:7C:80
Certificate issuer:       /CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
Certificate serial:       019A799DD2836C44D67A851B769320446693
Authority key identifier: FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/RFaEpCIQ7DiA3iF7lwwQ29jefIA.roa
Signing time:             Wed 12 Nov 2025 19:49:37 +0000
ROA not before:           Wed 12 Nov 2025 19:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        2a05:e9c0:8200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 19:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:79:9d:d2:83:6c:44:d6:7a:85:1b:76:93:20:44:66:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
        Validity
            Not Before: Nov 12 19:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=445684a42210ec3880de217b970c10dbd8de7c80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:16:be:4c:dc:c8:d8:74:04:38:72:4d:30:
                    35:16:da:dd:04:8b:e5:28:63:02:a0:4b:fd:71:52:
                    71:73:e3:93:3c:56:a0:66:dc:e1:57:db:b8:f5:da:
                    06:4d:d7:34:8f:49:cb:54:bf:31:94:d6:ca:15:39:
                    3c:21:c8:50:13:ea:e7:fa:99:e9:14:07:b0:1b:c2:
                    21:94:a9:8e:2d:f0:75:eb:99:4f:ce:1d:64:90:41:
                    97:a0:22:6a:42:cd:dc:3e:58:9a:80:9c:39:fb:a4:
                    18:99:de:20:ca:9f:55:f0:b2:da:12:1e:0c:15:82:
                    f7:89:2d:f8:4e:3f:21:5e:5b:30:c1:dc:08:9b:61:
                    29:af:24:9a:53:31:b7:b4:08:3e:45:e0:e6:04:2c:
                    c7:ea:09:d0:74:c0:fd:0c:1b:af:ee:7d:a0:64:f5:
                    a9:6c:9e:a9:d2:b9:0d:ac:8c:0b:3f:21:ab:67:26:
                    73:1a:82:8d:ed:71:4c:9d:1e:a5:da:19:f8:9c:b9:
                    a6:91:10:16:8f:92:69:1c:c3:d9:c0:1f:5c:d6:02:
                    8f:1c:7e:e9:d8:b5:3b:54:c1:ee:bc:8a:24:c0:34:
                    79:b6:12:a4:c9:73:4a:c6:dd:fe:04:b8:86:d1:0b:
                    67:2f:af:d2:91:66:86:6a:2a:3e:19:ed:b5:8b:2c:
                    51:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:56:84:A4:22:10:EC:38:80:DE:21:7B:97:0C:10:DB:D8:DE:7C:80
            X509v3 Authority Key Identifier:
                keyid:FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/RFaEpCIQ7DiA3iF7lwwQ29jefIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:e9c0:8200::/40

    Signature Algorithm: sha256WithRSAEncryption
         cb:46:f4:f9:37:ea:bc:03:c5:04:1d:03:d1:d0:da:06:25:94:
         07:b0:9f:ec:b8:63:21:f0:bf:e9:aa:94:2d:e1:9b:90:71:ea:
         f8:c2:23:48:df:8e:5a:fd:09:bb:6a:d5:9c:30:b5:11:a5:8d:
         6f:81:dd:37:55:86:1b:b4:88:43:30:d0:25:76:39:44:6b:c1:
         6b:62:ba:73:1a:96:31:1a:d4:15:08:b7:ef:5e:0c:98:56:6c:
         c2:f2:11:82:fd:55:41:50:e5:80:d6:2d:cc:05:68:fe:60:ed:
         e7:d7:6c:54:bc:9a:a9:ce:99:0e:bf:e9:94:ef:8d:67:9c:7e:
         16:c9:9a:c8:07:f6:d9:83:54:c6:d1:8e:dd:3a:02:80:ed:13:
         8e:d5:83:60:ee:95:5d:6e:d0:a6:84:cf:8a:c9:4f:35:e7:04:
         e1:27:84:c4:3e:75:23:19:01:3e:36:ee:e7:9c:3c:56:58:1e:
         88:b5:6e:c5:42:e8:7d:f2:ff:76:04:95:f6:d6:65:33:66:bc:
         7c:b0:56:8d:44:b5:02:f1:1b:10:ac:f9:56:e0:7b:79:82:27:
         59:74:ee:93:69:bd:8d:b8:43:d6:16:37:73:09:26:aa:d7:bc:
         d6:e2:ac:42:40:d8:c4:af:66:ed:ad:ee:e0:d6:1b:13:1b:25:
         44:e7:7f:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZp5ndKDbETWeoUbdpMgRGaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODE5OWU4MzQ1NTY3ZDg1MTZiNzg4ZmUyZTFkMzk3ZTI3
YzczYTQwHhcNMjUxMTEyMTk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDU2ODRhNDIyMTBlYzM4ODBkZTIxN2I5NzBjMTBkYmQ4ZGU3YzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOcWvkzcyNh0BDhyTTA1FtrdBIvl
KGMCoEv9cVJxc+OTPFagZtzhV9u49doGTdc0j0nLVL8xlNbKFTk8IchQE+rn+pnp
FAewG8IhlKmOLfB165lPzh1kkEGXoCJqQs3cPliagJw5+6QYmd4gyp9V8LLaEh4M
FYL3iS34Tj8hXlswwdwIm2EprySaUzG3tAg+ReDmBCzH6gnQdMD9DBuv7n2gZPWp
bJ6p0rkNrIwLPyGrZyZzGoKN7XFMnR6l2hn4nLmmkRAWj5JpHMPZwB9c1gKPHH7p
2LU7VMHuvIokwDR5thKkyXNKxt3+BLiG0QtnL6/SkWaGaio+Ge21iyxRfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFERWhKQiEOw4gN4he5cMENvY3nyAMB8GA1UdIwQY
MBaAFP6Bmeg0VWfYUWt4j+Lh05fifHOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQt
ODQwY2NiMzRiM2Y1LzEvUkZhRXBDSVE3RGlBM2lGN2x3d1EyOWplZklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQtODQwY2NiMzRiM2Y1
LzEvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgXpwIIw
DQYJKoZIhvcNAQELBQADggEBAMtG9Pk36rwDxQQdA9HQ2gYllAewn+y4YyHwv+mq
lC3hm5Bx6vjCI0jfjlr9Cbtq1ZwwtRGljW+B3TdVhhu0iEMw0CV2OURrwWtiunMa
ljEa1BUIt+9eDJhWbMLyEYL9VUFQ5YDWLcwFaP5g7efXbFS8mqnOmQ6/6ZTvjWec
fhbJmsgH9tmDVMbRjt06AoDtE47Vg2DulV1u0KaEz4rJTzXnBOEnhMQ+dSMZAT42
7uecPFZYHoi1bsVC6H3y/3YElfbWZTNmvHywVo1EtQLxGxCs+Vbge3mCJ1l07pNp
vY24Q9YWN3MJJqrXvNbirEJA2MSvZu2t7uDWGxMbJUTnf68=
-----END CERTIFICATE-----