This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/z_44jtrGJfD6zh9PidW-GJCCXns.roa
File:                     z_44jtrGJfD6zh9PidW-GJCCXns.roa (raw, json)
Hash identifier:          wkQhSLVYP9oo4jjQ5UZW99eD0rUSG+lto+V5IH7d35w=
Subject key identifier:   CF:FE:38:8E:DA:C6:25:F0:FA:CE:1F:4F:89:D5:BE:18:90:82:5E:7B
Certificate issuer:       /CN=98699e00c11751d01b35e35fc0297da26eac79ea
Certificate serial:       019B7E3787B399E5D1970265274545ABC2C8
Authority key identifier: 98:69:9E:00:C1:17:51:D0:1B:35:E3:5F:C0:29:7D:A2:6E:AC:79:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGmeAMEXUdAbNeNfwCl9om6seeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/z_44jtrGJfD6zh9PidW-GJCCXns.roa
Signing time:             Fri 02 Jan 2026 10:18:47 +0000
ROA not before:           Fri 02 Jan 2026 10:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47430
IP address blocks:        2a01:ed00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/mGmeAMEXUdAbNeNfwCl9om6seeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/mGmeAMEXUdAbNeNfwCl9om6seeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGmeAMEXUdAbNeNfwCl9om6seeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:87:b3:99:e5:d1:97:02:65:27:45:45:ab:c2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98699e00c11751d01b35e35fc0297da26eac79ea
        Validity
            Not Before: Jan  2 10:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cffe388edac625f0face1f4f89d5be1890825e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a0:89:10:05:30:55:a8:75:9a:e7:68:55:bd:
                    58:90:ca:4c:20:be:57:b4:0c:ce:dc:49:83:70:29:
                    9e:df:60:86:64:e2:4c:f2:e2:a6:c3:8c:f8:22:6b:
                    db:3c:49:da:e3:93:d8:2c:0a:07:83:68:60:81:9c:
                    3d:4d:bf:9b:6c:43:fa:57:85:f9:5f:59:a5:6e:10:
                    b6:e1:39:1f:1c:1c:43:6f:ec:5e:4b:ee:28:2b:d3:
                    f5:6d:8c:8b:89:c7:85:36:48:05:52:53:01:8b:b3:
                    c9:9b:5d:3e:31:18:c3:99:f3:84:4b:ad:d9:41:d9:
                    52:f6:9e:61:8d:98:2b:3d:80:e7:8d:05:04:2f:b2:
                    c6:98:3e:da:61:22:32:8b:7e:b9:94:2b:68:15:27:
                    2c:25:e8:d0:80:12:ad:77:c1:b0:59:3c:3f:8c:f1:
                    20:a9:7e:bc:eb:49:69:07:c9:6c:ba:5a:41:6a:72:
                    ac:c1:29:46:cf:b6:ba:0c:e9:72:c9:f1:bf:73:c0:
                    f5:73:07:d2:87:42:08:c4:d8:65:e9:15:80:09:64:
                    a8:3f:95:eb:d3:61:af:f0:e3:bb:2b:ef:cf:c7:2b:
                    d7:75:6d:50:c7:17:01:a7:71:44:78:98:94:b6:46:
                    37:95:6c:e6:8a:bb:e0:8d:dc:9c:f2:c3:04:6c:af:
                    2e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FE:38:8E:DA:C6:25:F0:FA:CE:1F:4F:89:D5:BE:18:90:82:5E:7B
            X509v3 Authority Key Identifier:
                keyid:98:69:9E:00:C1:17:51:D0:1B:35:E3:5F:C0:29:7D:A2:6E:AC:79:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGmeAMEXUdAbNeNfwCl9om6seeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/z_44jtrGJfD6zh9PidW-GJCCXns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1d4596-6ae3-480e-ad16-76151bb9719d/1/mGmeAMEXUdAbNeNfwCl9om6seeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ed00::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:5e:50:3c:22:b6:6c:2b:72:20:ea:8f:46:6c:77:4f:bb:db:
         cd:9a:7f:f3:b0:e2:ce:f8:98:cf:d8:cf:53:71:7c:2d:f6:80:
         23:ed:35:76:00:32:89:78:2a:07:b9:4e:03:df:25:d4:45:0d:
         4b:39:a9:60:b7:73:82:5a:4c:5b:4e:4e:52:a5:d4:fc:ad:7f:
         10:1a:69:f8:77:3f:46:88:a2:13:ee:b5:68:2d:2e:67:72:8d:
         9c:d9:32:b1:93:e3:30:6c:0e:b4:c7:d6:7a:1f:57:15:ae:60:
         0a:09:6d:93:39:41:26:84:8d:0d:14:4e:f4:04:ab:08:f2:3f:
         e0:84:99:df:cd:31:43:53:a4:35:b0:c4:f5:30:a4:db:e3:42:
         a7:ce:80:ca:89:b9:97:ac:8e:02:96:ea:ad:f1:51:dc:0e:25:
         c7:e8:9e:c0:03:ef:ad:0e:ed:11:94:ea:4e:4f:fa:97:7f:f3:
         59:ee:cb:62:ff:eb:65:dc:fe:74:c5:ab:19:7c:2f:65:c6:d7:
         20:cc:61:05:7c:f1:68:3a:ed:6f:e6:40:e5:a2:8a:5a:fb:f0:
         a2:86:e6:bc:84:fa:9f:7c:15:53:4d:85:3f:a4:de:52:28:68:
         58:ac:5c:84:96:24:5e:50:36:f0:00:07:3e:16:fa:6d:ee:5f:
         b0:34:95:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+N4ezmeXRlwJlJ0VFq8LIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4Njk5ZTAwYzExNzUxZDAxYjM1ZTM1ZmMwMjk3ZGEyNmVh
Yzc5ZWEwHhcNMjYwMTAyMTAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZlMzg4ZWRhYzYyNWYwZmFjZTFmNGY4OWQ1YmUxODkwODI1ZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KCJEAUwVah1mudoVb1YkMpMIL5X
tAzO3EmDcCme32CGZOJM8uKmw4z4ImvbPEna45PYLAoHg2hggZw9Tb+bbEP6V4X5
X1mlbhC24TkfHBxDb+xeS+4oK9P1bYyLiceFNkgFUlMBi7PJm10+MRjDmfOES63Z
QdlS9p5hjZgrPYDnjQUEL7LGmD7aYSIyi365lCtoFScsJejQgBKtd8GwWTw/jPEg
qX6860lpB8lsulpBanKswSlGz7a6DOlyyfG/c8D1cwfSh0IIxNhl6RWACWSoP5Xr
02Gv8OO7K+/PxyvXdW1QxxcBp3FEeJiUtkY3lWzmirvgjdyc8sMEbK8uTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM/+OI7axiXw+s4fT4nVvhiQgl57MB8GA1UdIwQY
MBaAFJhpngDBF1HQGzXjX8ApfaJurHnqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdtZUFNRVhVZEFiTmVOZndDbDlvbTZzZWVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8xZDQ1OTYtNmFlMy00ODBlLWFkMTYt
NzYxNTFiYjk3MTlkLzEvel80NGp0ckdKZkQ2emg5UGlkVy1HSkNDWG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8xZDQ1OTYtNmFlMy00ODBlLWFkMTYtNzYxNTFiYjk3MTlk
LzEvbUdtZUFNRVhVZEFiTmVOZndDbDlvbTZzZWVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHtADAN
BgkqhkiG9w0BAQsFAAOCAQEANV5QPCK2bCtyIOqPRmx3T7vbzZp/87DizviYz9jP
U3F8LfaAI+01dgAyiXgqB7lOA98l1EUNSzmpYLdzglpMW05OUqXU/K1/EBpp+Hc/
RoiiE+61aC0uZ3KNnNkysZPjMGwOtMfWeh9XFa5gCgltkzlBJoSNDRRO9ASrCPI/
4ISZ380xQ1OkNbDE9TCk2+NCp86Ayom5l6yOApbqrfFR3A4lx+iewAPvrQ7tEZTq
Tk/6l3/zWe7LYv/rZdz+dMWrGXwvZcbXIMxhBXzxaDrtb+ZA5aKKWvvwoobmvIT6
n3wVU02FP6TeUihoWKxchJYkXlA28AAHPhb6be5fsDSVww==
-----END CERTIFICATE-----