This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/rqGjD3vaP5vjh-UbO_Aa0T8TroY.roa
File:                     rqGjD3vaP5vjh-UbO_Aa0T8TroY.roa (raw, json)
Hash identifier:          VMdVXfW1qOZfCDo+olo19jtE9+BYNQ4kPi8z5UP7KV0=
Subject key identifier:   AE:A1:A3:0F:7B:DA:3F:9B:E3:87:E5:1B:3B:F0:1A:D1:3F:13:AE:86
Certificate issuer:       /CN=925069a5d764da255954db2ee9d1243de16b9101
Certificate serial:       019B7EA67FF131BCD88DCA9D039ACA7BFB64
Authority key identifier: 92:50:69:A5:D7:64:DA:25:59:54:DB:2E:E9:D1:24:3D:E1:6B:91:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klBppddk2iVZVNsu6dEkPeFrkQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/rqGjD3vaP5vjh-UbO_Aa0T8TroY.roa
Signing time:             Fri 02 Jan 2026 12:19:59 +0000
ROA not before:           Fri 02 Jan 2026 12:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64398
IP address blocks:        2a0c:b0c6::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/klBppddk2iVZVNsu6dEkPeFrkQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/klBppddk2iVZVNsu6dEkPeFrkQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klBppddk2iVZVNsu6dEkPeFrkQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:7f:f1:31:bc:d8:8d:ca:9d:03:9a:ca:7b:fb:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=925069a5d764da255954db2ee9d1243de16b9101
        Validity
            Not Before: Jan  2 12:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aea1a30f7bda3f9be387e51b3bf01ad13f13ae86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:c2:86:9a:af:dc:7c:61:56:7f:12:20:a1:
                    6d:8d:a2:cb:49:ed:37:eb:39:86:06:89:bc:0d:a1:
                    73:b4:e8:5f:5a:62:cc:a3:28:38:3d:0e:9d:5c:41:
                    46:ec:d0:c4:73:86:f5:53:f1:a3:bf:43:e1:20:6e:
                    e8:ae:ae:9c:11:da:ac:cf:11:3f:e6:16:e8:29:7d:
                    17:e9:91:da:79:99:8b:29:0c:2b:92:c7:be:be:b6:
                    52:d2:be:e9:ec:93:4f:f8:ea:56:c9:61:83:86:59:
                    7b:c9:85:e6:9e:a1:b3:a0:ff:9f:24:4c:c7:10:11:
                    46:ce:db:a3:7a:a3:01:0f:1a:eb:67:4f:f1:81:29:
                    55:11:c2:c0:52:c0:56:ab:75:d1:d7:3e:9b:7e:52:
                    41:58:9d:9d:dd:44:e7:10:a3:1b:d8:fe:74:df:c9:
                    18:0f:d3:d4:1b:f0:b0:f1:5c:9b:98:0d:86:00:51:
                    85:d6:a0:26:67:44:7f:75:11:78:bc:ff:f7:fe:7e:
                    79:43:ab:49:42:07:b7:d2:92:9d:24:30:41:be:af:
                    d2:c5:e0:03:e1:d0:52:26:ab:1f:e5:0d:03:fb:b5:
                    55:df:27:17:ba:12:93:0d:fe:66:9e:51:23:ba:c1:
                    59:75:f1:a9:d4:7d:c8:28:23:09:48:db:c6:ec:8d:
                    ec:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A1:A3:0F:7B:DA:3F:9B:E3:87:E5:1B:3B:F0:1A:D1:3F:13:AE:86
            X509v3 Authority Key Identifier:
                keyid:92:50:69:A5:D7:64:DA:25:59:54:DB:2E:E9:D1:24:3D:E1:6B:91:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klBppddk2iVZVNsu6dEkPeFrkQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/rqGjD3vaP5vjh-UbO_Aa0T8TroY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6788f5-4889-4be7-bb19-a9b8de611a96/1/klBppddk2iVZVNsu6dEkPeFrkQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b0c6::/31

    Signature Algorithm: sha256WithRSAEncryption
         28:b6:e9:4f:a0:0b:d8:48:86:ee:d4:02:aa:41:6c:81:0a:ec:
         42:60:a9:00:cc:27:59:49:7c:69:b9:1e:e6:df:ad:74:69:a0:
         be:41:82:c8:82:94:2d:f6:48:f5:32:13:d2:68:ec:25:e8:e0:
         f7:7b:33:38:b3:a6:fb:7f:92:6f:18:18:f3:be:10:30:37:44:
         78:87:12:0f:ad:f7:37:c9:07:8a:f0:03:9d:fc:18:a3:dc:11:
         00:50:e6:a0:37:f2:6d:ef:aa:8b:33:90:c2:3f:76:4a:d3:e2:
         3f:17:8e:6c:0f:d2:5d:ee:5f:6e:33:1a:b1:51:f4:78:87:fb:
         c1:02:11:96:f3:1d:f4:46:df:b4:0c:50:5e:44:71:1c:87:f6:
         24:b5:8f:f3:9d:57:ea:63:46:98:25:93:c4:2f:d5:ad:69:eb:
         b3:66:89:8f:3b:7f:dc:08:c9:bb:2a:ef:04:bf:d8:bc:b4:8f:
         92:86:ae:9d:c7:47:d7:af:d1:ef:79:b8:7c:64:d6:50:d8:f8:
         9f:d0:25:57:dd:c7:4b:2f:40:54:cf:0b:e7:fc:23:64:1f:8e:
         96:cd:df:c9:cc:1c:ab:49:9e:37:fc:bc:3c:e3:db:28:8d:e2:
         f4:7b:22:c4:c8:89:5f:1e:11:ce:22:ce:45:32:ea:51:cd:ed:
         3b:3b:99:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pn/xMbzYjcqdA5rKe/tkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTA2OWE1ZDc2NGRhMjU1OTU0ZGIyZWU5ZDEyNDNkZTE2
YjkxMDEwHhcNMjYwMTAyMTIxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWExYTMwZjdiZGEzZjliZTM4N2U1MWIzYmYwMWFkMTNmMTNhZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAjChpqv3HxhVn8SIKFtjaLLSe03
6zmGBom8DaFztOhfWmLMoyg4PQ6dXEFG7NDEc4b1U/Gjv0PhIG7orq6cEdqszxE/
5hboKX0X6ZHaeZmLKQwrkse+vrZS0r7p7JNP+OpWyWGDhll7yYXmnqGzoP+fJEzH
EBFGztujeqMBDxrrZ0/xgSlVEcLAUsBWq3XR1z6bflJBWJ2d3UTnEKMb2P5038kY
D9PUG/Cw8VybmA2GAFGF1qAmZ0R/dRF4vP/3/n55Q6tJQge30pKdJDBBvq/SxeAD
4dBSJqsf5Q0D+7VV3ycXuhKTDf5mnlEjusFZdfGp1H3IKCMJSNvG7I3s1QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK6how972j+b44flGzvwGtE/E66GMB8GA1UdIwQY
MBaAFJJQaaXXZNolWVTbLunRJD3ha5EBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xCcHBkZGsyaVZaVk5zdTZkRWtQZUZya1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82Nzg4ZjUtNDg4OS00YmU3LWJiMTkt
YTliOGRlNjExYTk2LzEvcnFHakQzdmFQNXZqaC1VYk9fQWEwVDhUcm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82Nzg4ZjUtNDg4OS00YmU3LWJiMTktYTliOGRlNjExYTk2
LzEva2xCcHBkZGsyaVZaVk5zdTZkRWtQZUZya1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgywxjAN
BgkqhkiG9w0BAQsFAAOCAQEAKLbpT6AL2EiG7tQCqkFsgQrsQmCpAMwnWUl8abke
5t+tdGmgvkGCyIKULfZI9TIT0mjsJejg93szOLOm+3+SbxgY874QMDdEeIcSD633
N8kHivADnfwYo9wRAFDmoDfybe+qizOQwj92StPiPxeObA/SXe5fbjMasVH0eIf7
wQIRlvMd9EbftAxQXkRxHIf2JLWP851X6mNGmCWTxC/VrWnrs2aJjzt/3AjJuyrv
BL/YvLSPkoauncdH16/R73m4fGTWUNj4n9AlV93HSy9AVM8L5/wjZB+Ols3fycwc
q0meN/y8POPbKI3i9HsixMiJXx4RziLORTLqUc3tOzuZnw==
-----END CERTIFICATE-----