This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/bY71skCcBRy3_7E1b-YloIxj3EI.roa
File:                     bY71skCcBRy3_7E1b-YloIxj3EI.roa (raw, json)
Hash identifier:          wz4302B/D0gTMZmb2I2/ICofgsbTDyh3vJJUmvhGTb4=
Subject key identifier:   6D:8E:F5:B2:40:9C:05:1C:B7:FF:B1:35:6F:E6:25:A0:8C:63:DC:42
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019B77C76647C0E50C11209B8714A22602A1
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/bY71skCcBRy3_7E1b-YloIxj3EI.roa
Signing time:             Thu 01 Jan 2026 04:18:35 +0000
ROA not before:           Thu 01 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        2a11:b687::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:66:47:c0:e5:0c:11:20:9b:87:14:a2:26:02:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jan  1 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d8ef5b2409c051cb7ffb1356fe625a08c63dc42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:4f:11:dd:a7:0e:d7:34:9b:8c:08:3e:d8:72:
                    45:77:74:60:47:64:d0:b3:6c:13:ab:1a:47:9d:c7:
                    b8:15:f0:c2:01:46:a8:5c:f8:1c:e8:9b:fe:44:79:
                    52:f9:a7:20:06:a5:58:25:62:dc:ab:79:57:db:05:
                    93:71:b5:8e:94:48:e6:28:0b:f5:33:09:c6:7e:b4:
                    85:25:65:64:78:93:63:d7:65:37:e7:30:42:50:b2:
                    57:c5:60:e8:8c:5f:5d:ff:70:b4:78:37:18:29:95:
                    d1:5f:f6:d8:8c:d7:d3:66:9a:0b:de:01:ee:b8:e5:
                    fb:e0:c0:78:22:af:08:ae:61:de:29:4a:55:d3:32:
                    be:c8:7a:a1:a0:31:89:9d:ec:b0:2c:bb:32:11:eb:
                    dd:19:66:21:cf:64:85:1e:6e:4d:6a:bc:e4:b9:0d:
                    aa:b1:1a:7e:17:1a:53:02:12:1e:ec:a1:45:dd:b6:
                    ae:81:d3:51:9c:bd:44:49:f8:eb:2a:b0:05:f0:d1:
                    7b:0f:35:db:e0:1b:91:02:4e:6a:93:12:9f:fd:b9:
                    ef:c3:b3:39:5c:30:23:60:4a:e9:c5:72:0e:bd:b6:
                    3d:af:06:32:a6:b8:39:f9:56:95:54:07:0f:28:1c:
                    14:88:f3:f0:c0:81:ed:59:f2:17:ee:2a:f8:97:ea:
                    14:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:8E:F5:B2:40:9C:05:1C:B7:FF:B1:35:6F:E6:25:A0:8C:63:DC:42
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/bY71skCcBRy3_7E1b-YloIxj3EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b687::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:be:9e:2f:a9:91:ea:81:76:2d:8b:6a:c7:b4:e3:b0:d6:56:
         d5:76:03:2e:92:49:d6:5a:3e:51:fe:87:25:22:e3:03:b3:b4:
         22:1b:94:69:cb:57:be:f1:a6:d6:1c:ae:ef:80:e8:32:70:43:
         13:fb:53:f4:d4:c6:3e:e3:34:4f:05:a4:62:b1:e6:b6:e5:20:
         28:a7:63:2f:96:da:16:15:11:70:fb:78:85:d0:74:0f:36:5f:
         0e:6c:e7:50:4e:fb:80:bc:4c:00:ea:72:d4:5d:3e:75:59:e5:
         9f:6c:c4:90:0a:a0:32:7b:8b:57:86:cf:e5:d8:7e:3d:9d:4a:
         7a:c6:94:08:bb:34:76:19:27:66:7c:9f:99:f4:b9:2d:7f:66:
         da:02:c3:69:a7:fe:92:9c:ac:74:63:98:55:16:31:2d:ed:9e:
         6b:5e:14:af:d3:ae:25:a0:09:87:58:55:be:48:49:f7:85:48:
         24:75:0c:c2:4e:6e:18:a6:e9:f5:ca:6b:f7:25:97:80:5e:7d:
         05:d0:70:16:e6:34:81:5f:9f:a1:0b:d5:19:55:fc:c1:e0:cb:
         69:69:a2:b8:3a:ec:71:be:b3:62:f8:21:86:0c:87:54:f6:59:
         f4:15:4e:28:74:be:a1:39:0c:3e:cd:ce:9a:41:4b:3f:1d:0a:
         57:3f:aa:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3x2ZHwOUMESCbhxSiJgKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMTAxMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDhlZjViMjQwOWMwNTFjYjdmZmIxMzU2ZmU2MjVhMDhjNjNkYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk8R3acO1zSbjAg+2HJFd3RgR2TQ
s2wTqxpHnce4FfDCAUaoXPgc6Jv+RHlS+acgBqVYJWLcq3lX2wWTcbWOlEjmKAv1
MwnGfrSFJWVkeJNj12U35zBCULJXxWDojF9d/3C0eDcYKZXRX/bYjNfTZpoL3gHu
uOX74MB4Iq8IrmHeKUpV0zK+yHqhoDGJneywLLsyEevdGWYhz2SFHm5NarzkuQ2q
sRp+FxpTAhIe7KFF3baugdNRnL1ESfjrKrAF8NF7DzXb4BuRAk5qkxKf/bnvw7M5
XDAjYErpxXIOvbY9rwYyprg5+VaVVAcPKBwUiPPwwIHtWfIX7ir4l+oU2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG2O9bJAnAUct/+xNW/mJaCMY9xCMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvYlk3MXNrQ2NCUnkzXzdFMWItWWxvSXhqM0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhG2hzAN
BgkqhkiG9w0BAQsFAAOCAQEAYr6eL6mR6oF2LYtqx7TjsNZW1XYDLpJJ1lo+Uf6H
JSLjA7O0IhuUactXvvGm1hyu74DoMnBDE/tT9NTGPuM0TwWkYrHmtuUgKKdjL5ba
FhURcPt4hdB0DzZfDmznUE77gLxMAOpy1F0+dVnln2zEkAqgMnuLV4bP5dh+PZ1K
esaUCLs0dhknZnyfmfS5LX9m2gLDaaf+kpysdGOYVRYxLe2ea14Ur9OuJaAJh1hV
vkhJ94VIJHUMwk5uGKbp9cpr9yWXgF59BdBwFuY0gV+foQvVGVX8weDLaWmiuDrs
cb6zYvghhgyHVPZZ9BVOKHS+oTkMPs3OmkFLPx0KVz+qnw==
-----END CERTIFICATE-----