This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/vBdouYkRW9ci3JYZ30IDKLuHdds.roa
File:                     vBdouYkRW9ci3JYZ30IDKLuHdds.roa (raw, json)
Hash identifier:          WJUobDpZaCY+TaeHhazACg6LZ8z6jzGQfsE7W/uWZPM=
Subject key identifier:   BC:17:68:B9:89:11:5B:D7:22:DC:96:19:DF:42:03:28:BB:87:75:DB
Certificate issuer:       /CN=70c9d06c51add6829063f1b67b175d0c0001e736
Certificate serial:       019B7D5ABC116C84ED9CD4EC867F5C838FEB
Authority key identifier: 70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/vBdouYkRW9ci3JYZ30IDKLuHdds.roa
Signing time:             Fri 02 Jan 2026 06:17:36 +0000
ROA not before:           Fri 02 Jan 2026 06:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16097
IP address blocks:        2a0b:2400::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:bc:11:6c:84:ed:9c:d4:ec:86:7f:5c:83:8f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70c9d06c51add6829063f1b67b175d0c0001e736
        Validity
            Not Before: Jan  2 06:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc1768b989115bd722dc9619df420328bb8775db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:32:fe:c6:c7:58:89:1c:4d:19:0f:63:92:bc:
                    5d:34:aa:ec:5b:c1:38:90:7f:5a:63:8c:ee:80:62:
                    47:0f:4e:ad:37:7d:c3:54:51:9f:f5:3f:c5:62:22:
                    ae:05:b5:43:8a:c9:44:52:3b:83:b6:45:8e:db:c0:
                    6d:25:4b:a1:59:2e:ce:4f:86:78:e8:d4:40:e2:63:
                    89:f8:5e:32:34:9b:98:b0:84:d1:05:80:82:56:a8:
                    9a:83:b7:c1:d5:fc:93:6f:2a:e8:af:29:c6:21:6b:
                    bf:ff:ef:81:81:3d:47:3d:8b:82:26:86:e3:2c:a8:
                    bc:02:31:20:b9:bb:dd:63:95:1e:fb:05:d0:0d:ba:
                    db:c1:98:24:86:1c:57:3b:4c:c2:1c:ae:d5:4c:fc:
                    d3:bd:27:e5:79:16:9d:06:a5:c2:42:50:ac:81:8e:
                    23:29:5f:86:a6:2a:fa:7d:e1:b7:40:f7:6a:39:73:
                    cd:ce:cd:1c:63:ac:f1:44:83:7c:90:c0:30:c3:b5:
                    a7:84:47:86:93:29:cf:92:da:0f:39:1b:42:2f:ac:
                    93:7f:52:72:2b:cd:61:eb:b2:d6:a1:91:64:07:b5:
                    9b:1d:46:70:3f:59:92:91:05:da:ee:ab:d5:91:41:
                    7b:33:aa:a5:c0:47:47:af:f2:45:da:2f:c5:34:22:
                    1d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:17:68:B9:89:11:5B:D7:22:DC:96:19:DF:42:03:28:BB:87:75:DB
            X509v3 Authority Key Identifier:
                keyid:70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/vBdouYkRW9ci3JYZ30IDKLuHdds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2400::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:4d:1f:a5:2d:c4:7b:46:38:ec:c8:11:ef:51:7b:24:7e:94:
         5a:8d:1d:2a:b0:8f:7c:9d:b8:ff:5b:28:e0:48:4f:3f:52:8f:
         a1:9b:9c:26:36:e6:f4:6e:8a:cf:37:56:79:c9:98:70:be:98:
         9e:16:7e:a1:6e:cf:fb:62:e1:0c:c3:3e:a1:d4:89:51:3b:c8:
         c2:f8:4c:c8:d3:da:e9:7b:4a:c6:70:22:a9:a2:a0:f8:92:f5:
         ff:83:a5:ba:31:21:76:f9:29:8b:57:ba:9c:de:3d:a7:f8:73:
         08:fd:be:ac:91:5a:92:90:52:e9:b9:06:59:c8:a1:e0:fc:39:
         5e:4c:b9:26:9f:09:c4:be:5a:89:83:e0:44:fd:b5:aa:b5:23:
         06:f8:d6:02:45:92:52:7e:c9:33:aa:2d:93:cd:a3:9a:4d:8c:
         ab:e3:b6:0e:ad:90:42:43:14:80:c0:e7:75:98:45:2e:16:a3:
         44:ec:70:4f:10:90:1b:be:eb:4a:8a:d9:8f:81:52:cf:3e:b7:
         c7:32:93:1b:f5:28:e4:58:2d:f4:4a:14:7f:bd:48:89:7f:a0:
         5b:11:02:0f:88:39:29:49:de:f9:d9:55:6b:c7:e7:04:29:63:
         cf:c8:a8:06:b6:2e:53:60:38:83:27:56:74:6a:64:0b:79:4b:
         22:2f:50:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9WrwRbITtnNTshn9cg4/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYzlkMDZjNTFhZGQ2ODI5MDYzZjFiNjdiMTc1ZDBjMDAw
MWU3MzYwHhcNMjYwMTAyMDYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE3NjhiOTg5MTE1YmQ3MjJkYzk2MTlkZjQyMDMyOGJiODc3NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8TL+xsdYiRxNGQ9jkrxdNKrsW8E4
kH9aY4zugGJHD06tN33DVFGf9T/FYiKuBbVDislEUjuDtkWO28BtJUuhWS7OT4Z4
6NRA4mOJ+F4yNJuYsITRBYCCVqiag7fB1fyTbyrorynGIWu//++BgT1HPYuCJobj
LKi8AjEgubvdY5Ue+wXQDbrbwZgkhhxXO0zCHK7VTPzTvSfleRadBqXCQlCsgY4j
KV+Gpir6feG3QPdqOXPNzs0cY6zxRIN8kMAww7WnhEeGkynPktoPORtCL6yTf1Jy
K81h67LWoZFkB7WbHUZwP1mSkQXa7qvVkUF7M6qlwEdHr/JF2i/FNCIdXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLwXaLmJEVvXItyWGd9CAyi7h3XbMB8GA1UdIwQY
MBaAFHDJ0GxRrdaCkGPxtnsXXQwAAec2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEt
NWQzYTg2NDk0Nzc1LzEvdkJkb3VZa1JXOWNpM0pZWjMwSURLTHVIZGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEtNWQzYTg2NDk0Nzc1
LzEvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgskADAN
BgkqhkiG9w0BAQsFAAOCAQEAgk0fpS3Ee0Y47MgR71F7JH6UWo0dKrCPfJ24/1so
4EhPP1KPoZucJjbm9G6KzzdWecmYcL6YnhZ+oW7P+2LhDMM+odSJUTvIwvhMyNPa
6XtKxnAiqaKg+JL1/4OlujEhdvkpi1e6nN49p/hzCP2+rJFakpBS6bkGWcih4Pw5
Xky5Jp8JxL5aiYPgRP21qrUjBvjWAkWSUn7JM6otk82jmk2Mq+O2Dq2QQkMUgMDn
dZhFLhajROxwTxCQG77rSorZj4FSzz63xzKTG/Uo5Fgt9EoUf71IiX+gWxECD4g5
KUne+dlVa8fnBCljz8ioBrYuU2A4gydWdGpkC3lLIi9QBA==
-----END CERTIFICATE-----