This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/iiLRQTaQQ6IVIkbg2il6ZXlFwVQ.roa
File:                     iiLRQTaQQ6IVIkbg2il6ZXlFwVQ.roa (raw, json)
Hash identifier:          tutx4i5TMPBaqEME1ocqA/S91MUf42k0v3h4figQjcs=
Subject key identifier:   8A:22:D1:41:36:90:43:A2:15:22:46:E0:DA:29:7A:65:79:45:C1:54
Certificate issuer:       /CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
Certificate serial:       019B7E38019218DF06295E69550F1F77E781
Authority key identifier: 78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/iiLRQTaQQ6IVIkbg2il6ZXlFwVQ.roa
Signing time:             Fri 02 Jan 2026 10:19:18 +0000
ROA not before:           Fri 02 Jan 2026 10:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48329
IP address blocks:        2a10:9640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:01:92:18:df:06:29:5e:69:55:0f:1f:77:e7:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
        Validity
            Not Before: Jan  2 10:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a22d141369043a2152246e0da297a657945c154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f8:13:ad:7a:22:87:63:bc:1f:0b:ec:a4:18:
                    30:09:32:24:66:57:b0:93:28:27:ca:75:db:14:20:
                    6d:fa:56:46:0c:04:72:bb:f2:1b:13:3c:6c:83:80:
                    42:f8:2a:20:c2:e4:ba:fa:b2:57:58:05:11:df:87:
                    e0:8d:59:30:d5:ba:bd:e7:3f:b7:3e:37:e8:ce:3c:
                    ff:be:02:07:a3:29:9a:71:5f:5c:f9:ef:7f:e1:d1:
                    fe:92:4c:1c:94:de:32:48:69:ba:80:85:eb:75:bd:
                    1e:05:3d:74:8a:c1:e0:5b:a8:fa:fd:8f:06:29:13:
                    7a:67:58:33:b2:f5:eb:cb:87:f5:29:65:38:96:63:
                    df:39:35:74:05:24:72:77:72:25:04:3f:1d:80:c7:
                    63:a5:0a:23:1b:60:a5:01:93:45:a5:f0:12:9d:d4:
                    73:6f:dd:61:11:b2:b5:21:fa:ed:b6:af:f2:bc:da:
                    3d:9e:1d:15:e6:23:8c:f4:b1:be:ef:98:06:b4:a6:
                    85:d4:2a:37:ba:19:07:74:47:a8:35:9a:2a:b7:bc:
                    52:0d:65:fd:8c:c8:81:0e:71:5b:11:af:df:7a:ef:
                    a7:75:9e:1c:98:92:9f:82:43:13:25:fb:f4:4a:7b:
                    27:00:8f:e6:86:b4:1f:70:8f:5d:7b:0b:e8:bc:d8:
                    75:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:22:D1:41:36:90:43:A2:15:22:46:E0:DA:29:7A:65:79:45:C1:54
            X509v3 Authority Key Identifier:
                keyid:78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/iiLRQTaQQ6IVIkbg2il6ZXlFwVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9640::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:9c:94:6d:a9:52:87:f2:88:63:e8:f0:f7:be:ce:7e:64:b6:
         68:d1:31:fb:9e:92:fb:e7:64:c3:a9:b9:1d:78:f0:cc:57:c0:
         40:ad:f7:b1:fe:6f:62:69:c1:b7:03:a2:f6:eb:4b:33:5e:dd:
         8d:e3:01:e7:34:98:4d:6e:bc:b2:8f:8d:96:db:07:e4:23:49:
         e0:af:ed:be:4b:fd:4e:cf:14:61:a8:99:7b:ef:79:cf:c4:63:
         ba:a3:cb:89:c7:e9:29:4a:2c:b4:37:fe:cd:8a:b6:c5:11:1c:
         e6:77:e3:cb:a7:04:91:de:af:7d:da:bf:1d:46:6c:3b:a1:3d:
         cd:76:f3:4f:ce:4d:1a:2b:25:3e:55:0c:13:04:2c:10:95:1e:
         86:af:a9:7f:02:a6:55:0d:88:e5:ed:37:54:b0:87:a8:78:39:
         d0:44:f9:bb:d0:1d:2d:a9:02:20:b5:85:df:d0:a5:30:fb:34:
         25:17:ad:d7:46:89:87:83:67:f6:82:80:19:4a:1a:aa:b4:c6:
         02:4c:50:e2:2b:90:c8:d2:fb:29:08:7e:31:b0:cb:98:9c:f9:
         e9:91:c3:54:6c:77:dc:61:00:bc:22:5d:17:a9:4a:9c:ea:31:
         c4:87:5a:c3:2c:e8:fa:f3:d1:c6:f9:a7:b0:d1:0f:bc:2d:4f:
         ac:c3:ca:8f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+OAGSGN8GKV5pVQ8fd+eBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NTg0MGUzYTBmMDQ3NGE0YWNjZTQ1ZWQ1ZmM5Y2ZmNzc4
NThkOTMwHhcNMjYwMTAyMTAxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIyZDE0MTM2OTA0M2EyMTUyMjQ2ZTBkYTI5N2E2NTc5NDVjMTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfgTrXoih2O8HwvspBgwCTIkZlew
kygnynXbFCBt+lZGDARyu/IbEzxsg4BC+CogwuS6+rJXWAUR34fgjVkw1bq95z+3
Pjfozjz/vgIHoymacV9c+e9/4dH+kkwclN4ySGm6gIXrdb0eBT10isHgW6j6/Y8G
KRN6Z1gzsvXry4f1KWU4lmPfOTV0BSRyd3IlBD8dgMdjpQojG2ClAZNFpfASndRz
b91hEbK1Ifrttq/yvNo9nh0V5iOM9LG+75gGtKaF1Co3uhkHdEeoNZoqt7xSDWX9
jMiBDnFbEa/feu+ndZ4cmJKfgkMTJfv0SnsnAI/mhrQfcI9dewvovNh1fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIoi0UE2kEOiFSJG4NopemV5RcFUMB8GA1UdIwQY
MBaAFHhYQOOg8EdKSszkXtX8nP93hY2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzIt
ZmFmYjEyYTE2YzMxLzEvaWlMUlFUYVFRNklWSWtiZzJpbDZaWGxGd1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzItZmFmYjEyYTE2YzMx
LzEvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCWQDAN
BgkqhkiG9w0BAQsFAAOCAQEAZJyUbalSh/KIY+jw977OfmS2aNEx+56S++dkw6m5
HXjwzFfAQK33sf5vYmnBtwOi9utLM17djeMB5zSYTW68so+NltsH5CNJ4K/tvkv9
Ts8UYaiZe+95z8RjuqPLicfpKUostDf+zYq2xREc5nfjy6cEkd6vfdq/HUZsO6E9
zXbzT85NGislPlUMEwQsEJUehq+pfwKmVQ2I5e03VLCHqHg50ET5u9AdLakCILWF
39ClMPs0JRet10aJh4Nn9oKAGUoaqrTGAkxQ4iuQyNL7KQh+MbDLmJz56ZHDVGx3
3GEAvCJdF6lKnOoxxIdawyzo+vPRxvmnsNEPvC1PrMPKjw==
-----END CERTIFICATE-----