This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/JKSn3ivcD7ulcEDYFnAk6kK8JVE.roa
File:                     JKSn3ivcD7ulcEDYFnAk6kK8JVE.roa (raw, json)
Hash identifier:          Y5qnFyuoFbYoSj1p2Mc4Ujlrd4TbP66nKsTT70JVghI=
Subject key identifier:   24:A4:A7:DE:2B:DC:0F:BB:A5:70:40:D8:16:70:24:EA:42:BC:25:51
Certificate issuer:       /CN=291f0b73e67d63c5a4c9046814166a9e21625f28
Certificate serial:       019B7A5B48073EA9429672FB3EE81278F3FA
Authority key identifier: 29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/JKSn3ivcD7ulcEDYFnAk6kK8JVE.roa
Signing time:             Thu 01 Jan 2026 16:19:21 +0000
ROA not before:           Thu 01 Jan 2026 16:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200747
IP address blocks:        2a04:5d00:10::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:48:07:3e:a9:42:96:72:fb:3e:e8:12:78:f3:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291f0b73e67d63c5a4c9046814166a9e21625f28
        Validity
            Not Before: Jan  1 16:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24a4a7de2bdc0fbba57040d8167024ea42bc2551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:98:81:66:b5:bf:37:2f:53:90:90:ee:72:7b:
                    52:8a:eb:78:6e:80:0c:c6:07:b1:0a:57:eb:19:61:
                    22:3d:b3:91:a6:43:26:22:ae:1d:1c:67:4f:56:c4:
                    90:06:56:32:50:e9:3c:69:0c:44:bc:96:3a:9b:92:
                    fa:b9:e2:79:ce:74:ee:0b:65:1f:fd:23:28:50:16:
                    55:2b:05:91:18:08:ea:f4:bd:62:80:16:63:c5:18:
                    c8:d8:bd:58:60:88:77:ea:dd:74:d0:0d:00:c4:40:
                    29:7d:cb:0b:66:6c:c6:06:f6:c6:04:ea:94:51:f9:
                    d2:81:2b:74:f1:20:41:74:d0:d9:0f:d1:6f:c2:1d:
                    fe:01:72:ce:e5:51:89:a2:2b:b5:24:5e:95:cb:a3:
                    eb:75:95:0a:4f:d1:73:a1:b2:bc:ed:96:2c:1d:4f:
                    57:85:4b:a7:a5:7c:30:b0:9b:7e:2a:fd:6e:07:b3:
                    8a:4b:d3:45:0d:00:1e:53:2f:c2:95:1e:5d:c3:37:
                    e7:d4:73:d2:53:7e:da:6c:ca:c1:18:56:b7:a6:93:
                    01:5c:bd:41:c9:97:2c:dd:a1:b4:7d:26:12:aa:30:
                    ee:76:8f:f7:47:3e:4d:1d:25:fe:2a:ff:a2:93:28:
                    76:87:e1:0a:2c:c5:78:1d:11:1f:c8:11:91:be:0b:
                    8f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A4:A7:DE:2B:DC:0F:BB:A5:70:40:D8:16:70:24:EA:42:BC:25:51
            X509v3 Authority Key Identifier:
                keyid:29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/JKSn3ivcD7ulcEDYFnAk6kK8JVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5d00:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:2a:5b:d0:b5:b9:21:7f:b5:d5:13:ab:2c:ba:eb:e2:19:93:
         5d:ae:7c:e0:dd:3f:94:f9:77:0c:d8:56:46:6f:e1:f5:ad:6d:
         23:4d:ca:2b:4f:16:45:6e:da:a6:c2:f3:ea:41:bb:58:a8:9c:
         3b:cc:20:df:f3:16:f0:f9:5e:02:10:b3:c7:c4:3f:61:ec:29:
         86:bc:0b:03:fa:bc:e1:be:12:bc:63:64:c6:d0:cb:95:2a:04:
         f1:61:30:56:73:9c:07:8e:b0:6d:6f:2b:01:3c:d4:41:d6:f0:
         22:fc:98:29:6c:b4:ef:25:fe:35:d6:a5:32:84:76:f6:ec:10:
         6a:cd:83:9e:7e:ac:b9:26:1e:a3:a1:51:89:c4:93:19:b7:d4:
         de:e2:e8:2e:dc:85:ae:66:76:b4:d9:47:d6:0a:ed:b8:7e:42:
         54:29:17:60:01:45:ba:1b:48:c9:11:15:73:6e:df:3b:ab:52:
         b5:4a:dc:6e:67:75:14:e7:c5:4c:28:a3:72:f1:4d:b9:a7:bf:
         db:44:90:5a:cd:ae:ca:01:8c:3e:1b:ce:87:45:e6:88:90:f2:
         ce:5c:02:ad:36:84:71:71:fd:5b:16:36:20:a7:ee:1e:6c:e8:
         54:b7:27:f0:4d:b0:c2:76:c7:9c:28:5f:65:22:68:6d:25:81:
         d2:5b:9f:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6W0gHPqlClnL7PugSePP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWYwYjczZTY3ZDYzYzVhNGM5MDQ2ODE0MTY2YTllMjE2
MjVmMjgwHhcNMjYwMTAxMTYxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGE0YTdkZTJiZGMwZmJiYTU3MDQwZDgxNjcwMjRlYTQyYmMyNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JiBZrW/Ny9TkJDucntSiut4boAM
xgexClfrGWEiPbORpkMmIq4dHGdPVsSQBlYyUOk8aQxEvJY6m5L6ueJ5znTuC2Uf
/SMoUBZVKwWRGAjq9L1igBZjxRjI2L1YYIh36t100A0AxEApfcsLZmzGBvbGBOqU
UfnSgSt08SBBdNDZD9Fvwh3+AXLO5VGJoiu1JF6Vy6PrdZUKT9FzobK87ZYsHU9X
hUunpXwwsJt+Kv1uB7OKS9NFDQAeUy/ClR5dwzfn1HPSU37abMrBGFa3ppMBXL1B
yZcs3aG0fSYSqjDudo/3Rz5NHSX+Kv+ikyh2h+EKLMV4HREfyBGRvguPfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCSkp94r3A+7pXBA2BZwJOpCvCVRMB8GA1UdIwQY
MBaAFCkfC3PmfWPFpMkEaBQWap4hYl8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQt
MzhlZThmZDY0ZTdkLzEvSktTbjNpdmNEN3VsY0VEWUZuQWs2a0s4SlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQtMzhlZThmZDY0ZTdk
LzEvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgRdAAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAEKlvQtbkhf7XVE6ssuuviGZNdrnzg3T+U+XcM
2FZGb+H1rW0jTcorTxZFbtqmwvPqQbtYqJw7zCDf8xbw+V4CELPHxD9h7CmGvAsD
+rzhvhK8Y2TG0MuVKgTxYTBWc5wHjrBtbysBPNRB1vAi/JgpbLTvJf411qUyhHb2
7BBqzYOefqy5Jh6joVGJxJMZt9Te4ugu3IWuZna02UfWCu24fkJUKRdgAUW6G0jJ
ERVzbt87q1K1StxuZ3UU58VMKKNy8U25p7/bRJBaza7KAYw+G86HReaIkPLOXAKt
NoRxcf1bFjYgp+4ebOhUtyfwTbDCdsecKF9lImhtJYHSW58K
-----END CERTIFICATE-----