This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/l17vdHF4x4HHoIdKAxBn3NY8F0c.roa
File:                     l17vdHF4x4HHoIdKAxBn3NY8F0c.roa (raw, json)
Hash identifier:          RAFi309N00rxNtnf9we0njxeYbrg65eo2Zw5ZnR4sRY=
Subject key identifier:   97:5E:EF:74:71:78:C7:81:C7:A0:87:4A:03:10:67:DC:D6:3C:17:47
Certificate issuer:       /CN=f03ed4fedf56d0b02b172c8f89ec376510cd3174
Certificate serial:       019B7EA67CD0D54B6A232D4E1710C0B908B3
Authority key identifier: F0:3E:D4:FE:DF:56:D0:B0:2B:17:2C:8F:89:EC:37:65:10:CD:31:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/l17vdHF4x4HHoIdKAxBn3NY8F0c.roa
Signing time:             Fri 02 Jan 2026 12:19:58 +0000
ROA not before:           Fri 02 Jan 2026 12:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        2a14:34c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:7c:d0:d5:4b:6a:23:2d:4e:17:10:c0:b9:08:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f03ed4fedf56d0b02b172c8f89ec376510cd3174
        Validity
            Not Before: Jan  2 12:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=975eef747178c781c7a0874a031067dcd63c1747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3b:ee:7d:22:c5:1c:87:d7:25:23:1b:8b:60:
                    e3:7c:e9:01:6c:02:f9:7f:da:bc:bc:ac:8c:d6:73:
                    c8:14:34:42:4a:35:9a:18:e7:26:28:81:57:9e:fb:
                    f8:b7:c6:b0:9c:1e:a5:ba:b8:ef:82:68:60:a7:49:
                    31:09:0d:c1:cb:44:c2:db:f7:ec:3b:08:5f:48:c5:
                    d6:e3:f3:84:6d:06:f3:7f:9f:b1:97:37:8f:29:c4:
                    26:fb:24:55:de:0d:da:00:f6:cf:23:ef:db:b1:c2:
                    e7:2f:77:d7:95:91:60:7d:af:09:56:ca:fa:4c:d5:
                    23:ca:9b:57:ed:ba:da:65:b3:0c:94:60:3b:97:21:
                    8b:89:b8:ae:a2:c2:35:06:db:1a:3f:ac:85:c0:b4:
                    9a:99:90:a7:e8:42:5b:3d:e6:e1:75:2e:ec:0f:d3:
                    30:a1:9b:5d:dd:95:31:11:6c:71:7a:44:e9:d0:bc:
                    a5:64:ed:d0:4b:55:a3:4a:c1:96:36:a5:3e:ab:f9:
                    ff:b5:12:a1:8f:8f:fb:a6:14:4c:8b:3c:7c:86:dc:
                    b9:f9:50:ce:92:ce:23:de:b4:d0:9a:6a:2c:df:d5:
                    61:99:b9:0e:66:ad:a5:a8:67:fb:28:eb:ae:f8:51:
                    85:82:46:1a:c7:86:ce:e4:a2:91:ed:c5:01:38:d8:
                    62:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:5E:EF:74:71:78:C7:81:C7:A0:87:4A:03:10:67:DC:D6:3C:17:47
            X509v3 Authority Key Identifier:
                keyid:F0:3E:D4:FE:DF:56:D0:B0:2B:17:2C:8F:89:EC:37:65:10:CD:31:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/l17vdHF4x4HHoIdKAxBn3NY8F0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:bf:9d:0d:95:4f:e7:17:fc:23:59:eb:49:e0:b3:c5:b3:16:
         b0:7e:46:52:e8:5e:4a:42:e2:de:1e:78:a3:c9:fd:f5:aa:e3:
         d3:3b:c0:b6:83:bd:95:a1:5e:ce:92:60:7c:a9:93:4b:f7:6c:
         15:18:3b:6c:31:f6:60:6b:93:fd:1c:8f:b1:eb:96:5b:7a:d1:
         71:9d:5d:8a:41:95:25:a9:26:b2:90:a2:39:cb:3f:83:2e:cb:
         ea:1c:28:6a:53:52:d6:73:6b:52:65:08:b7:ff:d6:df:47:f6:
         44:32:b1:b1:d1:4c:46:54:31:a6:42:fe:52:6c:21:17:0c:97:
         96:b8:b0:66:7d:30:2a:81:e6:64:88:53:0b:dc:0d:36:24:77:
         ba:dd:09:9c:4a:83:26:d9:b2:d3:0b:cc:c9:2a:07:37:f0:c8:
         86:f8:aa:87:81:ed:89:3d:20:f2:e5:3b:79:b9:cb:ce:c5:4d:
         8d:3b:4f:a8:0b:8b:83:26:7d:11:46:01:87:96:04:25:3a:e3:
         d6:0b:b9:14:b9:08:e0:33:99:26:46:83:ba:2d:9c:6b:f9:53:
         c2:39:98:a2:24:a5:5c:e1:1e:60:8a:49:c0:a8:95:71:6e:2e:
         11:65:5f:00:94:6f:5f:b5:c1:21:ce:0c:9a:4b:51:f6:97:45:
         a4:57:41:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pnzQ1UtqIy1OFxDAuQizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwM2VkNGZlZGY1NmQwYjAyYjE3MmM4Zjg5ZWMzNzY1MTBj
ZDMxNzQwHhcNMjYwMTAyMTIxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzVlZWY3NDcxNzhjNzgxYzdhMDg3NGEwMzEwNjdkY2Q2M2MxNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDvufSLFHIfXJSMbi2DjfOkBbAL5
f9q8vKyM1nPIFDRCSjWaGOcmKIFXnvv4t8awnB6lurjvgmhgp0kxCQ3By0TC2/fs
OwhfSMXW4/OEbQbzf5+xlzePKcQm+yRV3g3aAPbPI+/bscLnL3fXlZFgfa8JVsr6
TNUjyptX7braZbMMlGA7lyGLibiuosI1BtsaP6yFwLSamZCn6EJbPebhdS7sD9Mw
oZtd3ZUxEWxxekTp0LylZO3QS1WjSsGWNqU+q/n/tRKhj4/7phRMizx8hty5+VDO
ks4j3rTQmmos39VhmbkOZq2lqGf7KOuu+FGFgkYax4bO5KKR7cUBONhirwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJde73RxeMeBx6CHSgMQZ9zWPBdHMB8GA1UdIwQY
MBaAFPA+1P7fVtCwKxcsj4nsN2UQzTF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEQ3VV90OVcwTEFyRnl5UGlldzNaUkROTVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lNjM5NTAtNzZlOC00ZjJiLTg3MzEt
ZmI0ZmQwN2UyNmEwLzEvbDE3dmRIRjR4NEhIb0lkS0F4Qm4zTlk4RjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lNjM5NTAtNzZlOC00ZjJiLTg3MzEtZmI0ZmQwN2UyNmEw
LzEvOEQ3VV90OVcwTEFyRnl5UGlldzNaUkROTVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQ0wDAN
BgkqhkiG9w0BAQsFAAOCAQEALb+dDZVP5xf8I1nrSeCzxbMWsH5GUuheSkLi3h54
o8n99arj0zvAtoO9laFezpJgfKmTS/dsFRg7bDH2YGuT/RyPseuWW3rRcZ1dikGV
JakmspCiOcs/gy7L6hwoalNS1nNrUmUIt//W30f2RDKxsdFMRlQxpkL+UmwhFwyX
lriwZn0wKoHmZIhTC9wNNiR3ut0JnEqDJtmy0wvMySoHN/DIhviqh4HtiT0g8uU7
ebnLzsVNjTtPqAuLgyZ9EUYBh5YEJTrj1gu5FLkI4DOZJkaDui2ca/lTwjmYoiSl
XOEeYIpJwKiVcW4uEWVfAJRvX7XBIc4MmktR9pdFpFdBzw==
-----END CERTIFICATE-----