This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
File:                     326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa (raw, json)
Hash identifier:          nafu6Z+JM7pvpzQDAE35HEyxOLGLNwRfEwkZyIaCEN8=
Subject key identifier:   1C:FD:04:64:05:51:3F:48:7E:92:23:D6:7B:82:E1:96:A8:99:49:7D
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       3B25A1D90E841EDFFF4BC696F1340CEF90761D4D
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
Signing time:             Tue 13 Jan 2026 15:55:59 +0000
ROA not before:           Tue 13 Jan 2026 15:50:59 +0000
ROA not after:            Tue 12 Jan 2027 15:55:59 +0000
asID:                     8229
IP address blocks:        2a0b:2542:900::/40 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:49:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:25:a1:d9:0e:84:1e:df:ff:4b:c6:96:f1:34:0c:ef:90:76:1d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Jan 13 15:50:59 2026 GMT
            Not After : Jan 12 15:55:59 2027 GMT
        Subject: CN=1CFD046405513F487E9223D67B82E196A899497D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8a:66:cd:69:49:47:74:ca:f2:82:8c:5b:0e:
                    4a:2c:3e:d0:92:46:7a:00:ed:18:d2:f1:65:47:cf:
                    a3:47:e9:d8:1d:7f:e1:d5:60:3f:e1:31:76:42:32:
                    bc:a5:3c:ea:26:83:f4:c3:31:ac:93:10:e5:e6:24:
                    dc:78:8e:24:23:5a:19:bb:42:7b:6c:1c:de:4f:f7:
                    93:1d:72:c8:cc:1f:73:df:f9:75:1c:57:c9:af:fe:
                    bd:60:7f:d7:ad:a5:17:99:8c:23:0c:18:24:1d:36:
                    57:68:52:53:f1:83:34:1d:0c:b0:61:a6:ce:4d:4f:
                    f5:fa:dd:e5:69:b4:5c:f4:c2:70:f5:1f:35:94:5b:
                    75:b0:e1:db:43:7f:02:d9:9e:0c:6d:e1:f4:6d:87:
                    de:7c:f2:e9:4c:4b:d2:45:c1:b9:8b:5a:a3:7c:46:
                    a7:4d:0b:a5:22:0f:d9:b6:c0:9c:6c:d5:da:23:94:
                    e8:7a:d2:2e:ca:f7:18:7c:fe:92:c0:15:eb:47:86:
                    b0:79:00:62:22:ae:c0:b2:84:da:86:ff:c3:15:41:
                    b5:a6:36:62:4e:4a:b9:8b:94:a7:20:bc:d5:52:3c:
                    8b:89:ee:0e:4a:05:8a:25:b0:e9:b0:09:11:e4:cb:
                    3b:08:19:47:e5:e4:32:a8:00:05:0c:fc:14:36:48:
                    03:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:FD:04:64:05:51:3F:48:7E:92:23:D6:7B:82:E1:96:A8:99:49:7D
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:a4:1b:bf:b4:47:3c:57:d9:c6:c3:12:6e:58:bb:43:21:02:
         48:9c:06:41:46:79:fc:5c:dd:dc:0f:b6:58:d5:d4:21:95:70:
         5e:20:06:48:06:e9:5b:5f:5b:b5:04:44:12:bd:71:c2:b7:67:
         e0:88:e8:ff:2b:0c:67:5b:d5:7c:a1:4e:f9:7f:07:f8:db:54:
         90:3f:cc:50:67:5c:27:8b:b5:33:d2:c2:57:28:49:04:20:95:
         39:07:98:b9:d3:3b:a7:61:e9:ba:a8:81:ea:7b:e0:2f:ff:05:
         2b:43:df:af:b0:74:25:9a:77:0c:e7:56:9a:5c:8a:5f:b2:aa:
         fb:37:dd:ce:04:75:fa:ed:8a:54:d1:32:a3:2b:de:b1:fa:1c:
         08:ea:d0:dc:7f:82:5d:73:4b:5e:3a:76:9e:4c:91:0e:80:16:
         47:e0:b9:9b:ca:15:d5:78:59:c0:de:a9:01:4d:6e:6e:cf:38:
         f8:cc:c3:a6:83:ef:b4:45:13:78:22:6f:6a:3d:41:2f:87:3e:
         f6:f1:d5:aa:32:de:91:8d:c6:ff:92:1e:ad:1c:a1:e2:6f:f1:
         6a:08:1f:3d:7b:8a:ae:1e:8d:d3:84:ea:66:61:8f:db:cb:36:
         91:18:06:76:14:b3:22:1c:e9:f3:41:9d:38:3c:08:2f:cf:6b:
         9a:a5:03:c3
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgIUOyWh2Q6EHt//S8aW8TQM75B2HU0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNjAxMTMxNTUwNTlaFw0yNzAxMTIxNTU1NTlaMDMxMTAvBgNV
BAMTKDFDRkQwNDY0MDU1MTNGNDg3RTkyMjNENjdCODJFMTk2QTg5OTQ5N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4imbNaUlHdMrygoxbDkosPtCS
RnoA7RjS8WVHz6NH6dgdf+HVYD/hMXZCMrylPOomg/TDMayTEOXmJNx4jiQjWhm7
QntsHN5P95MdcsjMH3Pf+XUcV8mv/r1gf9etpReZjCMMGCQdNldoUlPxgzQdDLBh
ps5NT/X63eVptFz0wnD1HzWUW3Ww4dtDfwLZngxt4fRth9588ulMS9JFwbmLWqN8
RqdNC6UiD9m2wJxs1dojlOh60i7K9xh8/pLAFetHhrB5AGIirsCyhNqG/8MVQbWm
NmJOSrmLlKcgvNVSPIuJ7g5KBYolsOmwCRHkyzsIGUfl5DKoAAUM/BQ2SAMzAgMB
AAGjggHYMIIB1DAdBgNVHQ4EFgQUHP0EZAVRP0h+kiPWe4LhlqiZSX0wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB+BggrBgEFBQcBCwRyMHAwbgYIKwYBBQUHMAuGYnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzIzYTM5MzAzMDNhM2Ey
ZjM0MzAyZDMxMzIzODIwM2QzZTIwMzgzMjMyMzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVCCTAN
BgkqhkiG9w0BAQsFAAOCAQEANqQbv7RHPFfZxsMSbli7QyECSJwGQUZ5/Fzd3A+2
WNXUIZVwXiAGSAbpW19btQREEr1xwrdn4Ijo/ysMZ1vVfKFO+X8H+NtUkD/MUGdc
J4u1M9LCVyhJBCCVOQeYudM7p2HpuqiB6nvgL/8FK0Pfr7B0JZp3DOdWmlyKX7Kq
+zfdzgR1+u2KVNEyoyvesfocCOrQ3H+CXXNLXjp2nkyRDoAWR+C5m8oV1XhZwN6p
AU1ubs84+MzDpoPvtEUTeCJvaj1BL4c+9vHVqjLekY3G/5IerRyh4m/xaggfPXuK
rh6N04TqZmGP28s2kRgGdhSzIhzp80GdODwIL89rmqUDww==
-----END CERTIFICATE-----