This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/WaF459Cc2uKlfeZQW71nNqM2m1o.roa
File:                     WaF459Cc2uKlfeZQW71nNqM2m1o.roa (raw, json)
Hash identifier:          INQ6UPfyYeMJRdxCsd5oJRH61VvqzRfFQEhDkUi1R2A=
Subject key identifier:   59:A1:78:E7:D0:9C:DA:E2:A5:7D:E6:50:5B:BD:67:36:A3:36:9B:5A
Certificate issuer:       /CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
Certificate serial:       019B791149859D18623F5FDDB753190FC88E
Authority key identifier: 9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/WaF459Cc2uKlfeZQW71nNqM2m1o.roa
Signing time:             Thu 01 Jan 2026 10:18:54 +0000
ROA not before:           Thu 01 Jan 2026 10:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57472
IP address blocks:        2a00:126f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:49:85:9d:18:62:3f:5f:dd:b7:53:19:0f:c8:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
        Validity
            Not Before: Jan  1 10:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59a178e7d09cdae2a57de6505bbd6736a3369b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:4f:b8:d0:25:ed:4c:da:fe:77:64:fb:b3:
                    b9:af:aa:6a:f0:5e:87:04:85:b9:ae:23:8a:ae:c8:
                    59:8d:98:5b:4f:40:91:f4:b3:0c:9b:b4:23:60:75:
                    15:78:e3:ea:0f:03:92:05:83:cf:2f:ab:af:d2:ea:
                    ce:fc:cb:94:3a:2a:e7:3b:eb:3a:ee:ff:7e:a2:8f:
                    a5:a0:64:c9:da:53:d3:5b:a6:ee:5c:8d:80:3e:59:
                    8b:05:b5:89:05:00:55:94:10:dc:33:b0:5c:31:26:
                    66:9a:6e:c7:0f:76:86:24:2d:ff:27:5a:77:cf:83:
                    e4:78:3e:72:b7:ba:61:2c:2e:d8:67:23:27:87:de:
                    b1:91:f5:ee:39:0d:a7:07:b4:c4:b0:7a:d4:e3:98:
                    4c:4a:bc:d7:1d:33:9b:ee:37:88:99:64:8a:46:84:
                    67:6f:9d:b0:a4:3a:54:11:f7:df:56:f7:75:2a:86:
                    8d:0a:c9:91:54:e2:bf:01:f8:e3:92:55:8e:1a:dc:
                    cc:f8:bf:e4:93:4c:a3:2b:78:88:95:8f:8b:4b:de:
                    42:11:ea:5a:9d:29:30:19:ed:b2:03:bf:a9:bc:58:
                    73:6a:d3:e3:31:19:9e:b3:3d:6c:a0:e2:9b:38:8e:
                    64:9d:47:9e:c3:d5:d8:f3:02:1f:60:10:d1:25:a4:
                    82:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A1:78:E7:D0:9C:DA:E2:A5:7D:E6:50:5B:BD:67:36:A3:36:9B:5A
            X509v3 Authority Key Identifier:
                keyid:9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/WaF459Cc2uKlfeZQW71nNqM2m1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:126f::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:69:2b:fb:23:ad:7a:28:d8:86:6c:8f:bf:f4:b2:26:36:2f:
         41:6f:ea:a8:bb:51:cb:c1:ff:2d:1c:17:83:43:97:41:e0:6d:
         7f:e1:2f:d5:14:1b:11:90:cd:64:dc:66:63:9a:f4:1b:59:ae:
         85:ef:c6:af:ce:54:43:cf:27:af:8f:36:7d:72:2c:e2:ca:2f:
         c5:9a:e1:b4:75:23:eb:9d:88:5d:62:f8:7a:b2:8d:61:74:7b:
         20:00:02:e1:46:6e:eb:25:05:dc:61:90:3b:6d:0f:ab:f3:3b:
         59:87:2b:91:00:f0:f3:36:80:2e:5a:24:c4:5b:1d:48:87:fc:
         76:7f:4c:20:c5:2a:8c:d2:52:0b:4f:da:61:cb:43:3f:10:19:
         83:e7:89:cf:8b:05:00:06:0d:60:b4:d4:95:29:9b:a3:c4:20:
         8c:5c:a1:5f:0e:08:f7:b6:1c:c1:c1:a9:86:68:4e:24:85:81:
         20:1f:c8:1c:2b:2e:94:6e:a6:42:56:76:df:c4:bf:67:74:89:
         d7:91:81:7f:46:c1:d1:7e:c5:1b:dc:d6:b1:b6:91:4b:a4:45:
         6b:16:c4:3c:1d:69:0f:2f:8c:97:59:ac:2c:a0:36:41:1d:09:
         52:9f:9e:1b:75:dd:2e:d5:35:b5:2a:d1:ea:40:35:75:48:e5:
         80:92:7f:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EUmFnRhiP1/dt1MZD8iOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliOTg2ZmM2NDZmZGEwY2YxNDVlMTBkOTNmZTFiMTBlYjBk
ZWU2MjUwHhcNMjYwMTAxMTAxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWExNzhlN2QwOWNkYWUyYTU3ZGU2NTA1YmJkNjczNmEzMzY5YjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VZPuNAl7Uza/ndk+7O5r6pq8F6H
BIW5riOKrshZjZhbT0CR9LMMm7QjYHUVeOPqDwOSBYPPL6uv0urO/MuUOirnO+s6
7v9+oo+loGTJ2lPTW6buXI2APlmLBbWJBQBVlBDcM7BcMSZmmm7HD3aGJC3/J1p3
z4PkeD5yt7phLC7YZyMnh96xkfXuOQ2nB7TEsHrU45hMSrzXHTOb7jeImWSKRoRn
b52wpDpUEfffVvd1KoaNCsmRVOK/AfjjklWOGtzM+L/kk0yjK3iIlY+LS95CEepa
nSkwGe2yA7+pvFhzatPjMRmesz1soOKbOI5knUeew9XY8wIfYBDRJaSC0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFmheOfQnNripX3mUFu9ZzajNptaMB8GA1UdIwQY
MBaAFJuYb8ZG/aDPFF4Q2T/hsQ6w3uYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTVodnhrYjlvTThVWGhEWlAtR3hEckRlNWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8zNGJiNzctYzg0Ny00MTExLTk2ZjMt
YmRkNWNjNDQwMzk2LzEvV2FGNDU5Q2MydUtsZmVaUVc3MW5OcU0ybTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8zNGJiNzctYzg0Ny00MTExLTk2ZjMtYmRkNWNjNDQwMzk2
LzEvbTVodnhrYjlvTThVWGhEWlAtR3hEckRlNWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgASbzAN
BgkqhkiG9w0BAQsFAAOCAQEAqWkr+yOteijYhmyPv/SyJjYvQW/qqLtRy8H/LRwX
g0OXQeBtf+Ev1RQbEZDNZNxmY5r0G1muhe/Gr85UQ88nr482fXIs4sovxZrhtHUj
652IXWL4erKNYXR7IAAC4UZu6yUF3GGQO20Pq/M7WYcrkQDw8zaALlokxFsdSIf8
dn9MIMUqjNJSC0/aYctDPxAZg+eJz4sFAAYNYLTUlSmbo8QgjFyhXw4I97YcwcGp
hmhOJIWBIB/IHCsulG6mQlZ238S/Z3SJ15GBf0bB0X7FG9zWsbaRS6RFaxbEPB1p
Dy+Ml1msLKA2QR0JUp+eG3XdLtU1tSrR6kA1dUjlgJJ/Dg==
-----END CERTIFICATE-----