This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/YHXtAxXid5QMy0ddpdCunT3-TDc.roa
File:                     YHXtAxXid5QMy0ddpdCunT3-TDc.roa (raw, json)
Hash identifier:          nIdLtgpk2IuVabvP25TwfIRRLErcB/3W2AbOBlc2EjE=
Subject key identifier:   60:75:ED:03:15:E2:77:94:0C:CB:47:5D:A5:D0:AE:9D:3D:FE:4C:37
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B36F2A5BD1E12121AA47201E7DC06B4F8
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/YHXtAxXid5QMy0ddpdCunT3-TDc.roa
Signing time:             Fri 19 Dec 2025 14:10:30 +0000
ROA not before:           Fri 19 Dec 2025 14:10:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202641
IP address blocks:        2a0c:b641:860::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 23:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:36:f2:a5:bd:1e:12:12:1a:a4:72:01:e7:dc:06:b4:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec 19 14:10:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6075ed0315e277940ccb475da5d0ae9d3dfe4c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:1e:71:8b:73:c3:a7:e9:20:65:5b:4c:09:
                    66:9a:63:4c:f8:02:8c:7e:67:e7:f4:41:1f:65:bf:
                    78:a6:90:02:0c:de:4e:04:2b:00:7f:f5:c4:7b:ec:
                    a4:e5:ec:35:e4:3d:91:de:ae:f0:42:a5:72:dc:94:
                    37:1c:24:53:fa:4e:c8:96:ae:fa:c9:46:4f:b7:78:
                    24:84:a2:d6:10:39:e0:8c:cc:dd:bb:59:c9:ca:5d:
                    5b:e1:63:4c:a2:72:e1:da:dd:dc:4c:89:14:59:b7:
                    0d:be:30:e1:5e:b4:5d:ef:35:82:93:c1:fb:ef:49:
                    76:c6:23:14:3a:69:87:bc:0b:bb:de:d3:6a:e3:8b:
                    ec:d7:f2:e9:4a:4a:d1:ad:06:e9:0e:15:b9:11:f0:
                    50:79:4c:20:62:f7:a3:33:b9:1b:be:ce:1e:4c:66:
                    de:72:34:3d:f0:ab:a6:49:98:52:f8:df:4c:76:a4:
                    c0:eb:52:e3:c7:07:0c:a9:05:18:1a:d0:90:99:bf:
                    a1:c8:ed:e6:3f:e0:9b:ca:94:18:6d:5e:27:b5:58:
                    c3:49:da:21:8e:ba:0f:cf:81:71:0e:f8:73:be:e2:
                    54:e7:8e:98:78:41:b8:1d:f5:89:f9:e5:7d:c0:40:
                    8a:2d:e2:aa:2a:6f:cd:aa:e7:2e:b3:a3:2f:5b:4e:
                    44:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:75:ED:03:15:E2:77:94:0C:CB:47:5D:A5:D0:AE:9D:3D:FE:4C:37
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/YHXtAxXid5QMy0ddpdCunT3-TDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:860::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:25:09:73:5a:5d:2f:0f:8c:4d:c0:9b:f4:ee:fa:65:c6:bb:
         7f:88:b7:16:a9:06:b5:fa:3f:1e:f9:ac:cc:03:96:79:76:e0:
         0d:69:19:df:29:d8:56:24:e9:72:01:1c:03:df:70:fd:53:7c:
         5e:c9:ba:07:bb:b7:42:d0:62:b0:2d:6b:d6:af:b1:72:60:d4:
         a3:98:0a:69:f9:99:b4:b5:f0:7a:88:9f:44:fa:f6:0d:04:74:
         c7:ae:59:8e:a8:2b:11:64:23:07:45:f2:05:0c:2c:bb:b1:26:
         92:5f:3c:6c:ea:8e:35:05:f4:e5:cc:14:00:ec:bf:41:67:e5:
         e3:9d:c5:6c:e5:86:23:29:39:70:66:9a:14:d3:c0:4a:8f:0f:
         fb:f9:e3:45:2a:35:da:b8:09:a2:29:0f:df:ae:0b:0a:f5:4a:
         79:77:e8:4c:98:40:91:25:4e:d2:78:1b:d3:ab:f2:95:7c:62:
         2e:a1:69:84:d4:3e:8f:ae:43:50:16:59:7f:a9:db:08:aa:07:
         3a:73:fa:40:7d:51:6a:31:9d:4f:f2:a8:5d:0f:8c:c3:89:0e:
         f1:bc:6a:7e:05:18:e2:15:68:06:d3:60:59:b2:78:ce:95:30:
         27:72:fe:f7:25:33:64:aa:9c:b9:8f:f3:b6:fe:51:8b:ea:d8:
         73:96:94:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZs28qW9HhISGqRyAefcBrT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUxMjE5MTQxMDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc1ZWQwMzE1ZTI3Nzk0MGNjYjQ3NWRhNWQwYWU5ZDNkZmU0YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts4ecYtzw6fpIGVbTAlmmmNM+AKM
fmfn9EEfZb94ppACDN5OBCsAf/XEe+yk5ew15D2R3q7wQqVy3JQ3HCRT+k7Ilq76
yUZPt3gkhKLWEDngjMzdu1nJyl1b4WNMonLh2t3cTIkUWbcNvjDhXrRd7zWCk8H7
70l2xiMUOmmHvAu73tNq44vs1/LpSkrRrQbpDhW5EfBQeUwgYvejM7kbvs4eTGbe
cjQ98KumSZhS+N9MdqTA61LjxwcMqQUYGtCQmb+hyO3mP+CbypQYbV4ntVjDSdoh
jroPz4FxDvhzvuJU546YeEG4HfWJ+eV9wECKLeKqKm/Nqucus6MvW05EWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGB17QMV4neUDMtHXaXQrp09/kw3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWUhYdEF4WGlkNVFNeTBkZHBkQ3VuVDMtVERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQhg
MA0GCSqGSIb3DQEBCwUAA4IBAQCEJQlzWl0vD4xNwJv07vplxrt/iLcWqQa1+j8e
+azMA5Z5duANaRnfKdhWJOlyARwD33D9U3xeyboHu7dC0GKwLWvWr7FyYNSjmApp
+Zm0tfB6iJ9E+vYNBHTHrlmOqCsRZCMHRfIFDCy7sSaSXzxs6o41BfTlzBQA7L9B
Z+XjncVs5YYjKTlwZpoU08BKjw/7+eNFKjXauAmiKQ/frgsK9Up5d+hMmECRJU7S
eBvTq/KVfGIuoWmE1D6PrkNQFll/qdsIqgc6c/pAfVFqMZ1P8qhdD4zDiQ7xvGp+
BRjiFWgG02BZsnjOlTAncv73JTNkqpy5j/O2/lGL6thzlpT9
-----END CERTIFICATE-----