This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rfHHphfnN4vfeX1XEcikqzDGSRw.roa
File:                     rfHHphfnN4vfeX1XEcikqzDGSRw.roa (raw, json)
Hash identifier:          NpeTA6NsRYQNWgnbeEPze1G4Q0LrfxMES+M6pBChTfA=
Subject key identifier:   AD:F1:C7:A6:17:E7:37:8B:DF:79:7D:57:11:C8:A4:AB:30:C6:49:1C
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B279589F196F546FB531B26DBC2A6FAA5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rfHHphfnN4vfeX1XEcikqzDGSRw.roa
Signing time:             Tue 16 Dec 2025 14:34:30 +0000
ROA not before:           Tue 16 Dec 2025 14:34:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209466
IP address blocks:        2a0c:b641:a0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Dec 2025 02:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:27:95:89:f1:96:f5:46:fb:53:1b:26:db:c2:a6:fa:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec 16 14:34:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adf1c7a617e7378bdf797d5711c8a4ab30c6491c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c7:0c:fe:65:72:9f:2a:25:0f:c8:9e:42:93:
                    5a:63:c1:9c:dd:8f:34:bb:7c:6f:dc:85:d6:6d:2e:
                    e7:e3:d0:e2:70:1c:f4:96:04:18:b5:42:4c:b7:7f:
                    f9:33:81:28:54:c7:ac:c2:a5:90:a3:e0:82:65:59:
                    ac:ae:d3:18:c9:a4:ef:8c:ea:c3:c4:ab:bc:37:25:
                    21:7f:06:53:46:d7:50:93:48:8a:57:f3:80:8e:08:
                    5d:eb:d4:5f:9b:86:72:ca:2f:37:43:b9:e6:c9:38:
                    7b:df:00:b2:05:50:15:22:12:c6:8b:27:07:5f:69:
                    49:d8:94:23:1b:a8:28:a0:b7:42:7e:db:11:d3:60:
                    e1:59:19:d0:0b:38:b7:9a:60:6e:20:df:8f:3c:71:
                    ff:bb:ba:33:92:8a:59:fb:39:78:a6:4d:6d:51:cd:
                    9e:86:77:67:3c:73:37:f2:ab:93:c6:f5:b7:85:eb:
                    34:78:c7:5e:eb:28:46:6e:23:7f:ba:14:24:ec:ff:
                    40:62:1d:62:d1:5a:36:d8:da:28:a1:c8:80:23:25:
                    24:59:20:a7:f1:d8:c4:c6:b9:bc:68:68:c7:9d:48:
                    35:7b:92:d3:c3:af:fb:79:f7:cd:4c:de:59:c7:01:
                    ec:55:bb:c1:dd:f6:21:5e:a9:65:e3:88:ae:3e:46:
                    9e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F1:C7:A6:17:E7:37:8B:DF:79:7D:57:11:C8:A4:AB:30:C6:49:1C
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rfHHphfnN4vfeX1XEcikqzDGSRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3f:98:96:10:04:09:28:1e:a7:0a:e9:c8:c6:65:e9:82:4a:4f:
         74:6e:43:ba:14:fe:8b:27:69:90:82:1c:b5:a0:77:74:f1:48:
         ed:2d:80:c5:17:14:7e:38:64:e2:22:64:ec:df:74:9e:87:8f:
         ec:ac:dc:08:33:89:48:dd:93:31:3b:e3:37:05:b7:3d:03:fc:
         4c:b1:29:94:fe:2f:cc:e2:0a:62:f2:d7:8f:92:36:6e:b4:93:
         50:55:13:6b:ca:c4:ba:70:5c:17:8a:13:6c:d1:2b:37:60:7e:
         8f:5f:e3:f6:b5:b2:9c:52:37:13:83:14:af:f9:95:df:ad:9f:
         a9:fa:b3:98:d7:35:78:fd:2c:5d:96:66:a1:d7:65:df:0a:48:
         c7:5c:af:3a:5a:23:65:45:1c:d1:ea:df:40:5f:0a:f9:98:4a:
         41:79:84:69:d7:b9:59:f8:fc:1d:d3:2e:c3:84:22:7f:5d:f6:
         e4:6f:35:91:dd:f6:27:76:e4:50:9f:59:f7:56:02:ad:f1:a6:
         27:93:c4:4c:18:13:22:52:6e:b3:c3:a3:01:9e:e2:22:c9:af:
         fc:98:66:46:d4:63:9b:f9:13:8f:c3:1a:a4:b0:55:97:3f:e3:
         2f:95:ea:e6:03:dd:18:ae:dc:c5:b8:9d:65:ac:77:f9:0f:36:
         ad:d7:c9:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZsnlYnxlvVG+1MbJtvCpvqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUxMjE2MTQzNDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGYxYzdhNjE3ZTczNzhiZGY3OTdkNTcxMWM4YTRhYjMwYzY0OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApccM/mVynyolD8ieQpNaY8Gc3Y80
u3xv3IXWbS7n49DicBz0lgQYtUJMt3/5M4EoVMeswqWQo+CCZVmsrtMYyaTvjOrD
xKu8NyUhfwZTRtdQk0iKV/OAjghd69Rfm4Zyyi83Q7nmyTh73wCyBVAVIhLGiycH
X2lJ2JQjG6gooLdCftsR02DhWRnQCzi3mmBuIN+PPHH/u7ozkopZ+zl4pk1tUc2e
hndnPHM38quTxvW3hes0eMde6yhGbiN/uhQk7P9AYh1i0Vo22NooociAIyUkWSCn
8djExrm8aGjHnUg1e5LTw6/7effNTN5ZxwHsVbvB3fYhXqll44iuPkaeYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK3xx6YX5zeL33l9VxHIpKswxkkcMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcmZISHBoZm5ONHZmZVgxWEVjaWtxekRHU1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQCg
MA0GCSqGSIb3DQEBCwUAA4IBAQA/mJYQBAkoHqcK6cjGZemCSk90bkO6FP6LJ2mQ
ghy1oHd08UjtLYDFFxR+OGTiImTs33Seh4/srNwIM4lI3ZMxO+M3Bbc9A/xMsSmU
/i/M4gpi8tePkjZutJNQVRNrysS6cFwXihNs0Ss3YH6PX+P2tbKcUjcTgxSv+ZXf
rZ+p+rOY1zV4/Sxdlmah12XfCkjHXK86WiNlRRzR6t9AXwr5mEpBeYRp17lZ+Pwd
0y7DhCJ/XfbkbzWR3fYnduRQn1n3VgKt8aYnk8RMGBMiUm6zw6MBnuIiya/8mGZG
1GOb+ROPwxqksFWXP+MvlermA90YrtzFuJ1lrHf5Dzat18mX
-----END CERTIFICATE-----