This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/l1mFVAOuxHZKBwMbg64rZnUC-1A.roa
File:                     l1mFVAOuxHZKBwMbg64rZnUC-1A.roa (raw, json)
Hash identifier:          b+iEU9Au8tIP5RGBvo59a7Rag467Ip6uQFWhSxkco+k=
Subject key identifier:   97:59:85:54:03:AE:C4:76:4A:07:03:1B:83:AE:2B:66:75:02:FB:50
Certificate issuer:       /CN=eed154f96adceb9bcee0bdc0b835afbe0509751a
Certificate serial:       019B7BA538A1C9F5584DE75A0E76E8E1BED5
Authority key identifier: EE:D1:54:F9:6A:DC:EB:9B:CE:E0:BD:C0:B8:35:AF:BE:05:09:75:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/l1mFVAOuxHZKBwMbg64rZnUC-1A.roa
Signing time:             Thu 01 Jan 2026 22:19:44 +0000
ROA not before:           Thu 01 Jan 2026 22:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214285
IP address blocks:        2a01:f480::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:38:a1:c9:f5:58:4d:e7:5a:0e:76:e8:e1:be:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed154f96adceb9bcee0bdc0b835afbe0509751a
        Validity
            Not Before: Jan  1 22:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9759855403aec4764a07031b83ae2b667502fb50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5f:4b:a3:0c:3c:1d:84:54:02:ec:ee:ac:07:
                    01:ab:ad:4f:f4:c1:f6:07:12:81:b9:71:ad:00:ae:
                    d6:26:2d:1e:2c:46:c4:72:2e:6d:77:a3:20:a7:37:
                    62:57:90:5a:24:53:f6:b1:23:ad:df:c3:c3:7b:f1:
                    bb:f8:a8:22:76:76:af:60:86:24:99:e0:95:6b:52:
                    1f:36:71:9e:10:8c:4e:18:4a:25:00:30:f3:85:3c:
                    ec:25:56:35:a8:59:ec:9d:90:77:bb:9e:f0:14:24:
                    34:62:45:33:bc:ee:bc:57:a4:51:cc:87:a4:64:db:
                    8b:e0:33:01:9d:18:9d:c1:fd:c8:5e:88:c0:63:6a:
                    4f:62:47:24:08:82:ca:04:8b:22:9d:f0:99:0c:95:
                    78:41:5f:c1:88:29:26:59:0b:82:1e:c1:99:de:fa:
                    45:8c:4e:97:64:92:fe:f0:a5:d0:cd:17:c8:03:7b:
                    8d:46:91:76:da:a0:a7:6d:30:bb:33:9b:c8:d4:59:
                    2d:82:2d:bb:b2:d1:0b:74:33:cd:82:46:19:51:1f:
                    3d:05:1b:71:32:ee:d4:ec:b3:c1:a7:d3:6f:2f:c3:
                    7d:93:08:3d:6d:0a:21:37:1d:bb:b3:6b:17:33:ac:
                    f6:9a:31:2c:0c:ec:72:c0:e4:7b:b9:db:b3:75:c9:
                    2a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:59:85:54:03:AE:C4:76:4A:07:03:1B:83:AE:2B:66:75:02:FB:50
            X509v3 Authority Key Identifier:
                keyid:EE:D1:54:F9:6A:DC:EB:9B:CE:E0:BD:C0:B8:35:AF:BE:05:09:75:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/l1mFVAOuxHZKBwMbg64rZnUC-1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f480::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:3e:46:cf:88:e0:21:95:90:75:3e:86:9b:65:52:de:ad:6b:
         a2:ca:b2:1b:44:32:fa:e9:c0:72:8d:4a:78:49:52:d3:bc:f9:
         b2:57:82:22:46:db:4a:90:17:4f:5d:b5:0a:52:37:e5:b6:bd:
         af:ac:29:96:88:bb:b0:7e:87:d9:3d:b3:d2:d3:7a:ea:21:1f:
         ff:97:58:64:a6:39:8d:e8:4e:d5:13:32:d4:f0:7c:66:96:10:
         99:b2:4d:2d:0f:dc:8c:25:69:f2:eb:c3:03:8a:07:c6:78:c9:
         d8:b6:85:2d:20:26:2f:7b:e3:d2:3f:99:4d:5b:61:7a:ba:f3:
         b9:9b:51:fe:fe:1b:52:53:95:78:10:67:89:e9:47:28:d0:b9:
         8e:3b:9e:52:71:04:83:2a:11:bf:c5:31:94:55:a7:d3:85:71:
         66:72:7d:5d:ca:91:1f:a2:8f:41:d5:67:e2:86:51:8b:00:8e:
         2d:3d:da:c6:57:cc:79:5f:08:22:80:f3:1d:7e:d7:8e:1f:d4:
         db:fd:e4:df:7a:e3:69:b0:4c:63:db:e8:3e:67:45:9a:1b:7f:
         b1:ae:50:cd:07:12:ec:aa:c0:fc:d5:70:12:51:1d:d8:e2:4e:
         ae:fd:2d:24:c7:29:74:7f:ca:60:8b:b6:25:73:0d:e9:29:a8:
         2f:66:1f:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt7pTihyfVYTedaDnbo4b7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDE1NGY5NmFkY2ViOWJjZWUwYmRjMGI4MzVhZmJlMDUw
OTc1MWEwHhcNMjYwMTAxMjIxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzU5ODU1NDAzYWVjNDc2NGEwNzAzMWI4M2FlMmI2Njc1MDJmYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF9Loww8HYRUAuzurAcBq61P9MH2
BxKBuXGtAK7WJi0eLEbEci5td6MgpzdiV5BaJFP2sSOt38PDe/G7+KgidnavYIYk
meCVa1IfNnGeEIxOGEolADDzhTzsJVY1qFnsnZB3u57wFCQ0YkUzvO68V6RRzIek
ZNuL4DMBnRidwf3IXojAY2pPYkckCILKBIsinfCZDJV4QV/BiCkmWQuCHsGZ3vpF
jE6XZJL+8KXQzRfIA3uNRpF22qCnbTC7M5vI1Fktgi27stELdDPNgkYZUR89BRtx
Mu7U7LPBp9NvL8N9kwg9bQohNx27s2sXM6z2mjEsDOxywOR7uduzdckqqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJdZhVQDrsR2SgcDG4OuK2Z1AvtQMB8GA1UdIwQY
MBaAFO7RVPlq3OubzuC9wLg1r74FCXUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RGVS1XcmM2NXZPNEwzQXVEV3Z2Z1VKZFJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iNzk0MjAtODkwMS00MTY5LWI3ZjYt
NzZiN2VlZDUxZTRhLzEvbDFtRlZBT3V4SFpLQndNYmc2NHJablVDLTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iNzk0MjAtODkwMS00MTY5LWI3ZjYtNzZiN2VlZDUxZTRh
LzEvN3RGVS1XcmM2NXZPNEwzQXVEV3Z2Z1VKZFJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAQD5Gz4jgIZWQdT6Gm2VS3q1rosqyG0Qy+unAco1K
eElS07z5sleCIkbbSpAXT121ClI35ba9r6wploi7sH6H2T2z0tN66iEf/5dYZKY5
jehO1RMy1PB8ZpYQmbJNLQ/cjCVp8uvDA4oHxnjJ2LaFLSAmL3vj0j+ZTVtherrz
uZtR/v4bUlOVeBBnielHKNC5jjueUnEEgyoRv8UxlFWn04VxZnJ9XcqRH6KPQdVn
4oZRiwCOLT3axlfMeV8IIoDzHX7Xjh/U2/3k33rjabBMY9voPmdFmht/sa5QzQcS
7KrA/NVwElEd2OJOrv0tJMcpdH/KYIu2JXMN6SmoL2YfAA==
-----END CERTIFICATE-----