This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ndHqnNZkDP9XvDKnDuHOM9pHKmU.roa
File:                     ndHqnNZkDP9XvDKnDuHOM9pHKmU.roa (raw, json)
Hash identifier:          s0HRmA7m+KX8PUMWt5GLfL5BtSl4M9gACDQhiPzOapw=
Subject key identifier:   9D:D1:EA:9C:D6:64:0C:FF:57:BC:32:A7:0E:E1:CE:33:DA:47:2A:65
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019B7D5D5B3BED4463F8625AF4EFC942B975
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ndHqnNZkDP9XvDKnDuHOM9pHKmU.roa
Signing time:             Fri 02 Jan 2026 06:20:28 +0000
ROA not before:           Fri 02 Jan 2026 06:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213105
IP address blocks:        2a10:2f00:138::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:5b:3b:ed:44:63:f8:62:5a:f4:ef:c9:42:b9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 06:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dd1ea9cd6640cff57bc32a70ee1ce33da472a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:98:2e:27:a8:30:fa:d1:10:5d:45:7d:39:57:
                    ba:56:fd:39:f1:55:53:15:96:ad:88:e5:66:b1:73:
                    b3:47:5d:ad:6c:6f:ca:5e:0c:a0:b7:40:49:04:4e:
                    32:d7:32:54:49:a4:ee:cf:ec:c3:3b:8a:d9:df:cf:
                    0f:13:dc:33:b0:a2:fa:07:3e:83:33:e5:9d:ab:5c:
                    5f:2e:ac:ed:5d:a3:54:74:41:86:fe:d9:0d:1f:2d:
                    5d:c5:27:36:80:bb:7a:25:19:6d:29:27:cc:e4:2c:
                    aa:e9:13:af:e6:cc:61:86:4a:d4:ce:15:a8:37:cb:
                    6b:a3:52:f0:c0:88:52:57:33:0a:65:92:15:c6:74:
                    9f:d6:71:fc:23:2e:b3:ee:40:02:41:20:89:4c:49:
                    99:34:fe:d9:d9:67:a1:b0:8a:17:4b:7f:f3:60:3e:
                    e7:4a:5a:b5:96:6c:8c:38:1e:e4:4d:2a:be:b5:35:
                    f0:aa:91:81:4d:3f:d4:5c:ac:d3:93:6b:e1:05:ed:
                    17:97:d4:c9:e3:81:2a:7e:00:c8:48:96:dc:e4:f3:
                    fc:0c:98:6c:0f:32:71:79:cb:e3:cc:19:15:a9:f8:
                    99:29:2c:2b:65:4d:ab:53:bf:f2:13:65:fa:77:b7:
                    e8:a3:a5:2e:93:e5:e0:4a:e1:2a:ce:a0:7c:2d:b5:
                    8a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D1:EA:9C:D6:64:0C:FF:57:BC:32:A7:0E:E1:CE:33:DA:47:2A:65
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ndHqnNZkDP9XvDKnDuHOM9pHKmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:138::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:c9:9c:f1:2b:78:53:62:02:5c:35:cf:bf:4d:fa:be:2e:25:
         5a:2b:eb:e2:bc:18:db:69:c5:db:6d:27:fa:9d:eb:7e:dd:eb:
         ab:fc:e5:94:dc:62:be:fa:f9:89:4f:43:ff:46:97:06:66:68:
         a4:f6:d1:94:27:f1:13:d6:2d:0c:9c:1b:45:3e:e5:d8:05:77:
         2b:ec:39:b8:d1:23:65:20:cb:91:9c:5e:1b:d2:f0:5c:4d:32:
         b8:63:07:d2:bb:82:45:c2:20:47:8c:9a:03:0c:ff:39:a3:12:
         42:61:36:8e:e4:b6:5c:8d:d1:b3:cd:a8:52:66:b4:80:7a:e4:
         f5:8b:76:33:ac:ba:de:1a:ac:95:06:3f:a4:87:00:30:7b:5f:
         5a:d6:25:f4:fc:a0:52:93:4b:02:27:e3:ec:2b:a7:3b:3c:df:
         c6:b5:a5:32:7d:67:5a:85:8e:fa:5f:95:ce:b4:18:2c:49:9c:
         ea:79:87:2c:b0:a0:3c:58:9c:db:09:95:24:41:c1:1c:97:a1:
         1e:72:96:41:13:4e:3f:3a:88:94:e4:aa:fa:ca:16:b9:e8:7a:
         5a:b2:10:92:80:3b:1f:1d:e9:bd:b6:f3:44:ea:ac:26:ad:10:
         69:47:60:8f:64:24:eb:78:08:f5:11:7d:e9:b3:6e:e3:22:91:
         76:c6:a3:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XVs77URj+GJa9O/JQrl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMTAyMDYyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQxZWE5Y2Q2NjQwY2ZmNTdiYzMyYTcwZWUxY2UzM2RhNDcyYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspguJ6gw+tEQXUV9OVe6Vv058VVT
FZatiOVmsXOzR12tbG/KXgygt0BJBE4y1zJUSaTuz+zDO4rZ388PE9wzsKL6Bz6D
M+Wdq1xfLqztXaNUdEGG/tkNHy1dxSc2gLt6JRltKSfM5Cyq6ROv5sxhhkrUzhWo
N8tro1LwwIhSVzMKZZIVxnSf1nH8Iy6z7kACQSCJTEmZNP7Z2WehsIoXS3/zYD7n
Slq1lmyMOB7kTSq+tTXwqpGBTT/UXKzTk2vhBe0Xl9TJ44EqfgDISJbc5PP8DJhs
DzJxecvjzBkVqfiZKSwrZU2rU7/yE2X6d7foo6Uuk+XgSuEqzqB8LbWK9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ3R6pzWZAz/V7wypw7hzjPaRyplMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbmRIcW5OWmtEUDlYdkRLbkR1SE9NOXBIS21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAE4
MA0GCSqGSIb3DQEBCwUAA4IBAQA7yZzxK3hTYgJcNc+/Tfq+LiVaK+vivBjbacXb
bSf6net+3eur/OWU3GK++vmJT0P/RpcGZmik9tGUJ/ET1i0MnBtFPuXYBXcr7Dm4
0SNlIMuRnF4b0vBcTTK4YwfSu4JFwiBHjJoDDP85oxJCYTaO5LZcjdGzzahSZrSA
euT1i3YzrLreGqyVBj+khwAwe19a1iX0/KBSk0sCJ+PsK6c7PN/GtaUyfWdahY76
X5XOtBgsSZzqeYcssKA8WJzbCZUkQcEcl6EecpZBE04/OoiU5Kr6yha56HpashCS
gDsfHem9tvNE6qwmrRBpR2CPZCTreAj1EX3ps27jIpF2xqNk
-----END CERTIFICATE-----