This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/oyJa9c3yIWG6yoefC-Dl8q7v_4k.roa
File:                     oyJa9c3yIWG6yoefC-Dl8q7v_4k.roa (raw, json)
Hash identifier:          L8bXnJKZCUNQajwd4Sh21RwsiqjWxpRpS53i7yxKKJA=
Subject key identifier:   A3:22:5A:F5:CD:F2:21:61:BA:CA:87:9F:0B:E0:E5:F2:AE:EF:FF:89
Certificate issuer:       /CN=16044f658bbc92270785f7bb072ac936895f4933
Certificate serial:       019B0A92C5E32E5CA59E1C78CFB0F51D3A13
Authority key identifier: 16:04:4F:65:8B:BC:92:27:07:85:F7:BB:07:2A:C9:36:89:5F:49:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgRPZYu8kicHhfe7ByrJNolfSTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/oyJa9c3yIWG6yoefC-Dl8q7v_4k.roa
Signing time:             Wed 10 Dec 2025 23:22:29 +0000
ROA not before:           Wed 10 Dec 2025 23:22:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211588
IP address blocks:        2a0f:ff40::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/FgRPZYu8kicHhfe7ByrJNolfSTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/FgRPZYu8kicHhfe7ByrJNolfSTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgRPZYu8kicHhfe7ByrJNolfSTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Dec 2025 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:0a:92:c5:e3:2e:5c:a5:9e:1c:78:cf:b0:f5:1d:3a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16044f658bbc92270785f7bb072ac936895f4933
        Validity
            Not Before: Dec 10 23:22:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3225af5cdf22161baca879f0be0e5f2aeefff89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0e:1a:6f:48:11:3a:2f:5a:31:a5:53:f1:60:
                    c6:4d:47:64:ad:30:de:0c:06:6a:ad:d9:93:80:af:
                    4c:1e:a1:1f:c4:c4:75:34:25:ad:08:71:38:dd:65:
                    eb:ba:53:0f:27:bd:04:69:83:fa:71:0a:bb:04:30:
                    d7:84:cc:e9:d5:92:82:3c:91:78:bb:7f:65:fd:bd:
                    f3:7f:48:7d:6e:4e:74:2e:3a:bc:eb:bc:e2:81:c0:
                    8c:8c:72:3f:e0:11:a9:c6:3e:ff:16:28:b9:a1:ed:
                    81:49:f8:95:e0:bc:a3:63:5c:9f:c1:19:be:a1:d1:
                    3b:46:2d:4c:e8:e2:b3:04:7d:33:9b:68:c2:ba:95:
                    82:37:7c:14:19:63:90:13:b5:73:44:26:0b:ea:ed:
                    5e:48:64:85:b6:af:2c:98:b1:d0:4d:d8:91:db:f9:
                    aa:f7:ac:a0:a2:da:f5:54:c1:af:6a:6a:3f:45:e1:
                    3e:6c:41:bd:38:94:82:7c:ba:12:c7:7f:ee:b5:a8:
                    db:38:ac:11:1b:ae:54:ea:9b:28:50:01:2b:fb:6b:
                    bd:27:da:a4:47:99:db:c1:31:55:d7:00:27:3f:89:
                    13:a6:fc:19:be:34:f6:a3:3d:7f:5d:70:c9:40:46:
                    b8:03:55:ef:86:8c:5f:93:03:31:c6:83:ec:29:11:
                    ce:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:22:5A:F5:CD:F2:21:61:BA:CA:87:9F:0B:E0:E5:F2:AE:EF:FF:89
            X509v3 Authority Key Identifier:
                keyid:16:04:4F:65:8B:BC:92:27:07:85:F7:BB:07:2A:C9:36:89:5F:49:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgRPZYu8kicHhfe7ByrJNolfSTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/oyJa9c3yIWG6yoefC-Dl8q7v_4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/db503c-d654-4b46-9b8b-822b255538fe/1/FgRPZYu8kicHhfe7ByrJNolfSTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:7e:af:7d:9c:b2:ea:75:4e:dd:ac:41:fc:bf:95:be:67:a1:
         8e:c8:7d:1a:2e:c8:bb:43:45:34:2a:8e:1c:8b:f3:9e:36:7c:
         10:83:8d:db:32:a2:7d:fb:14:6e:05:cb:81:25:06:68:91:00:
         c2:23:36:f5:ea:bc:39:cd:99:54:4b:b7:c0:b0:a7:42:33:41:
         62:27:b2:7d:6d:26:9f:c9:e0:07:60:a5:0d:03:ed:0a:fd:ba:
         c3:24:fe:29:78:e6:e9:a6:cb:60:c5:2d:63:61:cf:f1:55:42:
         65:f1:b3:b4:cc:17:1e:c0:e4:68:c5:f3:2b:d8:50:f6:0b:12:
         36:3f:d6:14:a9:ee:df:df:89:7f:a9:e5:38:8d:6e:40:07:bd:
         f3:16:d6:ce:b9:15:e2:67:32:9b:14:2b:44:87:37:b5:7d:28:
         3b:f6:64:98:7c:65:9d:c5:b0:ec:f9:a5:ed:a9:ee:5b:ea:36:
         a6:94:28:f3:f4:97:08:a1:21:fa:4e:f3:30:d9:af:91:8a:41:
         2e:da:30:39:f1:96:1a:ba:66:d3:af:30:a5:06:2d:77:06:91:
         35:a7:86:5c:e9:b5:f5:ba:37:fc:57:c2:6e:ef:03:8f:da:9f:
         51:1f:00:90:6f:c5:af:d3:4c:fc:52:a9:32:f9:0b:5c:28:91:
         01:67:81:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZsKksXjLlylnhx4z7D1HToTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDQ0ZjY1OGJiYzkyMjcwNzg1ZjdiYjA3MmFjOTM2ODk1
ZjQ5MzMwHhcNMjUxMjEwMjMyMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzIyNWFmNWNkZjIyMTYxYmFjYTg3OWYwYmUwZTVmMmFlZWZmZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7g4ab0gROi9aMaVT8WDGTUdkrTDe
DAZqrdmTgK9MHqEfxMR1NCWtCHE43WXrulMPJ70EaYP6cQq7BDDXhMzp1ZKCPJF4
u39l/b3zf0h9bk50Ljq867zigcCMjHI/4BGpxj7/Fii5oe2BSfiV4LyjY1yfwRm+
odE7Ri1M6OKzBH0zm2jCupWCN3wUGWOQE7VzRCYL6u1eSGSFtq8smLHQTdiR2/mq
96ygotr1VMGvamo/ReE+bEG9OJSCfLoSx3/utajbOKwRG65U6psoUAEr+2u9J9qk
R5nbwTFV1wAnP4kTpvwZvjT2oz1/XXDJQEa4A1XvhoxfkwMxxoPsKRHOPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKMiWvXN8iFhusqHnwvg5fKu7/+JMB8GA1UdIwQY
MBaAFBYET2WLvJInB4X3uwcqyTaJX0kzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdSUFpZdThraWNIaGZlN0J5ckpOb2xmU1RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kYjUwM2MtZDY1NC00YjQ2LTliOGIt
ODIyYjI1NTUzOGZlLzEvb3lKYTljM3lJV0c2eW9lZkMtRGw4cTd2XzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kYjUwM2MtZDY1NC00YjQ2LTliOGItODIyYjI1NTUzOGZl
LzEvRmdSUFpZdThraWNIaGZlN0J5ckpOb2xmU1RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg//QDAN
BgkqhkiG9w0BAQsFAAOCAQEARX6vfZyy6nVO3axB/L+Vvmehjsh9Gi7Iu0NFNCqO
HIvznjZ8EION2zKiffsUbgXLgSUGaJEAwiM29eq8Oc2ZVEu3wLCnQjNBYieyfW0m
n8ngB2ClDQPtCv26wyT+KXjm6abLYMUtY2HP8VVCZfGztMwXHsDkaMXzK9hQ9gsS
Nj/WFKnu39+Jf6nlOI1uQAe98xbWzrkV4mcymxQrRIc3tX0oO/ZkmHxlncWw7Pml
7anuW+o2ppQo8/SXCKEh+k7zMNmvkYpBLtowOfGWGrpm068wpQYtdwaRNaeGXOm1
9bo3/FfCbu8Dj9qfUR8AkG/Fr9NM/FKpMvkLXCiRAWeBhg==
-----END CERTIFICATE-----