This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdLGRbfEBKLHz3ENNx-yw4Gx9H4.roa
File:                     kdLGRbfEBKLHz3ENNx-yw4Gx9H4.roa (raw, json)
Hash identifier:          rHw65Nbcdk6mE9+YiyVQv5eVR+z1Gtq6E4rwWgNi+kM=
Subject key identifier:   91:D2:C6:45:B7:C4:04:A2:C7:CF:71:0D:37:1F:B2:C3:81:B1:F4:7E
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019B77C766CE0FDF54FF1A549FC4C752C6BD
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdLGRbfEBKLHz3ENNx-yw4Gx9H4.roa
Signing time:             Thu 01 Jan 2026 04:18:35 +0000
ROA not before:           Thu 01 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200993
IP address blocks:        2a12:4141::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 00:18:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:66:ce:0f:df:54:ff:1a:54:9f:c4:c7:52:c6:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jan  1 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91d2c645b7c404a2c7cf710d371fb2c381b1f47e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0c:94:2a:4b:cd:45:ea:05:f2:2a:29:09:cc:
                    5c:cc:ff:87:0b:c5:db:24:dc:64:7d:5e:cb:bd:45:
                    25:4d:85:56:b8:d7:35:54:62:96:d7:5e:1c:4c:68:
                    47:45:41:0f:23:2e:27:a4:b0:da:30:d0:df:cd:59:
                    60:73:bb:86:71:eb:e0:c6:d4:05:5c:53:c7:84:99:
                    c1:16:f1:7e:aa:d2:02:98:0f:e8:bd:75:51:e2:dc:
                    25:3f:4f:d0:f3:6c:0c:e4:20:66:5c:0c:bb:2c:95:
                    3d:c5:a1:81:0e:db:f5:54:f6:e1:6a:9a:04:87:0c:
                    ad:e8:d0:e1:fd:66:14:3c:87:9a:0b:29:39:fd:09:
                    07:fa:1f:c0:bd:a9:92:61:3b:c5:38:9c:cf:c2:7b:
                    11:2b:68:83:ae:11:5c:0c:26:21:0d:26:71:6d:0a:
                    8f:ba:a0:7f:f0:ac:7b:92:50:d0:aa:11:15:6a:f9:
                    cc:17:39:06:a1:0a:cf:5c:38:5e:3c:08:fb:58:e7:
                    5c:52:b4:76:16:a9:28:66:9c:d4:2f:5c:bb:3c:e5:
                    31:ad:d6:b4:f4:7f:c7:74:23:07:47:93:f1:e7:d1:
                    a3:6e:3d:15:b9:8b:a1:e6:8e:b8:55:20:78:10:56:
                    82:f1:64:49:d8:e9:13:ba:a3:cb:96:ba:7d:82:62:
                    3d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D2:C6:45:B7:C4:04:A2:C7:CF:71:0D:37:1F:B2:C3:81:B1:F4:7E
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdLGRbfEBKLHz3ENNx-yw4Gx9H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:53:3c:1d:62:d8:78:86:3d:4a:79:06:76:c7:b5:ab:dd:52:
         3a:15:23:5b:28:5e:9d:8f:cb:7c:86:86:29:90:ce:7b:90:03:
         3b:b8:2b:ed:39:db:84:c1:2b:6b:e2:d0:1a:57:b9:15:41:8b:
         2f:d5:58:69:07:c2:9f:7e:31:18:15:56:b8:24:ed:c1:27:ae:
         8f:bf:23:47:c2:ee:f1:0f:5e:1f:b7:06:82:56:a2:67:2d:4e:
         2d:c3:6d:46:74:73:53:d3:98:3b:1c:28:82:14:71:9e:dd:a1:
         a3:49:d7:d3:4b:72:e0:d2:b1:03:f8:f2:5a:ba:14:e6:16:56:
         b2:7b:ad:18:17:ab:93:57:06:11:3c:59:ef:10:b9:3a:46:cb:
         af:e8:a3:4a:0d:bf:96:e3:e8:d1:a5:45:a0:7e:4f:7f:09:a9:
         e1:e3:12:56:e7:80:2d:fd:08:bb:0a:49:8c:68:0e:8f:b7:b0:
         86:5e:bb:b0:03:dd:f6:d8:5b:be:96:4d:89:6d:51:99:1a:1f:
         d8:d6:59:0d:67:b1:c7:16:e0:8a:55:f8:1c:dc:f1:b6:e9:6f:
         89:bd:24:84:cc:f1:4c:c3:eb:d6:1e:23:d7:16:de:38:d9:4f:
         f7:ba:83:43:c3:7a:f8:ae:a8:d4:7d:cd:e6:7b:ea:1b:78:e3:
         e3:ba:c2:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3x2bOD99U/xpUn8THUsa9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMTAxMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQyYzY0NWI3YzQwNGEyYzdjZjcxMGQzNzFmYjJjMzgxYjFmNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QyUKkvNReoF8iopCcxczP+HC8Xb
JNxkfV7LvUUlTYVWuNc1VGKW114cTGhHRUEPIy4npLDaMNDfzVlgc7uGcevgxtQF
XFPHhJnBFvF+qtICmA/ovXVR4twlP0/Q82wM5CBmXAy7LJU9xaGBDtv1VPbhapoE
hwyt6NDh/WYUPIeaCyk5/QkH+h/AvamSYTvFOJzPwnsRK2iDrhFcDCYhDSZxbQqP
uqB/8Kx7klDQqhEVavnMFzkGoQrPXDhePAj7WOdcUrR2FqkoZpzUL1y7POUxrda0
9H/HdCMHR5Px59Gjbj0VuYuh5o64VSB4EFaC8WRJ2OkTuqPLlrp9gmI9nwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJHSxkW3xASix89xDTcfssOBsfR+MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEva2RMR1JiZkVCS0xIejNFTk54LXl3NEd4OUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJBQTAN
BgkqhkiG9w0BAQsFAAOCAQEAVlM8HWLYeIY9SnkGdse1q91SOhUjWyhenY/LfIaG
KZDOe5ADO7gr7TnbhMEra+LQGle5FUGLL9VYaQfCn34xGBVWuCTtwSeuj78jR8Lu
8Q9eH7cGglaiZy1OLcNtRnRzU9OYOxwoghRxnt2ho0nX00ty4NKxA/jyWroU5hZW
snutGBerk1cGETxZ7xC5OkbLr+ijSg2/luPo0aVFoH5Pfwmp4eMSVueALf0IuwpJ
jGgOj7ewhl67sAPd9thbvpZNiW1RmRof2NZZDWexxxbgilX4HNzxtulvib0khMzx
TMPr1h4j1xbeONlP97qDQ8N6+K6o1H3N5nvqG3jj47rCuQ==
-----END CERTIFICATE-----