This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/q19qERCShb-Y7JAltKkjwCPGd_M.roa
File:                     q19qERCShb-Y7JAltKkjwCPGd_M.roa (raw, json)
Hash identifier:          yoUEi5A8cMILPVY4ZsR8L+GyUOqrJ2wvua2rTehpmZ8=
Subject key identifier:   AB:5F:6A:11:10:92:85:BF:98:EC:90:25:B4:A9:23:C0:23:C6:77:F3
Certificate issuer:       /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial:       019B7F82E687B5E247FDC02980F675A8C595
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/q19qERCShb-Y7JAltKkjwCPGd_M.roa
Signing time:             Fri 02 Jan 2026 16:20:43 +0000
ROA not before:           Fri 02 Jan 2026 16:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207134
IP address blocks:        2a01:b960:2305::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e6:87:b5:e2:47:fd:c0:29:80:f6:75:a8:c5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
        Validity
            Not Before: Jan  2 16:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab5f6a11109285bf98ec9025b4a923c023c677f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:1a:8c:d8:6a:e5:6a:85:64:3b:f7:f8:92:67:
                    eb:6d:ea:ed:1c:0c:be:3d:54:84:eb:d7:a3:21:11:
                    ce:1f:62:b9:26:26:7b:7b:9f:5a:1c:e7:0e:45:3f:
                    f1:fe:d8:e9:55:53:51:15:79:de:85:84:8a:e4:c1:
                    22:aa:1b:35:c3:e8:3b:70:e9:16:53:38:c1:06:49:
                    9e:d5:9c:f2:d7:87:97:cc:d8:a5:3f:89:3c:f9:74:
                    aa:c3:0a:90:c4:ad:e6:a1:b5:b3:17:ff:3a:d4:b1:
                    1f:1a:f7:5c:d3:46:4d:6e:3e:04:df:b2:86:27:1e:
                    e8:37:7f:c6:14:89:1f:e3:26:b8:08:65:bf:52:f2:
                    f8:2f:0e:48:00:05:04:6b:43:53:fd:07:3e:ac:02:
                    74:ed:ae:62:e9:a5:76:0a:8c:a1:18:5f:a0:07:27:
                    f5:cf:c3:ee:af:31:cc:74:d6:8d:e7:b2:82:47:b2:
                    c1:7a:a0:ef:b7:20:2b:bb:c1:1f:90:67:af:d5:78:
                    eb:f5:81:69:0a:3e:63:11:ea:1d:e6:91:5b:04:9b:
                    04:f3:ac:ce:c7:47:91:da:05:bb:a3:e0:b1:1c:88:
                    2c:60:7f:04:55:76:ac:dc:ea:c8:09:47:ca:a6:1a:
                    75:30:2d:f7:8e:24:07:9a:fb:8b:8b:65:1b:89:fa:
                    6c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5F:6A:11:10:92:85:BF:98:EC:90:25:B4:A9:23:C0:23:C6:77:F3
            X509v3 Authority Key Identifier:
                keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/q19qERCShb-Y7JAltKkjwCPGd_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:b960:2305::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:8f:cb:7a:19:6f:2b:db:cb:81:aa:62:6f:11:d3:39:7e:31:
         40:bd:4a:4e:34:90:82:0e:1d:02:62:c8:d3:09:97:b4:ab:17:
         05:bf:5c:1f:00:8e:c3:d3:bd:01:8e:b0:40:a3:de:02:bf:cc:
         dc:6a:f7:19:c7:70:c6:bd:d7:7f:a8:d5:7a:7d:13:14:01:21:
         57:81:22:7f:bd:eb:1c:d1:32:9b:7e:84:0e:29:8d:84:c7:e5:
         77:8d:db:c3:43:6a:c4:c1:81:5b:ab:90:62:dc:75:2d:f4:48:
         04:5e:6f:78:53:99:1b:3c:57:8d:de:00:78:7f:f2:7a:88:3b:
         f7:ea:7d:5e:fd:21:b5:57:d4:82:ed:6a:71:c6:04:81:31:17:
         52:cb:a7:25:24:0c:a7:3e:b6:98:c1:4d:32:8c:be:fa:2a:72:
         ba:e7:bb:c0:17:cf:c9:6c:b9:95:83:6e:68:54:ba:34:f8:6f:
         88:de:47:e7:2d:69:d9:50:d8:e2:c8:35:11:d7:bf:eb:67:8e:
         be:3e:7a:09:2d:87:31:b6:dd:33:fb:09:5b:bf:32:f5:f7:cf:
         7a:57:4b:73:8e:22:40:71:67:3f:4a:3e:e1:d9:36:8d:5b:2b:
         49:24:97:47:31:58:43:36:56:a0:f5:5a:a5:eb:99:76:ae:14:
         56:aa:52:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/guaHteJH/cApgPZ1qMWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjYwMTAyMTYyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVmNmExMTEwOTI4NWJmOThlYzkwMjViNGE5MjNjMDIzYzY3N2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBqM2GrlaoVkO/f4kmfrbertHAy+
PVSE69ejIRHOH2K5JiZ7e59aHOcORT/x/tjpVVNRFXnehYSK5MEiqhs1w+g7cOkW
UzjBBkme1Zzy14eXzNilP4k8+XSqwwqQxK3mobWzF/861LEfGvdc00ZNbj4E37KG
Jx7oN3/GFIkf4ya4CGW/UvL4Lw5IAAUEa0NT/Qc+rAJ07a5i6aV2CoyhGF+gByf1
z8PurzHMdNaN57KCR7LBeqDvtyAru8EfkGev1Xjr9YFpCj5jEeod5pFbBJsE86zO
x0eR2gW7o+CxHIgsYH8EVXas3OrICUfKphp1MC33jiQHmvuLi2Ubifps1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKtfahEQkoW/mOyQJbSpI8AjxnfzMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvcTE5cUVSQ1NoYi1ZN0pBbHRLa2p3Q1BHZF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgG5YCMF
MA0GCSqGSIb3DQEBCwUAA4IBAQAwj8t6GW8r28uBqmJvEdM5fjFAvUpONJCCDh0C
YsjTCZe0qxcFv1wfAI7D070BjrBAo94Cv8zcavcZx3DGvdd/qNV6fRMUASFXgSJ/
vesc0TKbfoQOKY2Ex+V3jdvDQ2rEwYFbq5Bi3HUt9EgEXm94U5kbPFeN3gB4f/J6
iDv36n1e/SG1V9SC7WpxxgSBMRdSy6clJAynPraYwU0yjL76KnK657vAF8/JbLmV
g25oVLo0+G+I3kfnLWnZUNjiyDUR17/rZ46+PnoJLYcxtt0z+wlbvzL19896V0tz
jiJAcWc/Sj7h2TaNWytJJJdHMVhDNlag9Vql65l2rhRWqlKK
-----END CERTIFICATE-----