This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/19q6g12AmjkGcmyGxKaaVzALCeA.roa
File:                     19q6g12AmjkGcmyGxKaaVzALCeA.roa (raw, json)
Hash identifier:          iBTDfCJQ7QsiUqJhoY25FarZtvdsyDb2KrTGMVJdhAM=
Subject key identifier:   D7:DA:BA:83:5D:80:9A:39:06:72:6C:86:C4:A6:9A:57:30:0B:09:E0
Certificate issuer:       /CN=893afecd711705c476b785d0c86ef54c2124354c
Certificate serial:       019B7F83C84183C7A89B18E6D2D10596C050
Authority key identifier: 89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/19q6g12AmjkGcmyGxKaaVzALCeA.roa
Signing time:             Fri 02 Jan 2026 16:21:41 +0000
ROA not before:           Fri 02 Jan 2026 16:21:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12897
IP address blocks:        139.29.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:c8:41:83:c7:a8:9b:18:e6:d2:d1:05:96:c0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893afecd711705c476b785d0c86ef54c2124354c
        Validity
            Not Before: Jan  2 16:21:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7daba835d809a3906726c86c4a69a57300b09e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8c:0e:50:e7:c4:20:ff:78:b7:ae:3e:a3:dd:
                    aa:28:e0:6f:3d:c0:7d:21:08:6f:7e:32:9c:a4:ae:
                    73:05:91:95:6c:86:47:c6:67:d5:a0:d1:60:10:1c:
                    4b:b2:07:87:34:f1:27:58:17:a0:2c:13:2d:ad:61:
                    a4:1a:4f:53:68:53:99:a9:1a:17:78:50:22:fe:6b:
                    79:e6:26:b3:86:38:0b:ca:6f:d6:49:9c:2b:31:59:
                    0f:b8:6f:4f:50:55:20:5d:57:9c:48:8c:3f:dc:39:
                    ca:72:00:9d:e0:97:06:13:18:db:c5:a0:48:b5:a5:
                    5f:a3:26:b0:ef:da:16:b8:12:1d:9d:dc:71:2a:a0:
                    b3:17:60:50:ad:89:c4:64:27:31:f2:25:64:64:8f:
                    dd:2b:43:a9:9d:c3:39:e9:1b:80:45:28:75:ce:da:
                    46:e7:88:d3:5f:1b:8e:3f:31:b1:d3:38:b0:51:53:
                    0b:aa:46:d4:76:d5:11:12:9d:9a:f9:6e:06:13:55:
                    b5:e6:b7:76:5c:7d:5b:b6:eb:e6:0a:3e:3a:e3:77:
                    52:eb:05:69:9c:b6:0e:be:db:98:20:0e:af:90:b4:
                    52:01:e9:7f:ec:34:e3:25:6c:03:22:3e:e3:bd:74:
                    d9:a5:cb:c4:83:27:ac:c0:a8:c5:39:9c:46:10:dd:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:DA:BA:83:5D:80:9A:39:06:72:6C:86:C4:A6:9A:57:30:0B:09:E0
            X509v3 Authority Key Identifier:
                keyid:89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/19q6g12AmjkGcmyGxKaaVzALCeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.29.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c6:a1:c2:40:79:1a:2d:d2:20:91:5c:8a:79:2f:55:c5:8f:
         a0:bf:75:c6:c4:08:2c:37:74:fd:9e:5b:43:45:ab:d6:53:90:
         5d:12:31:84:ac:b5:5b:7a:19:79:76:0f:c9:7c:60:23:c9:bb:
         3a:8c:d8:1b:09:97:ad:d3:5a:36:c4:66:10:bb:e7:e0:46:03:
         44:de:ca:92:43:77:03:ff:f3:75:b4:e5:35:9c:53:3d:28:cf:
         27:57:d6:2a:2e:17:e5:f1:61:78:a5:75:d2:e0:90:88:34:5f:
         d0:31:18:2c:72:25:95:97:27:2b:3b:9a:ce:78:97:94:53:f1:
         ed:43:e6:7f:0f:1d:0a:ca:79:5c:34:48:32:12:23:7a:4a:bf:
         57:1c:20:f0:24:1a:6a:95:b0:bc:1f:99:b3:de:67:cf:96:1e:
         62:0a:5f:db:bf:ea:13:cf:d3:ec:1f:b6:9d:42:5b:81:31:54:
         80:3a:62:88:bc:b3:f2:d2:68:b3:77:ac:48:b6:b9:01:56:7f:
         62:85:de:93:5b:8e:14:de:98:b8:aa:86:c1:0a:03:6c:de:97:
         96:30:fb:ee:28:cd:b3:5c:1b:71:d4:a7:e9:fe:ec:0f:64:9c:
         6c:4e:14:b7:5b:ce:d3:0d:0d:e6:33:32:e9:5b:88:dd:d8:2d:
         81:54:ee:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g8hBg8eomxjm0tEFlsBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2FmZWNkNzExNzA1YzQ3NmI3ODVkMGM4NmVmNTRjMjEy
NDM1NGMwHhcNMjYwMTAyMTYyMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2RhYmE4MzVkODA5YTM5MDY3MjZjODZjNGE2OWE1NzMwMGIwOWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYwOUOfEIP94t64+o92qKOBvPcB9
IQhvfjKcpK5zBZGVbIZHxmfVoNFgEBxLsgeHNPEnWBegLBMtrWGkGk9TaFOZqRoX
eFAi/mt55iazhjgLym/WSZwrMVkPuG9PUFUgXVecSIw/3DnKcgCd4JcGExjbxaBI
taVfoyaw79oWuBIdndxxKqCzF2BQrYnEZCcx8iVkZI/dK0OpncM56RuARSh1ztpG
54jTXxuOPzGx0ziwUVMLqkbUdtUREp2a+W4GE1W15rd2XH1btuvmCj4643dS6wVp
nLYOvtuYIA6vkLRSAel/7DTjJWwDIj7jvXTZpcvEgyeswKjFOZxGEN1vPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfauoNdgJo5BnJshsSmmlcwCwngMB8GA1UdIwQY
MBaAFIk6/s1xFwXEdreF0Mhu9UwhJDVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQt
MWMxMzIwNmE4MTIzLzEvMTlxNmcxMkFtamtHY215R3hLYWFWekFMQ2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQtMWMxMzIwNmE4MTIz
LzEvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAix1/MA0G
CSqGSIb3DQEBCwUAA4IBAQAZxqHCQHkaLdIgkVyKeS9VxY+gv3XGxAgsN3T9nltD
RavWU5BdEjGErLVbehl5dg/JfGAjybs6jNgbCZet01o2xGYQu+fgRgNE3sqSQ3cD
//N1tOU1nFM9KM8nV9YqLhfl8WF4pXXS4JCINF/QMRgsciWVlycrO5rOeJeUU/Ht
Q+Z/Dx0KynlcNEgyEiN6Sr9XHCDwJBpqlbC8H5mz3mfPlh5iCl/bv+oTz9PsH7ad
QluBMVSAOmKIvLPy0mizd6xItrkBVn9ihd6TW44U3pi4qobBCgNs3peWMPvuKM2z
XBtx1Kfp/uwPZJxsThS3W87TDQ3mMzLpW4jd2C2BVO45
-----END CERTIFICATE-----