This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/KRcQChyIkdk17z-o88DTXwkNu_Y.roa
File:                     KRcQChyIkdk17z-o88DTXwkNu_Y.roa (raw, json)
Hash identifier:          k4ZBkPTraQNZ31kK5NnaOy56WVAVKO/c8Q/xt3FDIoM=
Subject key identifier:   29:17:10:0A:1C:88:91:D9:35:EF:3F:A8:F3:C0:D3:5F:09:0D:BB:F6
Certificate issuer:       /CN=0fe732e6b249093e79a1a507cbcd8196f01817fa
Certificate serial:       019B797EE7303105517170D0AF60797040A3
Authority key identifier: 0F:E7:32:E6:B2:49:09:3E:79:A1:A5:07:CB:CD:81:96:F0:18:17:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/KRcQChyIkdk17z-o88DTXwkNu_Y.roa
Signing time:             Thu 01 Jan 2026 12:18:38 +0000
ROA not before:           Thu 01 Jan 2026 12:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        157.239.128.0/24 maxlen: 24
                          157.239.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:e7:30:31:05:51:71:70:d0:af:60:79:70:40:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fe732e6b249093e79a1a507cbcd8196f01817fa
        Validity
            Not Before: Jan  1 12:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2917100a1c8891d935ef3fa8f3c0d35f090dbbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7f:a9:3d:26:66:b2:27:00:89:9b:d4:36:29:
                    9c:a3:81:ad:84:96:c7:fa:51:ed:92:2c:05:34:64:
                    c0:f8:c2:bc:ac:74:9b:01:59:e0:d4:e2:b2:e7:0a:
                    f5:a5:c2:01:a2:96:73:5f:f7:fb:55:f8:32:01:cb:
                    72:28:87:5c:28:93:de:ac:c1:e2:58:ca:84:f5:4b:
                    35:78:c6:13:d3:2a:9f:53:f5:df:65:f7:cd:33:a8:
                    4a:87:6e:b5:fd:d6:e4:43:c1:1c:28:81:db:7b:a9:
                    64:31:06:b6:11:55:49:6a:ed:96:ee:84:cc:01:13:
                    c2:d5:ef:90:36:fe:99:9e:60:b1:1f:cc:08:bd:da:
                    44:25:f1:35:33:aa:9e:1f:d6:a2:2a:0c:38:c4:45:
                    6d:ec:34:fb:4c:58:55:0f:dd:46:ff:a4:4f:88:ff:
                    18:82:86:c5:ab:9d:43:e6:5d:a6:d7:bd:5e:3c:6a:
                    f5:2d:5d:8e:10:65:af:b1:cb:6f:9a:9c:9b:2b:4d:
                    94:24:0a:7d:0b:9c:d1:23:80:fe:40:ae:68:90:c8:
                    9c:7d:06:f2:48:8f:68:61:f7:ce:bd:94:d3:ec:0d:
                    94:e6:78:a2:9b:31:68:7a:53:9b:fd:a4:f1:8e:ad:
                    2a:de:f8:f5:df:ea:04:cc:b7:5c:22:ba:c1:92:80:
                    63:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:17:10:0A:1C:88:91:D9:35:EF:3F:A8:F3:C0:D3:5F:09:0D:BB:F6
            X509v3 Authority Key Identifier:
                keyid:0F:E7:32:E6:B2:49:09:3E:79:A1:A5:07:CB:CD:81:96:F0:18:17:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/KRcQChyIkdk17z-o88DTXwkNu_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.239.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:02:17:3b:e6:bd:e2:f6:fd:24:97:84:5a:a8:df:57:b9:49:
         c4:60:1d:00:29:9a:1c:6b:67:b4:a9:3e:db:3e:a1:3b:15:e8:
         fc:26:c0:15:e1:d3:55:e6:80:71:0a:ff:32:c5:03:b5:a6:09:
         68:c4:44:5a:53:4e:77:8a:58:cd:70:7f:34:41:10:4e:bc:ec:
         e1:b6:89:e8:28:31:73:ca:a3:ac:04:03:82:5e:7e:44:29:1a:
         68:fb:fc:25:b3:6f:79:8d:a8:55:ee:06:1c:a2:bc:14:8e:85:
         ba:4a:30:1f:34:58:e2:e4:20:24:a2:3a:c9:b2:d2:23:03:9c:
         c8:87:5d:0d:e5:8d:0f:77:78:f7:2d:2e:19:8d:1f:c4:45:01:
         ba:b7:52:81:3f:45:f7:89:bb:0d:f8:4c:c8:01:b0:0c:c9:b9:
         34:fb:f5:cb:17:17:5c:9f:8d:bf:1d:27:3f:1d:7f:fe:4f:06:
         cc:86:22:dc:f9:b6:32:cd:97:52:7f:c6:79:19:10:3d:cf:b4:
         16:73:d4:1c:2f:33:0b:50:7e:57:a9:6a:60:22:0f:40:27:98:
         3b:b0:4b:7f:ab:23:fc:3b:9a:c9:b3:fa:b8:d1:40:f7:c8:f6:
         32:ee:1f:64:51:56:ac:bd:bf:d2:e0:88:fc:70:59:68:4e:45:
         1e:84:bb:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fucwMQVRcXDQr2B5cECjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZTczMmU2YjI0OTA5M2U3OWExYTUwN2NiY2Q4MTk2ZjAx
ODE3ZmEwHhcNMjYwMTAxMTIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE3MTAwYTFjODg5MWQ5MzVlZjNmYThmM2MwZDM1ZjA5MGRiYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX+pPSZmsicAiZvUNimco4GthJbH
+lHtkiwFNGTA+MK8rHSbAVng1OKy5wr1pcIBopZzX/f7VfgyActyKIdcKJPerMHi
WMqE9Us1eMYT0yqfU/XfZffNM6hKh261/dbkQ8EcKIHbe6lkMQa2EVVJau2W7oTM
ARPC1e+QNv6ZnmCxH8wIvdpEJfE1M6qeH9aiKgw4xEVt7DT7TFhVD91G/6RPiP8Y
gobFq51D5l2m171ePGr1LV2OEGWvsctvmpybK02UJAp9C5zRI4D+QK5okMicfQby
SI9oYffOvZTT7A2U5niimzFoelOb/aTxjq0q3vj13+oEzLdcIrrBkoBjdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkXEAociJHZNe8/qPPA018JDbv2MB8GA1UdIwQY
MBaAFA/nMuaySQk+eaGlB8vNgZbwGBf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1jeTVySkpDVDU1b2FVSHk4MkJsdkFZRl9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wOGE5ZGUtYzg4ZC00YTQ1LTk1OGUt
YTI3Nzg5ODI5M2I5LzEvS1JjUUNoeUlrZGsxN3otbzg4RFRYd2tOdV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wOGE5ZGUtYzg4ZC00YTQ1LTk1OGUtYTI3Nzg5ODI5M2I5
LzEvRC1jeTVySkpDVDU1b2FVSHk4MkJsdkFZRl9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBne+AMA0G
CSqGSIb3DQEBCwUAA4IBAQAhAhc75r3i9v0kl4RaqN9XuUnEYB0AKZoca2e0qT7b
PqE7Fej8JsAV4dNV5oBxCv8yxQO1pgloxERaU053iljNcH80QRBOvOzhtonoKDFz
yqOsBAOCXn5EKRpo+/wls295jahV7gYcorwUjoW6SjAfNFji5CAkojrJstIjA5zI
h10N5Y0Pd3j3LS4ZjR/ERQG6t1KBP0X3ibsN+EzIAbAMybk0+/XLFxdcn42/HSc/
HX/+TwbMhiLc+bYyzZdSf8Z5GRA9z7QWc9QcLzMLUH5XqWpgIg9AJ5g7sEt/qyP8
O5rJs/q40UD3yPYy7h9kUVasvb/S4Ij8cFloTkUehLsG
-----END CERTIFICATE-----