This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/KddG9VzqqdX_8k-PUqQzM9NcRkY.roa
File:                     KddG9VzqqdX_8k-PUqQzM9NcRkY.roa (raw, json)
Hash identifier:          pzuVMWDh2Vne7UfbY+caG5MJ7AmHoX1/3ZwULzGUsug=
Subject key identifier:   29:D7:46:F5:5C:EA:A9:D5:FF:F2:4F:8F:52:A4:33:33:D3:5C:46:46
Certificate issuer:       /CN=ea93edfc2aa748e4981050ec06e3a66920265e17
Certificate serial:       019B77591EC74842F57081D2DBA540DFCFB7
Authority key identifier: EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/KddG9VzqqdX_8k-PUqQzM9NcRkY.roa
Signing time:             Thu 01 Jan 2026 02:18:07 +0000
ROA not before:           Thu 01 Jan 2026 02:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35280
IP address blocks:        132.72.0.0/16 maxlen: 16
                          132.73.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:1e:c7:48:42:f5:70:81:d2:db:a5:40:df:cf:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea93edfc2aa748e4981050ec06e3a66920265e17
        Validity
            Not Before: Jan  1 02:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29d746f55ceaa9d5fff24f8f52a43333d35c4646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:58:9b:f4:d7:75:ce:fc:29:f3:2c:55:f0:57:
                    55:3c:4a:15:23:ff:38:3a:8e:7e:da:1b:27:3d:7a:
                    30:60:15:f2:21:67:0a:25:68:20:50:f6:72:ff:8c:
                    a0:63:e0:ce:12:48:ab:a4:14:3a:d3:9a:98:9c:ee:
                    ac:58:78:14:28:40:7b:60:20:c7:9c:80:13:55:77:
                    66:98:c1:c9:da:51:fe:84:7b:ef:d2:45:1b:d6:1b:
                    97:e2:ad:90:f2:a2:f2:a5:25:fe:be:80:4e:15:40:
                    c6:36:fb:59:ea:59:01:42:c7:de:de:af:68:c5:95:
                    00:aa:3f:55:34:39:3f:65:45:98:59:02:41:b8:90:
                    56:c0:b5:db:b6:55:43:a6:39:e0:fe:3c:5a:02:e3:
                    f9:37:c1:6c:db:e6:7d:ab:2a:36:61:a5:ae:95:14:
                    87:0f:e2:57:07:bb:77:e1:3b:ca:c5:e5:72:5a:6e:
                    8b:dd:85:e1:0c:62:5e:8e:bb:7b:6a:53:01:bb:14:
                    db:44:ec:4d:f7:29:f0:0d:7d:6b:cd:54:42:1e:0d:
                    68:7d:b0:4c:c6:90:71:db:23:61:3e:47:56:4e:62:
                    86:29:87:c9:b9:ed:09:e3:7f:1b:11:aa:6d:70:5a:
                    c2:54:d9:40:19:2e:8d:27:be:8a:a5:f1:1a:63:eb:
                    42:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D7:46:F5:5C:EA:A9:D5:FF:F2:4F:8F:52:A4:33:33:D3:5C:46:46
            X509v3 Authority Key Identifier:
                keyid:EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/KddG9VzqqdX_8k-PUqQzM9NcRkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1d:f4:25:f3:57:38:0d:06:90:70:bc:6d:80:8c:b0:49:ea:3e:
         b3:75:e4:de:1f:28:8f:0a:e0:6c:3b:c6:a8:07:68:be:95:4b:
         da:bc:d3:99:c5:f1:3e:4c:c9:ad:71:07:23:85:c5:53:89:eb:
         bb:6f:1b:88:4e:c4:a0:f4:75:e8:13:da:26:19:1d:ac:7c:33:
         d9:70:fb:1c:3d:b5:8d:fd:22:20:da:4c:14:d4:37:f6:b7:69:
         2c:91:b0:41:27:13:97:7d:eb:36:a2:ea:e1:0a:70:48:80:b4:
         b5:4d:ad:31:e8:0b:6f:d4:c3:8a:ff:72:99:a7:e1:7f:de:6d:
         31:17:68:2e:52:13:07:aa:ad:08:35:d0:03:b0:ab:13:16:4e:
         bb:da:5c:5a:1b:5e:09:9c:21:4d:bf:6a:47:a2:18:75:68:6f:
         6c:51:8d:0a:5c:ff:e4:49:a4:c7:3a:92:30:81:1b:73:ae:85:
         0e:9d:e6:8f:a7:44:5e:5b:b3:ad:d6:5a:e2:ad:e2:e0:c5:36:
         03:5c:4f:be:fb:b8:f2:5a:f0:1f:5c:4b:cd:a5:ee:73:f5:32:
         5c:0f:d7:d2:5b:37:f5:fc:6a:90:86:2b:b3:3b:87:f6:d7:53:
         75:d1:0e:93:0e:8a:37:7f:4a:d7:59:94:21:8c:e7:c3:ce:e1:
         b9:40:a5:52
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt3WR7HSEL1cIHS26VA38+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOTNlZGZjMmFhNzQ4ZTQ5ODEwNTBlYzA2ZTNhNjY5MjAy
NjVlMTcwHhcNMjYwMTAxMDIxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ3NDZmNTVjZWFhOWQ1ZmZmMjRmOGY1MmE0MzMzM2QzNWM0NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lib9Nd1zvwp8yxV8FdVPEoVI/84
Oo5+2hsnPXowYBXyIWcKJWggUPZy/4ygY+DOEkirpBQ605qYnO6sWHgUKEB7YCDH
nIATVXdmmMHJ2lH+hHvv0kUb1huX4q2Q8qLypSX+voBOFUDGNvtZ6lkBQsfe3q9o
xZUAqj9VNDk/ZUWYWQJBuJBWwLXbtlVDpjng/jxaAuP5N8Fs2+Z9qyo2YaWulRSH
D+JXB7t34TvKxeVyWm6L3YXhDGJejrt7alMBuxTbROxN9ynwDX1rzVRCHg1ofbBM
xpBx2yNhPkdWTmKGKYfJue0J438bEaptcFrCVNlAGS6NJ76KpfEaY+tCqQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCnXRvVc6qnV//JPj1KkMzPTXEZGMB8GA1UdIwQY
MBaAFOqT7fwqp0jkmBBQ7AbjpmkgJl4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmIt
ZDEzOGE5YzRlNDNmLzEvS2RkRzlWenFxZFhfOGstUFVxUXpNOU5jUmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmItZDEzOGE5YzRlNDNm
LzEvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEgwDQYJ
KoZIhvcNAQELBQADggEBAB30JfNXOA0GkHC8bYCMsEnqPrN15N4fKI8K4Gw7xqgH
aL6VS9q805nF8T5Mya1xByOFxVOJ67tvG4hOxKD0degT2iYZHax8M9lw+xw9tY39
IiDaTBTUN/a3aSyRsEEnE5d96zai6uEKcEiAtLVNrTHoC2/Uw4r/cpmn4X/ebTEX
aC5SEweqrQg10AOwqxMWTrvaXFobXgmcIU2/akeiGHVob2xRjQpc/+RJpMc6kjCB
G3OuhQ6d5o+nRF5bs63WWuKt4uDFNgNcT777uPJa8B9cS82l7nP1MlwP19JbN/X8
apCGK7M7h/bXU3XRDpMOijd/StdZlCGM58PO4blApVI=
-----END CERTIFICATE-----