This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/1b_krTT_K4qK4dHHlDSdwvTB_Ck.roa
File:                     1b_krTT_K4qK4dHHlDSdwvTB_Ck.roa (raw, json)
Hash identifier:          WyAqk00HCYlIWNZ7WJdQWAHo5r3VFoh2daJ+Uc2V4bY=
Subject key identifier:   D5:BF:E4:AD:34:FF:2B:8A:8A:E1:D1:C7:94:34:9D:C2:F4:C1:FC:29
Certificate issuer:       /CN=ab069058b4d367612be4807372b5e593e0347766
Certificate serial:       019B7BA33E662C5E61864371F37E25B95C3E
Authority key identifier: AB:06:90:58:B4:D3:67:61:2B:E4:80:73:72:B5:E5:93:E0:34:77:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/1b_krTT_K4qK4dHHlDSdwvTB_Ck.roa
Signing time:             Thu 01 Jan 2026 22:17:34 +0000
ROA not before:           Thu 01 Jan 2026 22:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1930
IP address blocks:        192.135.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:3e:66:2c:5e:61:86:43:71:f3:7e:25:b9:5c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab069058b4d367612be4807372b5e593e0347766
        Validity
            Not Before: Jan  1 22:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5bfe4ad34ff2b8a8ae1d1c794349dc2f4c1fc29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:be:d8:56:63:a5:9d:81:4b:1b:58:ad:2a:fc:
                    21:e7:62:72:3f:f3:00:22:0b:2f:ef:31:8a:1e:f2:
                    99:0a:28:92:a4:db:b3:fc:c7:06:0b:39:89:dc:c3:
                    66:89:cd:bf:bd:7e:7b:a0:80:40:15:d4:af:31:40:
                    e0:ee:71:53:db:8f:dc:98:28:22:e7:93:63:9e:c6:
                    55:77:4e:d0:51:7d:bd:e7:92:40:8e:08:e6:82:cc:
                    ac:a2:63:03:a4:1f:b3:9a:57:f5:81:e2:32:1b:e2:
                    d7:56:30:f3:89:ac:51:50:13:d6:15:c4:cb:05:96:
                    eb:18:ec:b0:db:10:65:eb:c4:55:f5:2e:b7:b7:57:
                    09:0d:41:34:6d:35:8b:07:ff:3e:e9:fc:85:eb:11:
                    f2:da:11:4a:70:4f:2a:42:97:4b:ef:51:22:63:62:
                    12:d1:a4:ec:5e:9e:22:5c:be:9c:f9:18:a0:5e:6f:
                    5b:a7:d1:54:e1:10:70:b8:3e:04:7c:fb:3c:9e:8a:
                    ae:14:2e:8b:8c:e6:32:b2:99:6a:03:a2:2e:bc:18:
                    f5:08:1f:0f:fd:09:4c:20:49:fe:1c:33:64:57:40:
                    f0:68:67:80:97:d6:cf:85:65:0e:10:fb:28:d5:1a:
                    56:db:7f:0d:69:6f:28:2b:ec:95:7f:da:42:1f:96:
                    19:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BF:E4:AD:34:FF:2B:8A:8A:E1:D1:C7:94:34:9D:C2:F4:C1:FC:29
            X509v3 Authority Key Identifier:
                keyid:AB:06:90:58:B4:D3:67:61:2B:E4:80:73:72:B5:E5:93:E0:34:77:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/1b_krTT_K4qK4dHHlDSdwvTB_Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.135.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:90:05:2a:29:3f:58:ab:1e:7b:9c:26:a8:9d:d6:92:a4:94:
         60:ef:07:93:31:e8:9a:50:52:da:76:13:99:05:e4:c6:a9:c2:
         c0:ce:e0:0d:60:8d:ea:65:93:dc:2e:63:1b:d1:11:4e:dc:b0:
         ae:c9:1d:28:71:95:c3:e0:3d:9a:18:3e:c9:1e:e3:e7:82:41:
         66:a7:ad:25:08:c0:37:2b:84:8e:0b:4a:79:e0:7a:66:bf:c0:
         ca:44:0a:84:ba:82:c5:0b:d6:27:c1:52:10:8d:cd:fe:5e:69:
         02:ee:c8:08:80:31:ac:f7:a1:01:0c:38:22:32:28:b0:c7:ae:
         fe:b2:70:94:18:88:46:36:63:e0:88:5a:42:10:35:2a:3f:56:
         62:19:65:e3:a9:09:7f:6d:da:60:17:32:bb:39:c2:eb:ff:85:
         08:6a:33:dc:15:71:43:e2:2d:fc:cd:e6:1d:cd:5f:9c:34:4d:
         4d:67:1f:a5:8b:df:eb:da:bd:ef:78:28:48:f8:b9:37:af:3d:
         32:a4:1a:a2:c5:b8:c3:bb:c5:18:91:fa:97:65:80:47:00:b5:
         60:04:f6:7c:81:25:c9:6e:29:0b:59:b0:60:0a:9b:e7:93:e0:
         23:5d:46:2b:69:29:31:91:76:dd:25:00:ad:d5:98:bb:cc:9d:
         cb:2c:20:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7oz5mLF5hhkNx834luVw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDY5MDU4YjRkMzY3NjEyYmU0ODA3MzcyYjVlNTkzZTAz
NDc3NjYwHhcNMjYwMTAxMjIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWJmZTRhZDM0ZmYyYjhhOGFlMWQxYzc5NDM0OWRjMmY0YzFmYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA077YVmOlnYFLG1itKvwh52JyP/MA
Igsv7zGKHvKZCiiSpNuz/McGCzmJ3MNmic2/vX57oIBAFdSvMUDg7nFT24/cmCgi
55NjnsZVd07QUX2955JAjgjmgsysomMDpB+zmlf1geIyG+LXVjDziaxRUBPWFcTL
BZbrGOyw2xBl68RV9S63t1cJDUE0bTWLB/8+6fyF6xHy2hFKcE8qQpdL71EiY2IS
0aTsXp4iXL6c+RigXm9bp9FU4RBwuD4EfPs8noquFC6LjOYysplqA6IuvBj1CB8P
/QlMIEn+HDNkV0DwaGeAl9bPhWUOEPso1RpW238NaW8oK+yVf9pCH5YZFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW/5K00/yuKiuHRx5Q0ncL0wfwpMB8GA1UdIwQY
MBaAFKsGkFi002dhK+SAc3K15ZPgNHdmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdhUVdMVFRaMkVyNUlCemNyWGxrLUEwZDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84N2IwOWEtY2NmYS00OGVhLWFlYjUt
NTY2NzQxOWY0NGU4LzEvMWJfa3JUVF9LNHFLNGRISGxEU2R3dlRCX0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84N2IwOWEtY2NmYS00OGVhLWFlYjUtNTY2NzQxOWY0NGU4
LzEvcXdhUVdMVFRaMkVyNUlCemNyWGxrLUEwZDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIfbMA0G
CSqGSIb3DQEBCwUAA4IBAQBRkAUqKT9Yqx57nCaondaSpJRg7weTMeiaUFLadhOZ
BeTGqcLAzuANYI3qZZPcLmMb0RFO3LCuyR0ocZXD4D2aGD7JHuPngkFmp60lCMA3
K4SOC0p54Hpmv8DKRAqEuoLFC9YnwVIQjc3+XmkC7sgIgDGs96EBDDgiMiiwx67+
snCUGIhGNmPgiFpCEDUqP1ZiGWXjqQl/bdpgFzK7OcLr/4UIajPcFXFD4i38zeYd
zV+cNE1NZx+li9/r2r3veChI+Lk3rz0ypBqixbjDu8UYkfqXZYBHALVgBPZ8gSXJ
bikLWbBgCpvnk+AjXUYraSkxkXbdJQCt1Zi7zJ3LLCCu
-----END CERTIFICATE-----