This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/KQgcPbLRBBc_xsh51xPt4IehnO4.roa
File:                     KQgcPbLRBBc_xsh51xPt4IehnO4.roa (raw, json)
Hash identifier:          pCfM4q8twqlvRaHLGHOBBp4aKXHoEg09la6QGcZB7h0=
Subject key identifier:   29:08:1C:3D:B2:D1:04:17:3F:C6:C8:79:D7:13:ED:E0:87:A1:9C:EE
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019B7C128DBA7F9BD81268936F1C2CFD47E8
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/KQgcPbLRBBc_xsh51xPt4IehnO4.roa
Signing time:             Fri 02 Jan 2026 00:19:09 +0000
ROA not before:           Fri 02 Jan 2026 00:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136897
IP address blocks:        2a0f:9a00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:8d:ba:7f:9b:d8:12:68:93:6f:1c:2c:fd:47:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 00:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29081c3db2d104173fc6c879d713ede087a19cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:84:b3:ac:6d:a6:f2:79:a4:71:c2:cb:4f:28:
                    7b:ae:64:1d:b7:71:14:93:8c:dd:2d:6a:b0:87:e3:
                    ad:57:60:90:b4:24:d5:01:07:06:aa:f7:3f:b1:ca:
                    87:2d:b8:d2:82:e7:b7:5e:f4:34:1b:fd:c0:3f:46:
                    a6:c3:46:0d:b1:0a:a1:b5:6d:eb:b9:b5:78:3d:9d:
                    66:03:87:43:83:2e:d2:14:8b:ad:e8:76:8b:e3:bd:
                    d5:ce:be:d5:2b:a4:83:1a:11:74:90:8c:a2:58:49:
                    78:fa:a5:b3:72:db:32:bc:2e:a2:b5:8d:ab:85:e2:
                    d5:25:b1:ae:84:d9:3c:e4:5b:95:c0:29:af:3f:36:
                    4d:f9:66:12:0a:f9:3f:fe:8e:4f:4b:a7:82:52:d5:
                    08:89:46:d5:2c:16:b4:49:8e:92:ab:80:91:28:0c:
                    9a:44:d6:2c:7a:50:ae:39:c1:de:76:96:a7:5a:6d:
                    4b:b7:4d:37:cf:ff:33:f8:bb:49:89:e7:d9:ac:e8:
                    49:51:3f:94:70:1b:88:bf:aa:85:62:88:b8:da:55:
                    ac:16:ff:09:20:a0:c0:ed:6f:53:af:f2:2b:01:9e:
                    d0:29:e3:d0:86:fd:da:6f:84:dc:46:33:01:ab:5e:
                    17:92:4d:67:f2:99:e3:49:86:f8:7b:32:0f:3a:33:
                    bd:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:08:1C:3D:B2:D1:04:17:3F:C6:C8:79:D7:13:ED:E0:87:A1:9C:EE
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/KQgcPbLRBBc_xsh51xPt4IehnO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:ab:d8:29:53:14:84:57:34:d5:42:0e:f3:89:1b:ef:8e:71:
         15:43:f1:2c:8d:00:9a:45:0a:b5:13:e8:03:6f:dd:1f:30:bb:
         7b:90:d7:a1:12:f9:26:a1:1c:71:b0:80:82:40:9f:70:f6:94:
         87:18:9c:57:0e:02:2a:49:c5:6c:ee:e4:51:16:86:71:39:96:
         cb:b6:46:be:e1:a1:ce:c3:0e:96:1c:ef:57:77:f4:3c:98:6a:
         a6:0e:cc:36:ff:a1:69:6a:73:07:1e:23:35:b7:1f:de:6f:68:
         39:6b:68:8c:0f:d2:9d:1b:bc:18:5c:c7:8b:c9:c4:cf:2b:fd:
         1f:64:b5:41:a7:af:69:fa:3f:00:f4:f2:7b:68:1e:6c:bb:8f:
         36:0a:5c:7c:9c:09:d2:88:38:65:5e:82:33:15:95:f0:74:0f:
         5c:ce:57:44:d5:ba:d7:11:1a:55:77:3f:d1:fe:61:22:5c:e8:
         a8:1f:47:fb:b4:bd:b3:48:93:19:4c:7b:20:d6:77:32:0a:c2:
         2f:d9:6a:62:82:fa:6d:8a:20:0b:31:1e:3e:6f:9f:68:5f:a4:
         3a:fa:80:86:94:b5:af:0c:e1:10:c8:5b:86:08:83:9a:27:0b:
         5f:7f:b1:88:0d:3e:c0:ec:73:18:4f:5b:e7:d8:92:0b:f7:56:
         b3:f3:dc:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8Eo26f5vYEmiTbxws/UfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwMTAyMDAxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA4MWMzZGIyZDEwNDE3M2ZjNmM4NzlkNzEzZWRlMDg3YTE5Y2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84SzrG2m8nmkccLLTyh7rmQdt3EU
k4zdLWqwh+OtV2CQtCTVAQcGqvc/scqHLbjSgue3XvQ0G/3AP0amw0YNsQqhtW3r
ubV4PZ1mA4dDgy7SFIut6HaL473Vzr7VK6SDGhF0kIyiWEl4+qWzctsyvC6itY2r
heLVJbGuhNk85FuVwCmvPzZN+WYSCvk//o5PS6eCUtUIiUbVLBa0SY6Sq4CRKAya
RNYselCuOcHedpanWm1Lt003z/8z+LtJiefZrOhJUT+UcBuIv6qFYoi42lWsFv8J
IKDA7W9Tr/IrAZ7QKePQhv3ab4TcRjMBq14Xkk1n8pnjSYb4ezIPOjO94QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCkIHD2y0QQXP8bIedcT7eCHoZzuMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvS1FnY1BiTFJCQmNfeHNoNTF4UHQ0SWVobk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+aAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCFq9gpUxSEVzTVQg7ziRvvjnEVQ/EsjQCaRQq1
E+gDb90fMLt7kNehEvkmoRxxsICCQJ9w9pSHGJxXDgIqScVs7uRRFoZxOZbLtka+
4aHOww6WHO9Xd/Q8mGqmDsw2/6FpanMHHiM1tx/eb2g5a2iMD9KdG7wYXMeLycTP
K/0fZLVBp69p+j8A9PJ7aB5su482Clx8nAnSiDhlXoIzFZXwdA9czldE1brXERpV
dz/R/mEiXOioH0f7tL2zSJMZTHsg1ncyCsIv2WpigvptiiALMR4+b59oX6Q6+oCG
lLWvDOEQyFuGCIOaJwtff7GIDT7A7HMYT1vn2JIL91az89xo
-----END CERTIFICATE-----