This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/kivoHyrrTapcSTu_dcsRevtd1qU.roa
File:                     kivoHyrrTapcSTu_dcsRevtd1qU.roa (raw, json)
Hash identifier:          vlUy1Pp06OgEmxAK5wPWEB8oYerqdlsGZx57sDlsb/I=
Subject key identifier:   92:2B:E8:1F:2A:EB:4D:AA:5C:49:3B:BF:75:CB:11:7A:FB:5D:D6:A5
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019B7FF17D23561A3D798E3E80DAF860A0F6
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/kivoHyrrTapcSTu_dcsRevtd1qU.roa
Signing time:             Fri 02 Jan 2026 18:21:31 +0000
ROA not before:           Fri 02 Jan 2026 18:21:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        194.76.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:7d:23:56:1a:3d:79:8e:3e:80:da:f8:60:a0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 18:21:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=922be81f2aeb4daa5c493bbf75cb117afb5dd6a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:de:57:c0:c0:86:cd:21:d6:c7:68:94:2e:29:
                    35:cf:19:fa:2b:ac:67:c6:fd:fb:98:06:48:75:2c:
                    34:e8:53:8c:b4:6c:22:c7:94:e0:22:02:c2:83:b0:
                    13:99:ab:07:77:74:23:8a:b0:ad:1e:ba:e5:fe:73:
                    58:cc:95:16:f1:62:9d:ed:57:b1:a2:1c:74:d2:ae:
                    67:0f:c8:2a:de:7e:94:b9:d2:32:23:6e:18:7d:86:
                    26:88:11:a3:f7:1d:70:3d:24:0b:ed:eb:b8:86:b8:
                    77:c6:e7:3a:73:c8:ba:53:74:b4:11:3e:10:82:8d:
                    24:6a:4d:10:bb:72:be:c0:77:94:4a:b7:a9:de:53:
                    10:24:3d:7b:09:1d:da:5d:b9:12:6e:cd:7d:53:25:
                    0c:4f:9a:84:21:41:40:7d:ce:e6:b5:e2:6e:ac:4e:
                    79:8a:b8:ac:25:63:85:1a:62:71:6b:a4:fb:11:67:
                    de:91:72:bb:02:cf:50:74:c8:e6:a5:bd:71:b0:48:
                    d3:d5:c8:69:c2:3f:a7:13:80:bc:3b:44:c6:05:a3:
                    96:a4:1e:08:c5:84:73:96:51:2a:7d:2d:64:a4:08:
                    fe:10:3b:e5:8d:4f:91:32:f7:1c:7b:f6:17:eb:0f:
                    b6:2e:a1:1b:26:10:77:2d:01:5d:cf:22:62:46:3f:
                    01:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:2B:E8:1F:2A:EB:4D:AA:5C:49:3B:BF:75:CB:11:7A:FB:5D:D6:A5
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/kivoHyrrTapcSTu_dcsRevtd1qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:cb:1c:0c:d8:3b:75:d5:25:3d:bf:32:b9:55:2a:c4:84:b9:
         d7:59:ac:28:d1:85:a5:19:d3:76:f0:2f:ee:71:7b:46:f8:e0:
         40:8b:a6:83:61:6a:36:e2:9b:b1:30:c7:26:ae:98:5e:f1:93:
         88:da:b6:1c:d9:af:85:e0:cc:9c:59:ce:c4:2b:12:da:58:50:
         a9:d2:f9:09:11:51:e6:a9:f6:3d:bd:92:55:cf:d3:68:a6:89:
         7c:75:43:80:40:2d:7e:fb:b9:09:04:9d:ca:81:c4:ce:df:6f:
         10:97:15:16:4d:6e:4c:b3:8c:8c:a5:0c:ae:cb:bd:46:8c:5d:
         4f:cf:ab:34:d3:38:de:23:ed:1f:fb:76:62:23:cb:96:98:a7:
         4b:fb:b3:be:fd:34:0e:45:37:97:df:e5:43:43:93:0a:74:62:
         70:67:74:e4:c9:46:a2:56:60:36:fd:ce:86:d9:36:5c:e1:7c:
         b7:56:81:ab:a8:a3:23:f4:a4:0b:70:e6:38:59:b4:16:39:dc:
         34:6e:7e:d4:6b:fb:34:14:d4:14:4c:3f:c9:4b:d0:ba:50:f5:
         a7:ab:6a:f9:c0:e6:ef:c3:40:f4:09:9b:3f:45:b3:3c:03:22:
         81:3b:82:97:e7:b0:65:ca:aa:4b:aa:c9:d6:84:f1:f1:08:b6:
         39:71:cf:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8X0jVho9eY4+gNr4YKD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjYwMTAyMTgyMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjJiZTgxZjJhZWI0ZGFhNWM0OTNiYmY3NWNiMTE3YWZiNWRkNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmd5XwMCGzSHWx2iULik1zxn6K6xn
xv37mAZIdSw06FOMtGwix5TgIgLCg7ATmasHd3QjirCtHrrl/nNYzJUW8WKd7Vex
ohx00q5nD8gq3n6UudIyI24YfYYmiBGj9x1wPSQL7eu4hrh3xuc6c8i6U3S0ET4Q
go0kak0Qu3K+wHeUSrep3lMQJD17CR3aXbkSbs19UyUMT5qEIUFAfc7mteJurE55
irisJWOFGmJxa6T7EWfekXK7As9QdMjmpb1xsEjT1chpwj+nE4C8O0TGBaOWpB4I
xYRzllEqfS1kpAj+EDvljU+RMvcce/YX6w+2LqEbJhB3LQFdzyJiRj8BbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIr6B8q602qXEk7v3XLEXr7XdalMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEva2l2b0h5cnJUYXBjU1R1X2Rjc1JldnRkMXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkxxMA0G
CSqGSIb3DQEBCwUAA4IBAQCLyxwM2Dt11SU9vzK5VSrEhLnXWawo0YWlGdN28C/u
cXtG+OBAi6aDYWo24puxMMcmrphe8ZOI2rYc2a+F4MycWc7EKxLaWFCp0vkJEVHm
qfY9vZJVz9Nopol8dUOAQC1++7kJBJ3KgcTO328QlxUWTW5Ms4yMpQyuy71GjF1P
z6s00zjeI+0f+3ZiI8uWmKdL+7O+/TQORTeX3+VDQ5MKdGJwZ3TkyUaiVmA2/c6G
2TZc4Xy3VoGrqKMj9KQLcOY4WbQWOdw0bn7Ua/s0FNQUTD/JS9C6UPWnq2r5wObv
w0D0CZs/RbM8AyKBO4KX57BlyqpLqsnWhPHxCLY5cc8g
-----END CERTIFICATE-----