This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/kNW-FofDRFcYyJ6jdZntLsWi_kQ.roa
File:                     kNW-FofDRFcYyJ6jdZntLsWi_kQ.roa (raw, json)
Hash identifier:          vsRui+TumYQf+mEKOxKsjjJTMlbNB6Ytf/Fua/xhVUM=
Subject key identifier:   90:D5:BE:16:87:C3:44:57:18:C8:9E:A3:75:99:ED:2E:C5:A2:FE:44
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       019B77C7647E78598080BCD498C5D912A068
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/kNW-FofDRFcYyJ6jdZntLsWi_kQ.roa
Signing time:             Thu 01 Jan 2026 04:18:34 +0000
ROA not before:           Thu 01 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212953
IP address blocks:        146.19.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:64:7e:78:59:80:80:bc:d4:98:c5:d9:12:a0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Jan  1 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90d5be1687c3445718c89ea37599ed2ec5a2fe44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:38:da:a9:5f:33:06:05:44:b8:69:d6:c0:be:
                    df:68:9d:45:ec:2d:9f:7b:6a:75:c2:9e:17:b1:48:
                    2c:2b:fa:80:fc:a6:a6:64:83:5a:fd:d4:7a:34:a2:
                    35:d1:fa:8a:d8:72:e7:80:21:ac:db:9c:8b:d7:39:
                    6f:6d:9c:f3:01:e6:b9:91:bf:75:a2:aa:4a:2e:49:
                    80:0c:6c:48:35:3f:0d:d0:1c:36:0f:d1:65:ab:37:
                    e6:57:b8:b3:c6:d0:9b:2d:e5:5c:56:c6:37:e7:c6:
                    a1:2a:9e:2e:cf:dc:86:17:d7:67:f8:0b:2a:34:4c:
                    db:f7:52:ec:99:19:36:24:f0:98:08:68:df:05:3b:
                    51:8a:aa:58:ed:96:79:4d:8f:24:6a:42:36:66:26:
                    1a:4d:82:f9:eb:e2:83:5a:08:74:65:f8:ff:9f:71:
                    7d:bb:50:b6:70:b0:9f:3e:aa:f2:fe:d3:e4:a0:b2:
                    c9:7e:68:75:85:77:b3:3d:ff:ab:45:da:fc:29:8b:
                    6c:2e:25:84:a8:3a:f7:51:f7:19:63:59:9d:a6:df:
                    37:f0:1e:21:3e:fe:e2:21:f7:a9:fe:1f:76:e3:f5:
                    52:4a:25:27:f2:ad:3f:62:0d:ff:76:0f:b1:57:83:
                    d3:00:5c:c5:f0:d6:cb:89:eb:ed:1e:72:3a:d6:ab:
                    59:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D5:BE:16:87:C3:44:57:18:C8:9E:A3:75:99:ED:2E:C5:A2:FE:44
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/kNW-FofDRFcYyJ6jdZntLsWi_kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6e:21:1e:f1:be:68:a6:52:27:4f:de:8f:4b:64:1b:86:16:
         e2:f5:4e:13:04:25:3f:77:20:d4:4a:2d:11:30:f4:0f:2e:df:
         07:0f:84:1f:e3:4f:8a:6e:db:76:bd:1b:3e:bd:7a:02:f3:ad:
         ae:af:d1:10:8f:19:a7:ba:d7:62:9d:94:94:d8:72:05:eb:1d:
         76:98:da:46:72:56:ca:1f:7f:6b:3c:f0:22:bf:29:9b:44:54:
         e7:12:75:45:26:05:f1:50:b6:8f:a9:59:f7:72:c1:c5:64:0b:
         32:79:db:3c:2b:f6:a1:89:44:20:db:2f:e5:33:f4:69:c2:b5:
         71:63:90:4f:2d:e5:f7:b0:25:9e:75:f6:e8:83:c1:47:7b:09:
         d5:14:72:fd:34:7f:43:42:e3:03:c8:b6:74:ac:ab:27:91:b4:
         bb:33:38:5d:32:d9:6f:92:6e:aa:7c:7e:fb:6d:68:56:dd:60:
         05:9f:c6:5f:63:b5:76:94:5e:92:04:e8:32:0b:80:30:9e:90:
         f6:5c:cd:01:7f:f3:70:4b:b5:4c:71:14:f3:6a:c3:c6:86:79:
         78:29:8e:01:d6:16:89:47:e2:59:09:35:cd:e4:dc:b7:5e:e7:
         f3:5a:54:22:4c:53:f0:c6:7e:94:4b:a3:e8:c1:e5:8c:00:a6:
         8c:00:76:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x2R+eFmAgLzUmMXZEqBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjYwMTAxMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQ1YmUxNjg3YzM0NDU3MThjODllYTM3NTk5ZWQyZWM1YTJmZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjjaqV8zBgVEuGnWwL7faJ1F7C2f
e2p1wp4XsUgsK/qA/KamZINa/dR6NKI10fqK2HLngCGs25yL1zlvbZzzAea5kb91
oqpKLkmADGxINT8N0Bw2D9FlqzfmV7izxtCbLeVcVsY358ahKp4uz9yGF9dn+Asq
NEzb91LsmRk2JPCYCGjfBTtRiqpY7ZZ5TY8kakI2ZiYaTYL56+KDWgh0Zfj/n3F9
u1C2cLCfPqry/tPkoLLJfmh1hXezPf+rRdr8KYtsLiWEqDr3UfcZY1mdpt838B4h
Pv7iIfep/h924/VSSiUn8q0/Yg3/dg+xV4PTAFzF8NbLievtHnI61qtZLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDVvhaHw0RXGMieo3WZ7S7Fov5EMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEva05XLUZvZkRSRmNZeUo2amRabnRMc1dpX2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM5MA0G
CSqGSIb3DQEBCwUAA4IBAQA2biEe8b5oplInT96PS2Qbhhbi9U4TBCU/dyDUSi0R
MPQPLt8HD4Qf40+Kbtt2vRs+vXoC862ur9EQjxmnutdinZSU2HIF6x12mNpGclbK
H39rPPAivymbRFTnEnVFJgXxULaPqVn3csHFZAsyeds8K/ahiUQg2y/lM/RpwrVx
Y5BPLeX3sCWedfbog8FHewnVFHL9NH9DQuMDyLZ0rKsnkbS7MzhdMtlvkm6qfH77
bWhW3WAFn8ZfY7V2lF6SBOgyC4AwnpD2XM0Bf/NwS7VMcRTzasPGhnl4KY4B1haJ
R+JZCTXN5Ny3XufzWlQiTFPwxn6US6PoweWMAKaMAHYg
-----END CERTIFICATE-----