This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Kw3halcLJqtOzptZpUiCUgnn2C8.roa
File:                     Kw3halcLJqtOzptZpUiCUgnn2C8.roa (raw, json)
Hash identifier:          fykawWENEq2Aj5HKOD8iBpZCBO+i2gcxksOXX0gXKNw=
Subject key identifier:   2B:0D:E1:6A:57:0B:26:AB:4E:CE:9B:59:A5:48:82:52:09:E7:D8:2F
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       019B76EAEB0BF8D8D97E4D0922FB0A8F38B2
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Kw3halcLJqtOzptZpUiCUgnn2C8.roa
Signing time:             Thu 01 Jan 2026 00:17:45 +0000
ROA not before:           Thu 01 Jan 2026 00:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204492
IP address blocks:        82.194.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:eb:0b:f8:d8:d9:7e:4d:09:22:fb:0a:8f:38:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 00:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b0de16a570b26ab4ece9b59a548825209e7d82f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:67:57:20:80:88:0e:76:b5:98:61:5b:7e:8b:
                    c4:ff:41:c6:77:85:14:f5:64:03:9a:63:d0:60:a0:
                    36:5b:b9:a3:40:c7:0e:43:6c:d6:94:0f:3a:fc:84:
                    2c:0b:82:91:dd:26:78:42:81:ee:83:80:56:8e:69:
                    49:31:91:8c:14:a9:2b:a4:cd:6a:be:50:e6:a0:7c:
                    d0:9a:eb:5b:d1:0e:b7:4d:6a:12:2e:49:c6:41:e9:
                    96:15:8d:e8:d9:5d:84:cb:16:43:f8:df:4c:4a:23:
                    55:ac:0b:26:80:04:81:02:3c:50:89:4f:ba:6a:73:
                    7c:85:05:97:34:0f:00:a0:74:f9:d5:f0:a2:fc:48:
                    bb:91:24:9e:3b:ab:9b:c9:36:b0:92:d2:b4:75:87:
                    47:4a:dc:97:32:b3:79:49:bd:95:01:7d:a4:13:be:
                    cc:b3:39:90:11:e1:61:d7:d9:75:bf:75:29:6f:25:
                    6a:b2:b1:2c:54:39:cc:18:95:2b:e8:9d:2d:6e:ed:
                    0f:27:e4:b0:4a:29:a5:e6:6e:c4:60:64:aa:45:60:
                    27:e6:30:0b:6c:0c:13:92:4f:b9:da:2a:5e:32:f6:
                    36:1f:59:ee:7d:6e:08:f7:7d:a3:33:22:e0:28:c9:
                    c2:6f:e4:0e:9e:89:8d:ee:f9:7e:0d:55:0c:f1:2a:
                    23:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0D:E1:6A:57:0B:26:AB:4E:CE:9B:59:A5:48:82:52:09:E7:D8:2F
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Kw3halcLJqtOzptZpUiCUgnn2C8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.194.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:cf:36:3c:26:82:5a:44:70:28:40:82:48:0a:1d:4b:15:fa:
         b2:42:59:be:d3:96:8c:89:bd:b9:53:89:4a:73:fa:8c:ab:ec:
         b8:bd:48:30:39:78:14:6e:89:7a:e3:96:34:f8:57:f4:55:2b:
         98:55:b2:32:5e:23:dc:ae:1b:5c:f7:48:58:7f:ef:77:7d:5a:
         14:ce:68:11:00:e3:17:dc:2d:b9:8b:b9:c0:fc:7d:5a:cf:c9:
         08:ce:a4:e3:b8:1d:db:3b:49:49:57:e1:9d:d3:99:ec:36:60:
         7f:70:df:ec:69:17:cf:12:1f:73:64:6c:31:78:52:04:b8:a4:
         cc:5e:07:17:e5:66:be:41:92:af:38:cf:aa:93:07:69:c8:07:
         30:ec:03:9c:1b:73:e0:4e:2c:e7:88:f4:07:ef:f4:83:a7:dd:
         b1:9c:e3:11:b5:e9:a6:92:ed:21:97:54:fe:34:2b:27:28:94:
         67:7f:5f:66:11:ff:0c:ab:95:38:20:55:c0:49:ac:f4:dc:c7:
         a5:ff:db:02:a5:b2:d3:e8:98:f1:44:95:99:75:ec:8e:90:78:
         17:0e:9f:59:30:56:74:73:05:81:6d:f9:f3:8f:ba:3f:0d:9f:
         d0:5a:7a:9f:b1:a0:82:fb:d6:40:d1:bb:56:3d:87:38:d6:ac:
         18:f9:1c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26usL+NjZfk0JIvsKjziyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjYwMTAxMDAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBkZTE2YTU3MGIyNmFiNGVjZTliNTlhNTQ4ODI1MjA5ZTdkODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGdXIICIDna1mGFbfovE/0HGd4UU
9WQDmmPQYKA2W7mjQMcOQ2zWlA86/IQsC4KR3SZ4QoHug4BWjmlJMZGMFKkrpM1q
vlDmoHzQmutb0Q63TWoSLknGQemWFY3o2V2EyxZD+N9MSiNVrAsmgASBAjxQiU+6
anN8hQWXNA8AoHT51fCi/Ei7kSSeO6ubyTawktK0dYdHStyXMrN5Sb2VAX2kE77M
szmQEeFh19l1v3UpbyVqsrEsVDnMGJUr6J0tbu0PJ+SwSiml5m7EYGSqRWAn5jAL
bAwTkk+52ipeMvY2H1nufW4I932jMyLgKMnCb+QOnomN7vl+DVUM8Soj3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsN4WpXCyarTs6bWaVIglIJ59gvMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvS3czaGFsY0xKcXRPenB0WnBVaUNVZ25uMkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUsLsMA0G
CSqGSIb3DQEBCwUAA4IBAQBszzY8JoJaRHAoQIJICh1LFfqyQlm+05aMib25U4lK
c/qMq+y4vUgwOXgUbol645Y0+Ff0VSuYVbIyXiPcrhtc90hYf+93fVoUzmgRAOMX
3C25i7nA/H1az8kIzqTjuB3bO0lJV+Gd05nsNmB/cN/saRfPEh9zZGwxeFIEuKTM
XgcX5Wa+QZKvOM+qkwdpyAcw7AOcG3PgTizniPQH7/SDp92xnOMRtemmku0hl1T+
NCsnKJRnf19mEf8Mq5U4IFXASaz03Mel/9sCpbLT6JjxRJWZdeyOkHgXDp9ZMFZ0
cwWBbfnzj7o/DZ/QWnqfsaCC+9ZA0btWPYc41qwY+RxK
-----END CERTIFICATE-----