This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/ken38hVxmy14aPMAbzAPgPTg5Qc.roa
File:                     ken38hVxmy14aPMAbzAPgPTg5Qc.roa (raw, json)
Hash identifier:          TJhvTJDZL4uFVPaDoKqNX3HyglY2ChDkoRzq0njH+TA=
Subject key identifier:   91:E9:F7:F2:15:71:9B:2D:78:68:F3:00:6F:30:0F:80:F4:E0:E5:07
Certificate issuer:       /CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
Certificate serial:       019B7A5AB963622732779749B621B882575D
Authority key identifier: 40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/ken38hVxmy14aPMAbzAPgPTg5Qc.roa
Signing time:             Thu 01 Jan 2026 16:18:44 +0000
ROA not before:           Thu 01 Jan 2026 16:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48137
IP address blocks:        84.11.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b9:63:62:27:32:77:97:49:b6:21:b8:82:57:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
        Validity
            Not Before: Jan  1 16:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91e9f7f215719b2d7868f3006f300f80f4e0e507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:af:c9:97:be:aa:b2:11:10:47:3e:49:5d:c8:
                    6b:f4:18:cc:49:c9:a1:bd:72:4d:3e:0a:9b:00:b5:
                    e3:f2:f0:4a:fd:bf:6d:24:d2:91:00:c4:a2:7a:22:
                    c5:e9:d0:ed:92:5b:b3:8e:a2:8f:f6:2a:03:85:2c:
                    c2:86:9a:a1:a6:79:82:48:f7:4a:22:f0:74:2e:c6:
                    ff:74:d8:57:70:5b:43:58:ea:a0:3b:60:80:bc:2d:
                    a4:3c:34:b9:8a:e8:35:1f:27:3e:0b:16:e4:42:ec:
                    5d:d7:69:2a:48:54:90:a0:fe:be:60:2a:b9:9c:38:
                    c2:a2:8c:5a:09:48:ce:d6:fc:95:8d:da:6c:09:bb:
                    05:f1:e4:c4:77:ea:f8:26:9b:26:8e:58:cb:75:fe:
                    3a:a0:35:62:b8:19:99:2b:be:6a:54:dd:6b:00:07:
                    70:72:ed:e5:f2:8b:f3:70:1f:7e:d0:8b:0c:0e:73:
                    3b:df:b4:c9:9b:3c:11:36:b9:54:99:13:98:69:53:
                    9a:de:e9:99:a0:23:e0:73:a5:23:6f:e0:a8:ff:73:
                    17:38:64:1a:b2:b5:1a:bd:d1:31:52:27:f2:dd:22:
                    d5:81:e2:50:d7:77:a5:77:a5:ad:4b:fe:96:ac:ad:
                    79:26:70:82:d8:d8:36:1a:7c:00:55:85:20:54:ac:
                    79:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E9:F7:F2:15:71:9B:2D:78:68:F3:00:6F:30:0F:80:F4:E0:E5:07
            X509v3 Authority Key Identifier:
                keyid:40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/ken38hVxmy14aPMAbzAPgPTg5Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.11.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:31:d8:1a:10:8b:ac:65:93:ff:42:a0:26:e8:28:93:a5:62:
         cd:dc:0e:28:4b:d7:c0:2f:80:52:ae:30:3b:ba:54:8a:24:57:
         4f:b5:33:42:e8:0c:bf:0c:d8:ea:ef:8f:12:8d:b5:15:3d:42:
         b4:c9:bd:41:97:a0:3c:d8:3c:6e:ad:46:8f:b8:de:20:86:38:
         8d:19:d0:0d:c3:4d:e9:68:db:1d:d8:02:4f:92:66:8b:66:50:
         1c:fa:5a:05:c6:c7:1f:96:a4:05:fc:5b:09:88:42:d3:68:0a:
         eb:12:95:8c:c5:56:9c:ed:84:e7:1b:25:ce:0a:e8:1a:eb:c9:
         c8:03:a0:62:b7:6c:ee:c2:25:a9:5c:9f:cb:19:e1:75:30:d3:
         d5:89:ed:15:f5:ff:39:c9:b7:4c:d3:6b:4f:ca:50:9a:54:1c:
         38:37:1d:cf:f5:af:f3:69:36:7e:34:64:31:a6:12:70:be:3f:
         be:ba:9d:65:13:16:6a:d9:5a:67:21:ff:24:f5:eb:b0:c8:e6:
         01:1b:85:ac:d8:5a:f1:81:d3:2d:ee:d0:54:d5:c1:3d:bc:f6:
         32:41:e4:f8:68:83:6a:d8:48:ad:c5:09:30:0f:a7:d8:78:4f:
         3f:32:66:63:25:80:de:a4:0d:fd:0f:c2:82:9d:fb:3c:9d:3f:
         f2:eb:ac:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrljYicyd5dJtiG4glddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYTI0OWVhZGViMmE5MjhmZTBjMmU3NWM5MTgyNDhiNWEx
YTI4YjkwHhcNMjYwMTAxMTYxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU5ZjdmMjE1NzE5YjJkNzg2OGYzMDA2ZjMwMGY4MGY0ZTBlNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK/Jl76qshEQRz5JXchr9BjMScmh
vXJNPgqbALXj8vBK/b9tJNKRAMSieiLF6dDtkluzjqKP9ioDhSzChpqhpnmCSPdK
IvB0Lsb/dNhXcFtDWOqgO2CAvC2kPDS5iug1Hyc+CxbkQuxd12kqSFSQoP6+YCq5
nDjCooxaCUjO1vyVjdpsCbsF8eTEd+r4JpsmjljLdf46oDViuBmZK75qVN1rAAdw
cu3l8ovzcB9+0IsMDnM737TJmzwRNrlUmROYaVOa3umZoCPgc6Ujb+Co/3MXOGQa
srUavdExUify3SLVgeJQ13eld6WtS/6WrK15JnCC2Ng2GnwAVYUgVKx5qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHp9/IVcZsteGjzAG8wD4D04OUHMB8GA1UdIwQY
MBaAFECiSeresqko/gwudckYJItaGii5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAt
ODMzMGU3ZTMyZTE5LzEva2VuMzhoVnhteTE0YVBNQWJ6QVBnUFRnNVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAtODMzMGU3ZTMyZTE5
LzEvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVAv4MA0G
CSqGSIb3DQEBCwUAA4IBAQBOMdgaEIusZZP/QqAm6CiTpWLN3A4oS9fAL4BSrjA7
ulSKJFdPtTNC6Ay/DNjq748SjbUVPUK0yb1Bl6A82DxurUaPuN4ghjiNGdANw03p
aNsd2AJPkmaLZlAc+loFxscflqQF/FsJiELTaArrEpWMxVac7YTnGyXOCuga68nI
A6Bit2zuwiWpXJ/LGeF1MNPVie0V9f85ybdM02tPylCaVBw4Nx3P9a/zaTZ+NGQx
phJwvj++up1lExZq2VpnIf8k9euwyOYBG4Ws2FrxgdMt7tBU1cE9vPYyQeT4aINq
2EitxQkwD6fYeE8/MmZjJYDepA39D8KCnfs8nT/y66yP
-----END CERTIFICATE-----