This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/KO-QbiA4B8Fqmh4PoUG1b2CWqyo.roa
File:                     KO-QbiA4B8Fqmh4PoUG1b2CWqyo.roa (raw, json)
Hash identifier:          AQjqAS5i/LVUFXeGIyKdhva6id7Kjy8HsHgnyuWVcqc=
Subject key identifier:   28:EF:90:6E:20:38:07:C1:6A:9A:1E:0F:A1:41:B5:6F:60:96:AB:2A
Certificate issuer:       /CN=f8555a7883f92b9f9ba422a96b4e397bf5fb8fc7
Certificate serial:       019B797F29E6E8B7537A0EF1D610610BA9B4
Authority key identifier: F8:55:5A:78:83:F9:2B:9F:9B:A4:22:A9:6B:4E:39:7B:F5:FB:8F:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-FVaeIP5K5-bpCKpa045e_X7j8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/KO-QbiA4B8Fqmh4PoUG1b2CWqyo.roa
Signing time:             Thu 01 Jan 2026 12:18:55 +0000
ROA not before:           Thu 01 Jan 2026 12:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35197
IP address blocks:        45.159.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/1-FVaeIP5K5-bpCKpa045e_X7j8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/1-FVaeIP5K5-bpCKpa045e_X7j8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-FVaeIP5K5-bpCKpa045e_X7j8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:29:e6:e8:b7:53:7a:0e:f1:d6:10:61:0b:a9:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8555a7883f92b9f9ba422a96b4e397bf5fb8fc7
        Validity
            Not Before: Jan  1 12:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28ef906e203807c16a9a1e0fa141b56f6096ab2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:eb:94:1d:a9:2f:50:34:5d:90:aa:72:fd:a8:
                    85:44:12:f9:c8:d1:6f:0f:2e:78:bb:15:5d:9b:8e:
                    8e:3b:5b:16:71:b5:1b:d7:ad:aa:f5:44:39:b5:1f:
                    4d:00:b3:ef:c0:14:9d:0c:fc:7c:20:2b:8c:6c:aa:
                    85:01:0f:e0:47:ff:e1:82:7d:71:e4:09:c2:99:7f:
                    9c:52:9b:b3:77:96:af:4c:e8:a6:ed:9f:70:c7:7e:
                    a3:3d:62:00:e5:de:5c:85:58:f8:86:72:97:87:21:
                    d2:15:ac:cb:1a:5a:d8:74:c8:0a:2d:bf:bd:65:42:
                    56:43:00:5e:86:ef:80:29:f7:db:53:73:06:ce:49:
                    51:f5:ee:72:74:e3:1f:5e:44:a3:2a:b0:a4:60:41:
                    3c:63:65:8c:06:01:3f:b9:92:01:93:28:4e:0e:a6:
                    dd:ec:c5:7d:c3:1e:55:ad:79:ab:f1:8c:b6:95:55:
                    a7:9b:96:e8:57:47:da:fe:a2:9d:18:22:43:6e:85:
                    5f:4a:b9:83:58:b9:08:7e:7b:fa:19:1e:33:b5:0f:
                    99:57:66:89:d7:1e:27:04:55:1c:41:35:1e:94:6d:
                    54:35:91:4e:3a:81:10:cd:2d:a2:69:fe:98:e8:d4:
                    15:a3:00:c0:d9:93:e8:02:89:fe:d6:0d:2f:85:af:
                    21:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EF:90:6E:20:38:07:C1:6A:9A:1E:0F:A1:41:B5:6F:60:96:AB:2A
            X509v3 Authority Key Identifier:
                keyid:F8:55:5A:78:83:F9:2B:9F:9B:A4:22:A9:6B:4E:39:7B:F5:FB:8F:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-FVaeIP5K5-bpCKpa045e_X7j8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/KO-QbiA4B8Fqmh4PoUG1b2CWqyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/82445f-d1d7-46b0-af4f-766c06e5f075/1/1-FVaeIP5K5-bpCKpa045e_X7j8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c5:1f:a2:22:c5:7d:73:b5:fe:c6:66:30:a2:62:50:26:b6:
         f3:ee:ac:96:cc:8c:d7:8a:c6:de:3a:91:e5:75:e8:50:56:78:
         d6:7b:ed:e4:21:23:46:91:d6:23:b7:7b:ea:16:e8:d1:c7:a3:
         e6:dd:e5:8b:82:c6:ac:5f:51:8d:bd:cf:81:86:c8:6a:37:81:
         df:0c:d3:d4:32:99:4e:6b:4a:dc:01:e6:84:5e:33:e6:69:b8:
         d5:57:d3:c5:0a:52:f8:20:bc:f2:9a:d4:33:2c:d4:42:f0:ea:
         a3:bc:b8:73:1e:42:9f:d3:26:f1:a6:d1:86:13:c6:1b:b8:38:
         7e:4a:43:3d:6b:ff:34:96:a0:c0:84:7c:8d:23:1f:b9:6e:17:
         c7:14:ba:9a:1b:6c:57:4a:a3:85:1e:68:6f:17:b6:b6:5b:e0:
         9e:8a:63:76:09:4a:aa:cf:b9:d8:7f:5c:e2:90:61:0e:ca:79:
         11:13:cc:c5:f3:05:2a:83:c6:1f:32:e3:a0:85:5c:5e:b2:e6:
         1e:39:51:07:30:6a:7d:60:3b:b2:13:cf:db:b3:51:90:55:03:
         54:2b:0c:d9:ab:5b:a7:f2:9e:56:48:8a:10:7a:8d:ca:a0:c0:
         ab:99:58:a4:ac:91:65:50:22:4d:17:89:08:a8:d2:d9:2b:85:
         f6:74:5a:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt5fynm6LdTeg7x1hBhC6m0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NTU1YTc4ODNmOTJiOWY5YmE0MjJhOTZiNGUzOTdiZjVm
YjhmYzcwHhcNMjYwMTAxMTIxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVmOTA2ZTIwMzgwN2MxNmE5YTFlMGZhMTQxYjU2ZjYwOTZhYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OuUHakvUDRdkKpy/aiFRBL5yNFv
Dy54uxVdm46OO1sWcbUb162q9UQ5tR9NALPvwBSdDPx8ICuMbKqFAQ/gR//hgn1x
5AnCmX+cUpuzd5avTOim7Z9wx36jPWIA5d5chVj4hnKXhyHSFazLGlrYdMgKLb+9
ZUJWQwBehu+AKffbU3MGzklR9e5ydOMfXkSjKrCkYEE8Y2WMBgE/uZIBkyhODqbd
7MV9wx5VrXmr8Yy2lVWnm5boV0fa/qKdGCJDboVfSrmDWLkIfnv6GR4ztQ+ZV2aJ
1x4nBFUcQTUelG1UNZFOOoEQzS2iaf6Y6NQVowDA2ZPoAon+1g0vha8hwwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCjvkG4gOAfBapoeD6FBtW9glqsqMB8GA1UdIwQY
MBaAFPhVWniD+Sufm6QiqWtOOXv1+4/HMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1GVmFlSVA1SzUtYnBDS3BhMDQ1ZV9YN2o4Yy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvODI0NDVmLWQxZDctNDZiMC1hZjRm
LTc2NmMwNmU1ZjA3NS8xL0tPLVFiaUE0QjhGcW1oNFBvVUcxYjJDV3F5by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2IvODI0NDVmLWQxZDctNDZiMC1hZjRmLTc2NmMwNmU1ZjA3
NS8xLzEtRlZhZUlQNUs1LWJwQ0twYTA0NWVfWDdqOGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtn7sw
DQYJKoZIhvcNAQELBQADggEBAFPFH6IixX1ztf7GZjCiYlAmtvPurJbMjNeKxt46
keV16FBWeNZ77eQhI0aR1iO3e+oW6NHHo+bd5YuCxqxfUY29z4GGyGo3gd8M09Qy
mU5rStwB5oReM+ZpuNVX08UKUvggvPKa1DMs1ELw6qO8uHMeQp/TJvGm0YYTxhu4
OH5KQz1r/zSWoMCEfI0jH7luF8cUupobbFdKo4UeaG8XtrZb4J6KY3YJSqrPudh/
XOKQYQ7KeRETzMXzBSqDxh8y46CFXF6y5h45UQcwan1gO7ITz9uzUZBVA1QrDNmr
W6fynlZIihB6jcqgwKuZWKSskWVQIk0XiQio0tkrhfZ0Wgw=
-----END CERTIFICATE-----