This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/KrSk2jRU2oEHfGvgx800e5GKxhA.roa
File:                     KrSk2jRU2oEHfGvgx800e5GKxhA.roa (raw, json)
Hash identifier:          Kyx+62+FYOcUJqo2tHJtaKxWwFEQu2NCl98mkWMufAs=
Subject key identifier:   2A:B4:A4:DA:34:54:DA:81:07:7C:6B:E0:C7:CD:34:7B:91:8A:C6:10
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       019B7B368736E6553B4EECC5EF968FAC6E87
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/KrSk2jRU2oEHfGvgx800e5GKxhA.roa
Signing time:             Thu 01 Jan 2026 20:18:49 +0000
ROA not before:           Thu 01 Jan 2026 20:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57804
IP address blocks:        185.160.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:87:36:e6:55:3b:4e:ec:c5:ef:96:8f:ac:6e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  1 20:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ab4a4da3454da81077c6be0c7cd347b918ac610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ec:89:73:1c:dd:ca:40:5d:0e:7a:e7:49:68:
                    93:02:8c:ba:83:49:56:e1:9c:ea:22:31:b0:f9:a1:
                    ab:de:9b:91:59:d8:73:f8:f8:6a:b5:c7:67:3e:e2:
                    98:f1:9d:82:20:af:96:2b:cb:66:a2:48:2a:b1:c6:
                    9f:01:c0:d0:3f:d8:82:75:91:be:36:3f:97:32:8d:
                    d6:b7:32:85:e5:b0:74:7b:19:63:08:e5:26:5c:fa:
                    89:d2:45:a4:3a:d2:4c:07:98:1e:ec:69:79:bd:89:
                    bd:60:05:6e:1e:6c:91:50:5c:ef:47:2c:f9:fc:9b:
                    25:33:37:1c:57:7d:7c:c5:92:2b:74:51:9c:6c:4e:
                    1e:ab:72:0a:fc:c3:aa:8d:ad:b4:d8:a6:78:71:3d:
                    60:ce:8c:17:69:f9:6f:a2:7e:dc:9d:59:ca:9a:f1:
                    14:05:5c:0f:30:8d:97:ed:ce:00:4b:c1:59:d7:4b:
                    90:4f:64:57:a8:3b:6f:db:7c:29:c5:24:b1:17:1e:
                    cb:b5:2a:bc:99:ab:16:ac:dc:3e:28:20:b8:b1:47:
                    6c:06:d0:1b:95:9e:2c:52:7b:a5:24:3b:ea:1b:4e:
                    63:a6:35:15:9e:6e:ff:0e:70:be:d8:ca:b8:ea:18:
                    29:e9:6a:78:c4:92:b4:7e:91:88:fd:af:93:f8:42:
                    5f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B4:A4:DA:34:54:DA:81:07:7C:6B:E0:C7:CD:34:7B:91:8A:C6:10
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/KrSk2jRU2oEHfGvgx800e5GKxhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:97:91:fc:76:8f:67:95:82:7f:8c:7a:99:8e:a8:6d:e5:34:
         73:55:47:77:82:7d:52:65:40:71:e6:92:b1:3a:d7:0f:6b:40:
         98:11:17:1a:f2:4d:a8:5d:af:16:d0:93:cf:8d:f0:3d:9c:4e:
         02:4f:79:47:89:8a:74:d7:38:29:a8:f7:f2:b6:07:46:c6:23:
         2e:eb:a1:b0:ef:bb:8c:39:0c:9d:3b:50:fb:bc:6e:d7:a9:c1:
         bf:14:97:c6:29:4a:aa:22:04:e4:74:c3:9c:e3:f2:be:fb:14:
         8c:9d:12:f4:4f:b8:18:3e:59:07:ad:bb:a3:6a:0f:d4:d8:f9:
         ea:2a:cd:6d:a0:69:29:4e:9a:dc:1c:f1:e4:bb:c9:32:b6:d9:
         7d:c3:ba:70:ce:cb:55:7b:d0:1d:3b:04:f2:c5:df:0c:cd:04:
         f0:cc:6e:ae:4d:fa:8a:f4:8d:6f:8e:e4:1e:98:36:3a:79:0e:
         25:f5:ac:fa:56:f6:fd:4a:f6:02:a1:58:ed:72:ab:e9:f7:ba:
         5d:5b:2e:4c:9d:4f:0a:a6:43:cf:bb:d1:59:52:c0:e6:e1:f8:
         3d:7c:58:6a:60:56:46:ef:69:e6:7d:2e:0d:d3:d3:0c:60:7a:
         3c:6c:85:66:f0:f2:0e:b2:24:95:fd:e6:d5:a5:a0:05:80:53:
         c2:e6:2f:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Noc25lU7TuzF75aPrG6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjYwMTAxMjAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI0YTRkYTM0NTRkYTgxMDc3YzZiZTBjN2NkMzQ3YjkxOGFjNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquyJcxzdykBdDnrnSWiTAoy6g0lW
4ZzqIjGw+aGr3puRWdhz+PhqtcdnPuKY8Z2CIK+WK8tmokgqscafAcDQP9iCdZG+
Nj+XMo3WtzKF5bB0exljCOUmXPqJ0kWkOtJMB5ge7Gl5vYm9YAVuHmyRUFzvRyz5
/JslMzccV318xZIrdFGcbE4eq3IK/MOqja202KZ4cT1gzowXaflvon7cnVnKmvEU
BVwPMI2X7c4AS8FZ10uQT2RXqDtv23wpxSSxFx7LtSq8masWrNw+KCC4sUdsBtAb
lZ4sUnulJDvqG05jpjUVnm7/DnC+2Mq46hgp6Wp4xJK0fpGI/a+T+EJfuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq0pNo0VNqBB3xr4MfNNHuRisYQMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvS3JTazJqUlUyb0VIZkd2Z3g4MDBlNUdLeGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaBbMA0G
CSqGSIb3DQEBCwUAA4IBAQBwl5H8do9nlYJ/jHqZjqht5TRzVUd3gn1SZUBx5pKx
OtcPa0CYERca8k2oXa8W0JPPjfA9nE4CT3lHiYp01zgpqPfytgdGxiMu66Gw77uM
OQydO1D7vG7XqcG/FJfGKUqqIgTkdMOc4/K++xSMnRL0T7gYPlkHrbujag/U2Pnq
Ks1toGkpTprcHPHku8kyttl9w7pwzstVe9AdOwTyxd8MzQTwzG6uTfqK9I1vjuQe
mDY6eQ4l9az6Vvb9SvYCoVjtcqvp97pdWy5MnU8KpkPPu9FZUsDm4fg9fFhqYFZG
72nmfS4N09MMYHo8bIVm8PIOsiSV/ebVpaAFgFPC5i8A
-----END CERTIFICATE-----