This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KjOmuxG94Xm5JcaoG5LkIX4wqRM.roa
File:                     KjOmuxG94Xm5JcaoG5LkIX4wqRM.roa (raw, json)
Hash identifier:          figV7Vwu7+lWHqzMVdR1BOg/1W1wp1AGa+sIzcCr7BA=
Subject key identifier:   2A:33:A6:BB:11:BD:E1:79:B9:25:C6:A8:1B:92:E4:21:7E:30:A9:13
Certificate issuer:       /CN=2919461844549824500b7cd1c451d824ba6e5677
Certificate serial:       019B7A59ECA36BA6771B8F0C2956CD98D7B9
Authority key identifier: 29:19:46:18:44:54:98:24:50:0B:7C:D1:C4:51:D8:24:BA:6E:56:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KjOmuxG94Xm5JcaoG5LkIX4wqRM.roa
Signing time:             Thu 01 Jan 2026 16:17:52 +0000
ROA not before:           Thu 01 Jan 2026 16:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6876
IP address blocks:        91.194.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:59:ec:a3:6b:a6:77:1b:8f:0c:29:56:cd:98:d7:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2919461844549824500b7cd1c451d824ba6e5677
        Validity
            Not Before: Jan  1 16:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a33a6bb11bde179b925c6a81b92e4217e30a913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d1:8d:a3:96:e0:17:e2:2a:4d:68:fb:0c:8c:
                    8a:8c:f5:68:4e:58:57:44:de:8f:86:e6:dc:b8:c3:
                    ca:60:65:34:98:5b:57:ac:7d:82:84:ae:21:fd:a1:
                    41:79:f3:75:36:8c:06:3d:2d:14:6c:89:0b:32:7c:
                    db:64:22:8a:25:cc:75:0e:02:08:a9:63:3a:9a:50:
                    95:9a:ba:35:4e:68:79:4e:dd:91:4e:07:ba:5d:b9:
                    c4:1b:90:d8:06:c0:49:13:dd:67:4e:c3:7a:c3:c6:
                    59:26:e0:95:52:5e:2d:ad:03:4d:a7:4e:a6:ad:b6:
                    cb:43:ad:d7:f4:3c:fe:d7:e3:ab:b0:8a:fb:81:4e:
                    35:6e:00:20:c5:64:76:13:55:53:93:fd:23:bc:57:
                    cc:b9:ef:71:1f:d4:24:ef:15:fd:9d:2c:8e:12:9f:
                    10:f7:c0:02:cc:08:6f:d3:b1:b9:05:ac:f1:18:e9:
                    a7:75:8d:57:23:a5:93:cc:4a:3d:6e:a3:67:21:78:
                    2a:4e:e8:0f:ad:88:fb:78:7e:64:fd:d3:07:d1:5b:
                    d0:fe:c6:fa:45:ca:65:c4:35:2f:b9:fb:11:c0:1c:
                    d3:fe:0e:5a:07:df:b3:05:d6:97:8f:66:a2:dc:4d:
                    cf:5c:aa:b3:6f:67:91:e2:f3:00:0c:e2:37:dc:3d:
                    f5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:33:A6:BB:11:BD:E1:79:B9:25:C6:A8:1B:92:E4:21:7E:30:A9:13
            X509v3 Authority Key Identifier:
                keyid:29:19:46:18:44:54:98:24:50:0B:7C:D1:C4:51:D8:24:BA:6E:56:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KjOmuxG94Xm5JcaoG5LkIX4wqRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:d1:94:d5:e6:b3:ca:7c:f9:c9:8b:72:ae:ee:d3:41:13:25:
         74:5b:33:b6:38:7d:61:bb:fb:bb:b0:71:98:3c:a8:44:c5:cc:
         e8:a4:d6:45:79:bd:d1:6e:bd:c3:1e:77:2d:0a:fd:81:d9:05:
         60:b2:8e:d7:3e:76:d5:d2:21:8b:59:69:9b:b9:35:b7:dc:57:
         d8:fa:8b:de:ec:79:48:89:89:f1:ac:2c:06:51:5d:d3:23:09:
         0c:af:b0:69:ce:b0:16:f6:f1:ee:7e:03:0d:92:b2:a1:6c:f4:
         12:be:c3:da:f0:45:c8:b0:b5:92:50:11:40:87:bd:c3:c5:b6:
         ce:fd:f7:c9:bd:c3:5e:7e:d8:d7:28:f6:29:aa:27:0b:79:67:
         26:f6:8a:87:6d:46:f7:58:87:43:0e:6a:d8:01:27:da:4a:ce:
         46:8d:bd:1b:1d:17:4a:de:cc:a0:7e:09:6f:a2:f5:9b:16:00:
         0c:f4:41:3a:ad:68:15:26:f6:67:d0:90:48:3b:5a:56:41:c2:
         be:64:a5:96:b7:78:44:b7:04:ae:1c:25:9d:e4:0b:97:b3:eb:
         02:fc:ae:84:11:31:a2:86:dc:8d:eb:8b:45:65:1f:5a:19:31:
         b6:cd:09:50:22:6a:e3:22:f2:50:44:45:26:76:a5:28:fd:26:
         aa:47:35:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Weyja6Z3G48MKVbNmNe5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTk0NjE4NDQ1NDk4MjQ1MDBiN2NkMWM0NTFkODI0YmE2
ZTU2NzcwHhcNMjYwMTAxMTYxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMzYTZiYjExYmRlMTc5YjkyNWM2YTgxYjkyZTQyMTdlMzBhOTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNGNo5bgF+IqTWj7DIyKjPVoTlhX
RN6PhubcuMPKYGU0mFtXrH2ChK4h/aFBefN1NowGPS0UbIkLMnzbZCKKJcx1DgII
qWM6mlCVmro1Tmh5Tt2RTge6XbnEG5DYBsBJE91nTsN6w8ZZJuCVUl4trQNNp06m
rbbLQ63X9Dz+1+OrsIr7gU41bgAgxWR2E1VTk/0jvFfMue9xH9Qk7xX9nSyOEp8Q
98ACzAhv07G5BazxGOmndY1XI6WTzEo9bqNnIXgqTugPrYj7eH5k/dMH0VvQ/sb6
RcplxDUvufsRwBzT/g5aB9+zBdaXj2ai3E3PXKqzb2eR4vMADOI33D31owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCozprsRveF5uSXGqBuS5CF+MKkTMB8GA1UdIwQY
MBaAFCkZRhhEVJgkUAt80cRR2CS6blZ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JsR0dFUlVtQ1JRQzN6UnhGSFlKTHB1Vm5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kOGM2ZjItNDE5MS00NmU2LThkYjYt
YjZlYTgyZjE5MjIwLzEvS2pPbXV4Rzk0WG01SmNhb0c1TGtJWDR3cVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kOGM2ZjItNDE5MS00NmU2LThkYjYtYjZlYTgyZjE5MjIw
LzEvS1JsR0dFUlVtQ1JRQzN6UnhGSFlKTHB1Vm5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8JOMA0G
CSqGSIb3DQEBCwUAA4IBAQBF0ZTV5rPKfPnJi3Ku7tNBEyV0WzO2OH1hu/u7sHGY
PKhExczopNZFeb3Rbr3DHnctCv2B2QVgso7XPnbV0iGLWWmbuTW33FfY+ove7HlI
iYnxrCwGUV3TIwkMr7BpzrAW9vHufgMNkrKhbPQSvsPa8EXIsLWSUBFAh73DxbbO
/ffJvcNeftjXKPYpqicLeWcm9oqHbUb3WIdDDmrYASfaSs5Gjb0bHRdK3sygfglv
ovWbFgAM9EE6rWgVJvZn0JBIO1pWQcK+ZKWWt3hEtwSuHCWd5AuXs+sC/K6EETGi
htyN64tFZR9aGTG2zQlQImrjIvJQREUmdqUo/SaqRzX0
-----END CERTIFICATE-----
Generated at Mon Jan 26 07:08:34 2026 by rpki-client