This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KRaLfN_yuw79VOy70V2mQFKzwcI.roa
File:                     KRaLfN_yuw79VOy70V2mQFKzwcI.roa (raw, json)
Hash identifier:          ZZP1LCJK+iHnPEJq37lTxGV9aSklzbNaOAcFtBTjxNc=
Subject key identifier:   29:16:8B:7C:DF:F2:BB:0E:FD:54:EC:BB:D1:5D:A6:40:52:B3:C1:C2
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F852020FA6E643016B15D26A6BEE764
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KRaLfN_yuw79VOy70V2mQFKzwcI.roa
Signing time:             Fri 02 Jan 2026 16:23:09 +0000
ROA not before:           Fri 02 Jan 2026 16:23:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216261
IP address blocks:        146.158.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:20:20:fa:6e:64:30:16:b1:5d:26:a6:be:e7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:23:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29168b7cdff2bb0efd54ecbbd15da64052b3c1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:2e:5d:0b:68:e1:1f:eb:d4:da:7e:e3:7f:c7:
                    b2:90:11:fc:b9:a9:84:99:df:47:44:78:db:fb:e3:
                    8a:df:f9:26:bc:00:d5:68:be:ba:10:eb:b6:78:ee:
                    e2:57:01:7c:2b:af:60:0b:87:5e:41:b3:43:d4:79:
                    9a:8b:f0:81:f5:05:99:dd:06:98:53:9a:ce:6c:88:
                    34:85:30:1b:9b:55:a6:3c:bd:9b:32:7b:f1:bd:09:
                    3a:96:d4:11:2a:58:5e:20:72:16:96:91:d3:1a:e4:
                    25:d8:f6:1f:29:84:db:6f:66:a2:59:26:a6:9d:1d:
                    e6:13:4c:cf:8e:71:c8:88:40:2e:d3:cd:86:18:8e:
                    3d:fb:49:dd:75:a2:d9:6d:0b:c6:04:db:42:77:be:
                    4a:ab:a6:b9:70:b6:26:46:9a:66:79:13:47:55:c5:
                    ef:8d:98:43:3d:25:8d:4b:f0:e9:35:6a:9c:5e:c3:
                    50:76:3c:bd:c3:11:ba:dc:1a:91:2e:82:ef:e2:f3:
                    6a:79:b7:2c:1a:c7:77:45:20:b0:24:49:68:f4:9a:
                    bb:72:d4:3b:9a:e2:63:1e:d3:d4:f6:2d:4e:ec:7a:
                    5b:4f:12:8d:3d:c2:0b:3d:bf:7f:be:4f:b0:d4:65:
                    21:db:18:c9:fc:c4:ec:a4:a8:bf:96:99:cc:24:6e:
                    cb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:16:8B:7C:DF:F2:BB:0E:FD:54:EC:BB:D1:5D:A6:40:52:B3:C1:C2
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KRaLfN_yuw79VOy70V2mQFKzwcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:89:34:d3:52:84:24:73:37:59:71:50:2a:5d:21:ed:f6:a6:
         62:fc:cb:ef:10:4d:e1:8e:d5:b2:c2:9f:9c:79:b9:6b:2d:e8:
         36:a0:cb:a4:58:5b:eb:5c:68:84:ac:ab:91:82:b1:e2:da:d0:
         b5:3b:cd:4d:f2:5c:c8:71:86:74:80:fc:3b:86:67:e4:1c:0c:
         8b:26:b7:9c:a1:9c:3a:83:77:35:74:7b:46:80:93:31:40:07:
         33:4d:0c:d7:1e:e6:30:6f:e9:01:47:17:c7:d3:59:05:85:7c:
         72:38:7f:20:8e:f9:7d:8c:3f:a3:57:25:e0:4f:b8:43:61:58:
         5b:8e:79:78:16:53:94:54:df:99:c9:d5:b6:b5:77:43:d0:37:
         1d:84:3c:1b:21:22:9d:cc:d8:3a:f8:9e:97:c5:30:0d:54:28:
         33:47:82:28:34:a0:df:e1:55:e0:ac:28:4b:21:c4:e6:45:ce:
         d2:59:5a:ff:fe:77:36:95:6e:a3:c6:50:fe:7f:e7:e3:30:09:
         c2:0e:65:86:1c:5e:9e:01:94:3f:2c:59:1c:48:72:1b:ea:61:
         07:97:6d:87:2e:8f:e8:57:a7:df:1d:67:e6:a3:ac:f2:99:22:
         79:b5:a9:16:42:ce:bc:8c:28:65:a4:ba:1b:8e:29:32:2f:7c:
         61:84:28:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hSAg+m5kMBaxXSamvudkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE2OGI3Y2RmZjJiYjBlZmQ1NGVjYmJkMTVkYTY0MDUyYjNjMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2S5dC2jhH+vU2n7jf8eykBH8uamE
md9HRHjb++OK3/kmvADVaL66EOu2eO7iVwF8K69gC4deQbND1Hmai/CB9QWZ3QaY
U5rObIg0hTAbm1WmPL2bMnvxvQk6ltQRKlheIHIWlpHTGuQl2PYfKYTbb2aiWSam
nR3mE0zPjnHIiEAu082GGI49+0nddaLZbQvGBNtCd75Kq6a5cLYmRppmeRNHVcXv
jZhDPSWNS/DpNWqcXsNQdjy9wxG63BqRLoLv4vNqebcsGsd3RSCwJElo9Jq7ctQ7
muJjHtPU9i1O7HpbTxKNPcILPb9/vk+w1GUh2xjJ/MTspKi/lpnMJG7LTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkWi3zf8rsO/VTsu9FdpkBSs8HCMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvS1JhTGZOX3l1dzc5Vk95NzBWMm1RRkt6d2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp5eMA0G
CSqGSIb3DQEBCwUAA4IBAQBiiTTTUoQkczdZcVAqXSHt9qZi/MvvEE3hjtWywp+c
eblrLeg2oMukWFvrXGiErKuRgrHi2tC1O81N8lzIcYZ0gPw7hmfkHAyLJrecoZw6
g3c1dHtGgJMxQAczTQzXHuYwb+kBRxfH01kFhXxyOH8gjvl9jD+jVyXgT7hDYVhb
jnl4FlOUVN+ZydW2tXdD0DcdhDwbISKdzNg6+J6XxTANVCgzR4IoNKDf4VXgrChL
IcTmRc7SWVr//nc2lW6jxlD+f+fjMAnCDmWGHF6eAZQ/LFkcSHIb6mEHl22HLo/o
V6ffHWfmo6zymSJ5takWQs68jChlpLobjikyL3xhhCgO
-----END CERTIFICATE-----