This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/KalgMqPxE7vA7DP0hA4DsBQ8daM.roa
File:                     KalgMqPxE7vA7DP0hA4DsBQ8daM.roa (raw, json)
Hash identifier:          D97KocjmOXeCpIu9eUlLkx7HYIqygCIPtcR0T7mqTEA=
Subject key identifier:   29:A9:60:32:A3:F1:13:BB:C0:EC:33:F4:84:0E:03:B0:14:3C:75:A3
Certificate issuer:       /CN=a3698b01053911607edb2a76090a6aced95a3ed5
Certificate serial:       019B77C6898EE98CBEFB4569585E4FE3844A
Authority key identifier: A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/KalgMqPxE7vA7DP0hA4DsBQ8daM.roa
Signing time:             Thu 01 Jan 2026 04:17:38 +0000
ROA not before:           Thu 01 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209154
IP address blocks:        194.61.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:89:8e:e9:8c:be:fb:45:69:58:5e:4f:e3:84:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3698b01053911607edb2a76090a6aced95a3ed5
        Validity
            Not Before: Jan  1 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29a96032a3f113bbc0ec33f4840e03b0143c75a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:34:a6:a4:61:72:da:e1:84:a3:eb:01:85:c7:
                    c7:5e:c7:a0:00:a4:25:5b:f6:d6:e6:29:ad:d5:4f:
                    19:0b:0f:61:6e:d2:bd:63:98:3f:80:9f:92:d1:3d:
                    a1:65:b0:7f:01:df:d0:42:cc:2f:67:e8:aa:fb:77:
                    78:0f:a2:04:34:b6:97:01:88:87:e5:0e:42:2d:93:
                    9d:05:2f:2a:e0:cd:a8:a8:63:7f:d4:aa:b1:3d:ab:
                    a9:a0:ae:03:34:78:d2:72:59:a8:f9:f2:1e:48:e3:
                    ae:f2:21:63:e7:03:71:ec:ef:6f:21:d9:e0:a5:46:
                    fb:4f:0c:e3:80:9a:44:24:41:12:d4:88:16:e2:27:
                    53:e6:a5:d5:d0:b0:3b:55:50:e4:b5:8a:3f:98:58:
                    00:d5:ff:a1:15:5b:30:ac:11:3e:d2:eb:d4:95:04:
                    a8:2d:cc:05:c1:60:1d:70:cf:0c:76:77:b1:63:55:
                    74:87:71:8a:4f:72:e4:85:c2:81:72:1b:33:2f:50:
                    4d:3c:e4:a4:fe:d7:65:4b:ab:04:f8:70:15:00:45:
                    e3:1a:4f:dd:56:40:97:24:21:18:02:f5:39:3c:6e:
                    2d:1e:64:a8:86:48:ab:36:82:3e:b7:ba:31:2b:dd:
                    ba:d2:e8:90:de:81:1d:15:73:d0:df:99:0b:af:9a:
                    67:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A9:60:32:A3:F1:13:BB:C0:EC:33:F4:84:0E:03:B0:14:3C:75:A3
            X509v3 Authority Key Identifier:
                keyid:A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/KalgMqPxE7vA7DP0hA4DsBQ8daM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:6c:75:3a:78:e2:a1:e3:30:7a:e7:2b:28:62:63:b6:53:66:
         98:2c:c1:e5:44:e4:43:45:3d:3b:ae:8c:dd:59:1c:ef:d0:72:
         a9:61:30:2d:55:52:0d:0a:0c:44:27:d0:d6:41:96:5e:7f:99:
         04:c4:85:9e:c4:1d:6f:48:21:ee:56:0b:14:32:b9:94:97:0a:
         7a:af:6d:8f:2c:d6:18:3b:67:d7:99:68:78:55:5e:d6:e0:72:
         34:8a:ac:88:ad:1b:ac:88:bd:c3:21:12:32:3d:79:d5:1c:2c:
         93:08:66:0a:7a:c2:de:8f:96:77:83:19:2a:01:ec:16:1d:56:
         20:22:a6:9e:67:fe:79:d5:b3:0d:da:90:66:a2:35:ed:cb:a9:
         0c:8f:c1:36:18:ea:bd:34:94:9b:6d:40:df:94:7c:8d:d2:2b:
         b5:c3:34:88:f8:7e:9b:c7:c9:7d:99:c3:8d:a8:4f:f4:a6:4a:
         d1:11:f9:3f:71:76:7a:35:98:10:4c:a4:e1:f5:8e:0b:5b:4e:
         39:63:5f:c0:95:e2:8f:47:43:7c:03:f0:b5:e6:98:97:05:fc:
         c0:da:5b:56:d6:5f:97:86:97:bd:e8:a1:ff:0c:43:6f:f9:6d:
         4f:3b:a2:4c:39:3d:46:de:b5:25:17:1d:f7:36:35:5b:33:65:
         e9:e9:d4:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xomO6Yy++0VpWF5P44RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjk4YjAxMDUzOTExNjA3ZWRiMmE3NjA5MGE2YWNlZDk1
YTNlZDUwHhcNMjYwMTAxMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWE5NjAzMmEzZjExM2JiYzBlYzMzZjQ4NDBlMDNiMDE0M2M3NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzSmpGFy2uGEo+sBhcfHXsegAKQl
W/bW5imt1U8ZCw9hbtK9Y5g/gJ+S0T2hZbB/Ad/QQswvZ+iq+3d4D6IENLaXAYiH
5Q5CLZOdBS8q4M2oqGN/1KqxPaupoK4DNHjSclmo+fIeSOOu8iFj5wNx7O9vIdng
pUb7TwzjgJpEJEES1IgW4idT5qXV0LA7VVDktYo/mFgA1f+hFVswrBE+0uvUlQSo
LcwFwWAdcM8MdnexY1V0h3GKT3LkhcKBchszL1BNPOSk/tdlS6sE+HAVAEXjGk/d
VkCXJCEYAvU5PG4tHmSohkirNoI+t7oxK9260uiQ3oEdFXPQ35kLr5pnfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmpYDKj8RO7wOwz9IQOA7AUPHWjMB8GA1UdIwQY
MBaAFKNpiwEFORFgftsqdgkKas7ZWj7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTIt
YmJkMzExMTg2OTUwLzEvS2FsZ01xUHhFN3ZBN0RQMGhBNERzQlE4ZGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTItYmJkMzExMTg2OTUw
LzEvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCrbHU6eOKh4zB65ysoYmO2U2aYLMHlRORDRT07rozd
WRzv0HKpYTAtVVINCgxEJ9DWQZZef5kExIWexB1vSCHuVgsUMrmUlwp6r22PLNYY
O2fXmWh4VV7W4HI0iqyIrRusiL3DIRIyPXnVHCyTCGYKesLej5Z3gxkqAewWHVYg
IqaeZ/551bMN2pBmojXty6kMj8E2GOq9NJSbbUDflHyN0iu1wzSI+H6bx8l9mcON
qE/0pkrREfk/cXZ6NZgQTKTh9Y4LW045Y1/AleKPR0N8A/C15piXBfzA2ltW1l+X
hpe96KH/DENv+W1PO6JMOT1G3rUlFx33NjVbM2Xp6dTF
-----END CERTIFICATE-----