This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kciLrIkaNokpbwgdgmqHhosEQAA.roa
File:                     kciLrIkaNokpbwgdgmqHhosEQAA.roa (raw, json)
Hash identifier:          lRqsBb/ckM2u20pZEo0aziVALwxR00NbO8g2ocSg11k=
Subject key identifier:   91:C8:8B:AC:89:1A:36:89:29:6F:08:1D:82:6A:87:86:8B:04:40:00
Certificate issuer:       /CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
Certificate serial:       019B7D5AE50F7FBB6A059CB6831837EE2538
Authority key identifier: 2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kciLrIkaNokpbwgdgmqHhosEQAA.roa
Signing time:             Fri 02 Jan 2026 06:17:47 +0000
ROA not before:           Fri 02 Jan 2026 06:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17943
IP address blocks:        193.19.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:e5:0f:7f:bb:6a:05:9c:b6:83:18:37:ee:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
        Validity
            Not Before: Jan  2 06:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91c88bac891a3689296f081d826a87868b044000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e3:70:ce:c8:9b:bd:9f:f1:78:bd:2f:1f:27:
                    21:6a:11:55:b0:02:4f:ef:6b:21:c3:ad:61:39:00:
                    00:5b:18:ab:de:2d:32:3d:53:de:80:4f:0e:70:74:
                    4d:d4:55:3a:47:03:a8:0f:19:6d:3f:cb:8c:f1:67:
                    fe:21:ec:3b:23:0a:5a:dd:61:75:c1:41:3d:2a:33:
                    b8:b2:69:e5:8d:dc:fb:b8:70:2d:56:25:5c:ee:d6:
                    60:3c:76:82:b1:b4:17:9a:74:d8:2e:25:6c:7e:18:
                    01:e3:4f:c4:af:9d:62:10:87:f5:95:f3:75:2a:d8:
                    9e:36:fb:3e:a8:1d:13:7d:f8:b5:a0:de:78:02:ec:
                    2a:31:53:09:33:77:48:68:15:7f:0b:13:4f:ac:94:
                    ae:7a:83:4a:15:45:9a:2f:1f:98:8f:e2:fa:9b:40:
                    d8:02:08:52:7a:5b:9b:23:0a:88:02:07:65:25:ed:
                    f1:66:bd:a5:4f:c0:b9:b8:35:33:eb:57:ef:05:1d:
                    f1:10:25:d7:dc:eb:74:61:88:c8:2a:e2:ed:90:a9:
                    13:c3:4a:51:10:12:bb:27:fa:ca:76:a7:af:e0:a0:
                    a6:b6:eb:21:84:60:1b:51:3d:83:c4:d7:eb:76:c8:
                    c6:43:54:c4:0e:e2:28:11:91:ec:ac:e0:23:10:0d:
                    52:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:8B:AC:89:1A:36:89:29:6F:08:1D:82:6A:87:86:8B:04:40:00
            X509v3 Authority Key Identifier:
                keyid:2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kciLrIkaNokpbwgdgmqHhosEQAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:39:e3:86:45:02:1e:42:a0:ed:49:46:cc:73:e6:5d:1c:df:
         17:bd:6b:89:2c:2e:eb:87:c1:9d:9d:f7:85:eb:e6:d3:7a:f9:
         85:4d:18:64:de:28:68:2a:f2:f5:f2:95:cb:e8:b9:08:b6:97:
         0d:05:8f:2d:bc:a6:9c:2f:ff:8e:80:87:d9:6c:77:68:eb:e6:
         42:47:68:92:04:51:95:88:45:5e:0d:65:47:f1:37:31:fe:46:
         3e:54:0a:b6:06:72:49:7f:a4:f2:e1:5e:df:ca:0f:2c:8d:e9:
         34:08:da:00:3c:38:ef:0c:c5:4b:4d:6e:19:7d:f2:8a:fc:be:
         51:d9:1a:31:5a:f2:93:3b:dd:e6:5a:e1:f9:bd:7b:7e:3e:d5:
         10:53:ca:dc:c3:3a:40:93:76:7f:f6:8e:14:00:5e:0d:75:ee:
         1e:e1:ef:f8:22:68:7c:59:d8:80:47:91:0c:da:c3:6d:c9:19:
         c6:05:ec:cd:c5:ee:42:3e:c3:3b:33:d5:30:b6:ff:a5:da:79:
         a5:a1:ee:d9:0b:57:57:24:57:25:4c:f9:1f:ca:54:bc:05:07:
         d5:9c:a7:af:6d:24:af:95:12:68:ea:57:eb:06:ba:94:1c:5e:
         b5:05:7b:32:cf:c9:35:62:20:b7:d1:b2:e6:f8:96:b7:e4:8e:
         2c:d0:68:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WuUPf7tqBZy2gxg37iU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNGJkNGVkY2EyOWQ0ZTcyYmU4NmNlZDBiN2FkNjUyYzdk
MjYxYzkwHhcNMjYwMTAyMDYxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4OGJhYzg5MWEzNjg5Mjk2ZjA4MWQ4MjZhODc4NjhiMDQ0MDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuNwzsibvZ/xeL0vHychahFVsAJP
72shw61hOQAAWxir3i0yPVPegE8OcHRN1FU6RwOoDxltP8uM8Wf+Iew7Iwpa3WF1
wUE9KjO4smnljdz7uHAtViVc7tZgPHaCsbQXmnTYLiVsfhgB40/Er51iEIf1lfN1
KtieNvs+qB0Tffi1oN54AuwqMVMJM3dIaBV/CxNPrJSueoNKFUWaLx+Yj+L6m0DY
AghSelubIwqIAgdlJe3xZr2lT8C5uDUz61fvBR3xECXX3Ot0YYjIKuLtkKkTw0pR
EBK7J/rKdqev4KCmtushhGAbUT2DxNfrdsjGQ1TEDuIoEZHsrOAjEA1SOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHIi6yJGjaJKW8IHYJqh4aLBEAAMB8GA1UdIwQY
MBaAFC5L1O3KKdTnK+hs7Qt61lLH0mHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgt
MmE2MzcyZTA1NGQyLzEva2NpTHJJa2FOb2twYndnZGdtcUhob3NFUUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgtMmE2MzcyZTA1NGQy
LzEvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRPgMA0G
CSqGSIb3DQEBCwUAA4IBAQBNOeOGRQIeQqDtSUbMc+ZdHN8XvWuJLC7rh8GdnfeF
6+bTevmFTRhk3ihoKvL18pXL6LkItpcNBY8tvKacL/+OgIfZbHdo6+ZCR2iSBFGV
iEVeDWVH8Tcx/kY+VAq2BnJJf6Ty4V7fyg8sjek0CNoAPDjvDMVLTW4ZffKK/L5R
2RoxWvKTO93mWuH5vXt+PtUQU8rcwzpAk3Z/9o4UAF4Nde4e4e/4Imh8WdiAR5EM
2sNtyRnGBezNxe5CPsM7M9Uwtv+l2nmloe7ZC1dXJFclTPkfylS8BQfVnKevbSSv
lRJo6lfrBrqUHF61BXsyz8k1YiC30bLm+Ja35I4s0Ghx
-----END CERTIFICATE-----