This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/KH_y6DMeLM_eRTQR237TlQM4cq0.roa
File:                     KH_y6DMeLM_eRTQR237TlQM4cq0.roa (raw, json)
Hash identifier:          S47bUB+M6fnMYGaRb90XLdJ8p/ULY/nAXkVIfAd1Rog=
Subject key identifier:   28:7F:F2:E8:33:1E:2C:CF:DE:45:34:11:DB:7E:D3:95:03:38:72:AD
Certificate issuer:       /CN=e43dd424384759b5e85595825019b69fe9bf9220
Certificate serial:       019B7EA5202F61663F30E8DFFC18397DB62A
Authority key identifier: E4:3D:D4:24:38:47:59:B5:E8:55:95:82:50:19:B6:9F:E9:BF:92:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/KH_y6DMeLM_eRTQR237TlQM4cq0.roa
Signing time:             Fri 02 Jan 2026 12:18:29 +0000
ROA not before:           Fri 02 Jan 2026 12:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51269
IP address blocks:        45.157.60.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:20:2f:61:66:3f:30:e8:df:fc:18:39:7d:b6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43dd424384759b5e85595825019b69fe9bf9220
        Validity
            Not Before: Jan  2 12:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=287ff2e8331e2ccfde453411db7ed395033872ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e5:17:74:69:26:91:f0:1b:5c:f0:7d:9b:2b:
                    31:20:25:9c:2d:4f:5f:ce:fe:7f:8e:16:c8:4f:70:
                    33:64:1c:47:a5:09:28:a0:f5:7e:34:87:70:85:68:
                    9f:ac:80:6a:d9:22:88:23:95:47:87:f2:88:5c:dd:
                    f2:0a:a6:03:2d:a5:42:3e:02:6b:a0:87:5d:b4:09:
                    b3:40:47:31:8a:9d:ae:33:07:72:e3:b2:8a:1c:dd:
                    7e:ea:f4:96:8e:f3:e9:a1:f3:c1:08:ef:d3:64:3d:
                    fd:48:13:4e:f6:f0:ac:5b:0a:fb:5d:60:a3:ca:ef:
                    35:a8:0c:86:31:09:4c:88:8b:c4:97:da:c8:6c:d4:
                    83:b2:63:33:25:32:7f:54:ea:e7:32:18:52:6b:80:
                    99:e2:76:7e:43:14:62:88:c3:5b:5e:3b:7e:4b:a1:
                    61:86:48:21:ef:61:33:82:76:c5:7c:20:0b:ff:26:
                    cb:1d:31:81:03:d8:01:20:90:6e:9c:0c:b0:30:56:
                    90:34:fc:38:70:e6:15:f8:de:b5:3c:ae:7a:ef:e3:
                    0b:e1:2d:ae:7e:fd:fd:c9:04:a5:cc:6a:ee:7a:71:
                    c4:f7:ce:2a:c4:ee:fb:f2:31:2d:ff:a5:05:79:53:
                    04:99:e0:71:be:03:eb:a2:e8:8d:c8:53:06:67:e4:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7F:F2:E8:33:1E:2C:CF:DE:45:34:11:DB:7E:D3:95:03:38:72:AD
            X509v3 Authority Key Identifier:
                keyid:E4:3D:D4:24:38:47:59:B5:E8:55:95:82:50:19:B6:9F:E9:BF:92:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/KH_y6DMeLM_eRTQR237TlQM4cq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:b5:1d:ac:a9:c4:a3:2f:6c:68:95:31:b9:f1:ea:7c:3c:db:
         4b:45:cd:ab:d0:c8:de:a7:44:5e:0d:a2:de:ca:75:05:1b:b3:
         f0:f1:39:f6:dd:97:68:e8:92:1c:e0:29:9e:3a:ac:73:54:41:
         e7:89:e1:3c:4c:49:13:9e:7d:a3:00:fc:01:94:cd:09:bb:46:
         ac:29:41:2f:1c:1e:7c:a9:dd:8f:02:df:fc:59:eb:34:7e:8d:
         d1:ce:e6:84:22:29:52:02:62:ea:9e:52:3a:26:79:77:35:c9:
         e9:1f:4d:50:f9:1a:90:c8:24:35:c2:cf:cb:c1:0e:69:37:55:
         ca:70:5b:02:24:fa:b9:02:f0:03:95:e1:8c:f7:f6:ab:0c:32:
         8b:88:c9:01:b0:83:54:9c:f2:24:bd:0c:b8:46:2d:dc:67:d0:
         c5:7a:67:a1:b4:29:c2:7d:1a:c7:1f:e5:73:02:92:6e:4d:ec:
         8e:4c:03:15:13:4c:e6:66:5e:67:ac:09:cd:38:65:de:ce:e2:
         b5:9a:5d:fd:ac:1c:ed:de:b7:90:db:5c:60:59:83:b9:ec:33:
         c1:0e:bf:07:eb:c8:a0:64:40:65:62:a0:57:7d:37:6d:f9:a9:
         93:6e:af:f3:ee:fb:b8:39:d7:03:64:f0:31:4e:c7:27:8d:61:
         96:88:69:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pSAvYWY/MOjf/Bg5fbYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2RkNDI0Mzg0NzU5YjVlODU1OTU4MjUwMTliNjlmZTli
ZjkyMjAwHhcNMjYwMTAyMTIxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdmZjJlODMzMWUyY2NmZGU0NTM0MTFkYjdlZDM5NTAzMzg3MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+UXdGkmkfAbXPB9mysxICWcLU9f
zv5/jhbIT3AzZBxHpQkooPV+NIdwhWifrIBq2SKII5VHh/KIXN3yCqYDLaVCPgJr
oIddtAmzQEcxip2uMwdy47KKHN1+6vSWjvPpofPBCO/TZD39SBNO9vCsWwr7XWCj
yu81qAyGMQlMiIvEl9rIbNSDsmMzJTJ/VOrnMhhSa4CZ4nZ+QxRiiMNbXjt+S6Fh
hkgh72EzgnbFfCAL/ybLHTGBA9gBIJBunAywMFaQNPw4cOYV+N61PK567+ML4S2u
fv39yQSlzGruenHE984qxO778jEt/6UFeVMEmeBxvgProuiNyFMGZ+RQiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh/8ugzHizP3kU0Edt+05UDOHKtMB8GA1UdIwQY
MBaAFOQ91CQ4R1m16FWVglAZtp/pv5IgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQzVUpEaEhXYlhvVlpXQ1VCbTJuLW1fa2lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80YjJjZjktZDhlZC00YTI3LTkzYmEt
OTNiNjkxZWUxY2NlLzEvS0hfeTZETWVMTV9lUlRRUjIzN1RsUU00Y3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80YjJjZjktZDhlZC00YTI3LTkzYmEtOTNiNjkxZWUxY2Nl
LzEvNUQzVUpEaEhXYlhvVlpXQ1VCbTJuLW1fa2lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ08MA0G
CSqGSIb3DQEBCwUAA4IBAQCKtR2sqcSjL2xolTG58ep8PNtLRc2r0Mjep0ReDaLe
ynUFG7Pw8Tn23Zdo6JIc4CmeOqxzVEHnieE8TEkTnn2jAPwBlM0Ju0asKUEvHB58
qd2PAt/8Wes0fo3RzuaEIilSAmLqnlI6Jnl3NcnpH01Q+RqQyCQ1ws/LwQ5pN1XK
cFsCJPq5AvADleGM9/arDDKLiMkBsINUnPIkvQy4Ri3cZ9DFemehtCnCfRrHH+Vz
ApJuTeyOTAMVE0zmZl5nrAnNOGXezuK1ml39rBzt3reQ21xgWYO57DPBDr8H68ig
ZEBlYqBXfTdt+amTbq/z7vu4OdcDZPAxTscnjWGWiGms
-----END CERTIFICATE-----