This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/kz2Yp1K6YIxekPASAxXKtmwq5Nc.roa
File:                     kz2Yp1K6YIxekPASAxXKtmwq5Nc.roa (raw, json)
Hash identifier:          wGYvhz3IuQwWNkOw50DFvXGGrTTnqTHVgvd/Ec1JbTs=
Subject key identifier:   93:3D:98:A7:52:BA:60:8C:5E:90:F0:12:03:15:CA:B6:6C:2A:E4:D7
Certificate issuer:       /CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
Certificate serial:       019B7DC9B8A6CAD53537B32C226BBCB7914E
Authority key identifier: 1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/kz2Yp1K6YIxekPASAxXKtmwq5Nc.roa
Signing time:             Fri 02 Jan 2026 08:18:50 +0000
ROA not before:           Fri 02 Jan 2026 08:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47176
IP address blocks:        185.238.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:b8:a6:ca:d5:35:37:b3:2c:22:6b:bc:b7:91:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
        Validity
            Not Before: Jan  2 08:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=933d98a752ba608c5e90f0120315cab66c2ae4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:f1:21:d0:ea:f6:7b:54:a2:e0:66:66:b7:
                    e8:cc:71:01:2b:af:f8:6e:2e:d1:aa:98:94:66:05:
                    16:c9:6e:dc:75:53:60:c1:ea:e5:fd:8d:dd:78:ff:
                    95:d4:e4:bb:11:a2:0a:20:37:6f:d8:7a:d8:87:5b:
                    92:0a:3a:a3:b2:0a:d6:4e:db:e8:c9:78:c3:1c:ab:
                    51:43:1e:80:c6:75:ed:bf:2d:be:c5:c5:40:7b:29:
                    a6:20:08:4a:90:60:80:dc:c5:57:83:f7:ed:52:9d:
                    66:dc:07:71:ed:61:d5:cb:9d:bc:84:a0:c7:79:cf:
                    f4:b8:2e:69:f9:d4:2c:1b:74:46:07:12:bf:37:57:
                    13:e1:9b:10:ee:82:c2:76:ed:ed:66:22:21:34:72:
                    46:4c:4b:ca:62:26:7d:57:5f:36:73:ee:4e:08:2d:
                    6c:2c:a8:74:ed:c6:34:97:c5:91:73:b2:c5:40:25:
                    97:45:2e:a7:49:66:d8:78:ca:ba:6b:a5:6a:34:6b:
                    c5:0c:c4:bb:2c:b5:38:c5:91:07:af:07:f1:ba:f2:
                    79:5a:8e:78:0b:51:69:18:26:40:d7:9c:a4:30:b2:
                    0c:9a:0e:ec:38:1a:7b:10:4e:14:64:54:b5:4f:f2:
                    d5:ff:eb:7a:b3:5e:ad:d4:00:ef:1c:1f:b3:87:6f:
                    58:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:3D:98:A7:52:BA:60:8C:5E:90:F0:12:03:15:CA:B6:6C:2A:E4:D7
            X509v3 Authority Key Identifier:
                keyid:1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/kz2Yp1K6YIxekPASAxXKtmwq5Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:6a:74:72:ee:53:d2:73:d6:dd:ef:08:df:92:34:22:37:f2:
         35:c3:e0:56:0b:89:55:08:d8:06:98:2f:06:e7:ee:2d:d5:ba:
         97:48:a8:ff:76:28:08:a6:97:28:a8:26:59:b7:18:b4:d6:a8:
         63:6b:f0:46:28:99:28:32:90:d2:a3:02:df:0f:69:a8:fd:5a:
         10:33:c4:22:f0:92:e1:fe:97:ab:0b:91:b1:c9:32:35:f7:40:
         76:a6:59:8e:02:23:fc:11:f4:24:72:05:ef:d9:d1:5a:1b:16:
         b0:83:70:ec:3f:0f:36:52:6c:15:26:a8:50:cf:b1:ee:78:3b:
         c8:d6:0a:0c:b1:7b:fd:da:fb:53:6a:e6:e0:89:4a:19:8d:b0:
         56:f2:31:f3:33:7c:e3:c2:be:2a:d0:c5:1b:d2:df:78:68:eb:
         1c:9b:03:a3:39:70:e9:49:f6:0d:20:42:f2:1f:50:1a:fd:88:
         4e:83:2d:ec:7c:92:07:fc:c8:d5:cc:18:c5:72:20:7d:87:63:
         48:3a:08:d2:29:7c:ff:08:2b:59:8b:f5:cd:19:77:55:64:e8:
         39:6f:68:4e:33:9a:a8:96:a8:22:8e:8c:a0:5b:81:73:d2:d5:
         65:db:61:bd:02:28:45:fb:d7:ef:80:71:78:6b:f3:ec:41:20:
         27:ab:3d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ybimytU1N7MsImu8t5FOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMWFlNWU0OWE0NGFiZGRjMjJiMGFkYmRhZWI2NDEzNmYy
NWQ0NjcwHhcNMjYwMTAyMDgxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzNkOThhNzUyYmE2MDhjNWU5MGYwMTIwMzE1Y2FiNjZjMmFlNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWfxIdDq9ntUouBmZrfozHEBK6/4
bi7RqpiUZgUWyW7cdVNgwerl/Y3deP+V1OS7EaIKIDdv2HrYh1uSCjqjsgrWTtvo
yXjDHKtRQx6AxnXtvy2+xcVAeymmIAhKkGCA3MVXg/ftUp1m3Adx7WHVy528hKDH
ec/0uC5p+dQsG3RGBxK/N1cT4ZsQ7oLCdu3tZiIhNHJGTEvKYiZ9V182c+5OCC1s
LKh07cY0l8WRc7LFQCWXRS6nSWbYeMq6a6VqNGvFDMS7LLU4xZEHrwfxuvJ5Wo54
C1FpGCZA15ykMLIMmg7sOBp7EE4UZFS1T/LV/+t6s16t1ADvHB+zh29YOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJM9mKdSumCMXpDwEgMVyrZsKuTXMB8GA1UdIwQY
MBaAFBoa5eSaRKvdwisK29rrZBNvJdRnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYt
YTExNjlhMjg5YzU0LzEva3oyWXAxSzZZSXhla1BBU0F4WEt0bXdxNU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYtYTExNjlhMjg5YzU0
LzEvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4MMA0G
CSqGSIb3DQEBCwUAA4IBAQCZanRy7lPSc9bd7wjfkjQiN/I1w+BWC4lVCNgGmC8G
5+4t1bqXSKj/digIppcoqCZZtxi01qhja/BGKJkoMpDSowLfD2mo/VoQM8Qi8JLh
/perC5GxyTI190B2plmOAiP8EfQkcgXv2dFaGxawg3DsPw82UmwVJqhQz7HueDvI
1goMsXv92vtTaubgiUoZjbBW8jHzM3zjwr4q0MUb0t94aOscmwOjOXDpSfYNIELy
H1Aa/YhOgy3sfJIH/MjVzBjFciB9h2NIOgjSKXz/CCtZi/XNGXdVZOg5b2hOM5qo
lqgijoygW4Fz0tVl22G9AihF+9fvgHF4a/PsQSAnqz3Y
-----END CERTIFICATE-----