This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/khLmo6pZaOrLwXMJOcUYOmIkZns.roa
File:                     khLmo6pZaOrLwXMJOcUYOmIkZns.roa (raw, json)
Hash identifier:          gi+g9993Zl2pUKqBDeYYkZSu9n9p5P8ycYJ+ziZGiaI=
Subject key identifier:   92:12:E6:A3:AA:59:68:EA:CB:C1:73:09:39:C5:18:3A:62:24:66:7B
Certificate issuer:       /CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
Certificate serial:       019B79107CA764ECA58A3B00D3D028A84B34
Authority key identifier: A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/khLmo6pZaOrLwXMJOcUYOmIkZns.roa
Signing time:             Thu 01 Jan 2026 10:18:01 +0000
ROA not before:           Thu 01 Jan 2026 10:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35297
IP address blocks:        176.105.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:7c:a7:64:ec:a5:8a:3b:00:d3:d0:28:a8:4b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
        Validity
            Not Before: Jan  1 10:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9212e6a3aa5968eacbc1730939c5183a6224667b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:18:78:95:49:01:9f:09:b2:a4:29:11:fb:77:
                    a4:57:d6:da:2a:77:7d:9d:c2:ae:6c:4b:52:c9:36:
                    9e:3e:38:30:54:b6:bf:ab:c3:a8:16:89:1f:f0:df:
                    e6:8f:7e:c3:78:b4:49:ff:18:17:17:76:f9:27:84:
                    37:ea:19:66:df:d8:05:33:4f:8c:1f:32:52:ef:9c:
                    2b:e6:17:ad:d0:00:8f:4b:c2:8b:75:f6:e2:3d:28:
                    82:bd:4d:1a:88:29:74:e8:25:90:4e:f9:53:7b:48:
                    79:4d:04:77:d1:bf:87:06:b9:c2:4f:a4:b7:94:cb:
                    b9:e5:c0:17:2e:d1:b3:05:05:ff:2e:77:7f:ed:1d:
                    52:2a:1b:1c:2b:40:a6:97:30:fb:ad:1a:c7:94:76:
                    21:9c:ab:2b:bd:4e:63:8a:ef:26:f9:43:e2:4a:a1:
                    12:b5:e6:56:58:19:a2:7f:01:db:87:5d:9a:0c:b3:
                    4d:30:0a:04:0c:c8:29:05:52:5b:2e:ff:12:51:0c:
                    db:f0:b6:dd:0b:59:5c:41:0b:69:c8:6c:2e:2c:61:
                    29:50:85:53:ea:d3:93:c8:c2:75:f1:0b:8f:f1:3c:
                    30:69:ef:ec:04:ec:af:0f:0f:5f:60:30:71:35:19:
                    39:41:61:a4:50:80:95:3a:ac:bf:62:f8:53:c0:88:
                    bb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:12:E6:A3:AA:59:68:EA:CB:C1:73:09:39:C5:18:3A:62:24:66:7B
            X509v3 Authority Key Identifier:
                keyid:A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/khLmo6pZaOrLwXMJOcUYOmIkZns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:37:52:a6:a5:fd:d3:ff:14:02:76:a5:88:f5:d5:24:40:42:
         4d:5f:f4:6d:db:dd:06:31:d2:73:23:82:63:e8:f7:91:56:7d:
         cb:31:4c:d9:f2:26:49:44:b3:fb:f7:2a:b5:f7:82:07:36:1a:
         bf:c1:ac:15:a3:83:e7:0f:57:24:14:d2:ef:1c:92:54:46:7d:
         43:0d:9b:19:39:a6:60:a1:b0:78:18:55:9d:31:33:00:7c:59:
         a8:b5:b5:51:74:a3:bf:29:f2:4e:11:3b:ce:42:c9:38:d5:a7:
         5a:6b:e4:73:d5:93:bf:22:81:cd:c1:47:f4:90:e7:5f:30:63:
         e8:04:e0:91:c4:2a:4a:b9:63:0d:9b:11:51:8f:81:62:97:1f:
         86:06:e4:4f:b1:8c:19:77:4e:7c:52:b8:39:1b:00:db:7d:dd:
         2a:f2:f2:06:42:b3:cd:5d:5f:21:5b:a1:22:4e:dc:86:75:b9:
         47:72:98:96:ba:99:21:4d:38:2a:2f:35:cf:24:ff:69:6f:79:
         ae:54:5b:7c:cf:28:e6:cd:77:28:1e:9a:cb:0f:b1:51:d8:65:
         95:a3:a4:5b:7e:e5:8d:de:93:d0:89:28:e1:30:2d:a6:0d:69:
         ae:5b:1a:d3:71:06:b8:62:7e:93:7c:2f:46:1e:6c:87:20:02:
         e4:36:2d:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHynZOylijsA09AoqEs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMTY1ODhiZDFjY2IyZGQyMjFjNmY4NzgzODU2NzQ3NWQ3
ZWYyOWIwHhcNMjYwMTAxMTAxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjEyZTZhM2FhNTk2OGVhY2JjMTczMDkzOWM1MTgzYTYyMjQ2NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Rh4lUkBnwmypCkR+3ekV9baKnd9
ncKubEtSyTaePjgwVLa/q8OoFokf8N/mj37DeLRJ/xgXF3b5J4Q36hlm39gFM0+M
HzJS75wr5het0ACPS8KLdfbiPSiCvU0aiCl06CWQTvlTe0h5TQR30b+HBrnCT6S3
lMu55cAXLtGzBQX/Lnd/7R1SKhscK0CmlzD7rRrHlHYhnKsrvU5jiu8m+UPiSqES
teZWWBmifwHbh12aDLNNMAoEDMgpBVJbLv8SUQzb8LbdC1lcQQtpyGwuLGEpUIVT
6tOTyMJ18QuP8Twwae/sBOyvDw9fYDBxNRk5QWGkUICVOqy/YvhTwIi7AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIS5qOqWWjqy8FzCTnFGDpiJGZ7MB8GA1UdIwQY
MBaAFKAWWIvRzLLdIhxvh4OFZ0ddfvKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEt
NzczMTIwZmY3YzBmLzEva2hMbW82cFphT3JMd1hNSk9jVVlPbUlrWm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEtNzczMTIwZmY3YzBm
LzEvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGmlMA0G
CSqGSIb3DQEBCwUAA4IBAQCrN1Kmpf3T/xQCdqWI9dUkQEJNX/Rt290GMdJzI4Jj
6PeRVn3LMUzZ8iZJRLP79yq194IHNhq/wawVo4PnD1ckFNLvHJJURn1DDZsZOaZg
obB4GFWdMTMAfFmotbVRdKO/KfJOETvOQsk41adaa+Rz1ZO/IoHNwUf0kOdfMGPo
BOCRxCpKuWMNmxFRj4Filx+GBuRPsYwZd058Urg5GwDbfd0q8vIGQrPNXV8hW6Ei
TtyGdblHcpiWupkhTTgqLzXPJP9pb3muVFt8zyjmzXcoHprLD7FR2GWVo6RbfuWN
3pPQiSjhMC2mDWmuWxrTcQa4Yn6TfC9GHmyHIALkNi17
-----END CERTIFICATE-----