This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/Ki5vJms-JWVXQqNHEorfbuz5XjI.roa
File:                     Ki5vJms-JWVXQqNHEorfbuz5XjI.roa (raw, json)
Hash identifier:          5AUIEMOenxKdLyL4gm/joj3B8MRPpzoFh4cs7HPB6rs=
Subject key identifier:   2A:2E:6F:26:6B:3E:25:65:57:42:A3:47:12:8A:DF:6E:EC:F9:5E:32
Certificate issuer:       /CN=74309aa0148cc90fced9943eb1a81946e9adae5e
Certificate serial:       019B78344FFE58CF810D339232F5186C5FBD
Authority key identifier: 74:30:9A:A0:14:8C:C9:0F:CE:D9:94:3E:B1:A8:19:46:E9:AD:AE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/Ki5vJms-JWVXQqNHEorfbuz5XjI.roa
Signing time:             Thu 01 Jan 2026 06:17:32 +0000
ROA not before:           Thu 01 Jan 2026 06:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209783
IP address blocks:        185.238.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:4f:fe:58:cf:81:0d:33:92:32:f5:18:6c:5f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74309aa0148cc90fced9943eb1a81946e9adae5e
        Validity
            Not Before: Jan  1 06:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a2e6f266b3e25655742a347128adf6eecf95e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:99:6f:55:2c:41:07:50:7a:4f:3a:88:ff:31:
                    3c:df:70:ef:1c:6c:d2:ca:9d:72:5f:f4:28:57:a5:
                    b0:5f:13:f7:f5:30:e2:e8:6c:d9:6b:7b:77:42:a3:
                    fe:18:6f:47:c0:4d:05:b0:1a:2a:2f:05:e5:cc:c4:
                    45:c5:45:9e:74:61:09:ce:f7:6d:c4:43:68:03:51:
                    0f:db:29:05:10:1a:49:d6:35:88:bd:90:7e:55:63:
                    77:09:06:8f:18:66:fe:63:4e:4d:f2:d2:82:07:ee:
                    b3:7e:8e:94:7a:9c:72:cc:44:93:18:0c:ba:89:7a:
                    01:e2:ea:84:93:f3:f0:86:9f:e8:54:65:11:24:90:
                    46:94:c9:11:9e:84:9f:3f:a8:4a:7c:65:75:53:af:
                    62:e2:67:ed:6d:7f:a2:79:93:26:9e:36:4d:a5:1b:
                    d0:de:b6:19:b9:ef:b3:dc:2f:79:35:36:83:aa:49:
                    a6:a9:7e:2f:2a:dc:e2:a8:af:62:55:7c:1b:a9:08:
                    65:41:cb:76:d5:56:fa:58:bd:02:cc:df:bf:99:17:
                    81:d5:de:2e:3f:ab:45:f3:ca:a2:35:04:a5:b5:fc:
                    1e:3f:3f:83:48:14:cc:be:f4:9f:40:fe:e2:dc:81:
                    63:db:91:b8:33:03:f4:23:a8:99:c1:65:35:e9:5c:
                    85:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2E:6F:26:6B:3E:25:65:57:42:A3:47:12:8A:DF:6E:EC:F9:5E:32
            X509v3 Authority Key Identifier:
                keyid:74:30:9A:A0:14:8C:C9:0F:CE:D9:94:3E:B1:A8:19:46:E9:AD:AE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/Ki5vJms-JWVXQqNHEorfbuz5XjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/edaf69-bc5d-494e-9d87-7c740ef8aa95/1/dDCaoBSMyQ_O2ZQ-sagZRumtrl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:86:ac:a9:21:20:63:d8:24:7b:51:76:96:df:5d:a1:17:ac:
         74:39:05:1a:21:c9:cd:f5:74:9c:4f:78:8e:6b:88:76:df:f6:
         fe:f0:9f:de:fa:10:09:e1:06:c3:58:30:c0:b4:77:8a:a0:b8:
         7f:92:ff:a0:19:c0:ff:7f:55:95:71:97:91:65:48:f7:13:33:
         29:95:18:4f:f6:06:b0:31:41:96:5d:f3:61:62:9c:d7:da:32:
         b1:4d:60:60:46:78:f3:6d:4e:b7:6f:7e:55:c0:0a:24:fc:a6:
         46:ef:f3:8d:3a:37:9e:61:40:03:e3:63:d6:7c:ab:47:5c:96:
         ce:97:6e:d7:0c:77:de:64:c7:c9:d3:cb:9e:bc:98:db:96:88:
         b5:6c:f2:75:55:a0:b3:99:22:6f:1e:9c:86:57:a7:62:81:85:
         c5:50:2b:52:bf:3b:69:d3:c9:da:25:3d:b4:e5:cb:5a:91:aa:
         cc:04:8d:19:7b:26:f6:df:a3:5c:3f:dd:4d:d8:59:61:a5:1b:
         da:04:9e:df:4c:92:ec:21:e9:8e:15:54:7b:3f:78:65:49:1d:
         71:56:fc:99:0e:b6:2b:47:15:0d:f0:46:14:dd:fc:f2:a5:f3:
         5a:05:96:e2:ca:cd:0e:a5:34:b5:40:05:45:24:3a:60:1f:6b:
         a2:79:d2:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NE/+WM+BDTOSMvUYbF+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MzA5YWEwMTQ4Y2M5MGZjZWQ5OTQzZWIxYTgxOTQ2ZTlh
ZGFlNWUwHhcNMjYwMTAxMDYxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJlNmYyNjZiM2UyNTY1NTc0MmEzNDcxMjhhZGY2ZWVjZjk1ZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8plvVSxBB1B6TzqI/zE833DvHGzS
yp1yX/QoV6WwXxP39TDi6GzZa3t3QqP+GG9HwE0FsBoqLwXlzMRFxUWedGEJzvdt
xENoA1EP2ykFEBpJ1jWIvZB+VWN3CQaPGGb+Y05N8tKCB+6zfo6UepxyzESTGAy6
iXoB4uqEk/Pwhp/oVGURJJBGlMkRnoSfP6hKfGV1U69i4mftbX+ieZMmnjZNpRvQ
3rYZue+z3C95NTaDqkmmqX4vKtziqK9iVXwbqQhlQct21Vb6WL0CzN+/mReB1d4u
P6tF88qiNQSltfwePz+DSBTMvvSfQP7i3IFj25G4MwP0I6iZwWU16VyFaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoubyZrPiVlV0KjRxKK327s+V4yMB8GA1UdIwQY
MBaAFHQwmqAUjMkPztmUPrGoGUbpra5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZERDYW9CU015UV9PMlpRLXNhZ1pSdW10cmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lZGFmNjktYmM1ZC00OTRlLTlkODct
N2M3NDBlZjhhYTk1LzEvS2k1dkptcy1KV1ZYUXFOSEVvcmZidXo1WGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lZGFmNjktYmM1ZC00OTRlLTlkODctN2M3NDBlZjhhYTk1
LzEvZERDYW9CU015UV9PMlpRLXNhZ1pSdW10cmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6MMA0G
CSqGSIb3DQEBCwUAA4IBAQAshqypISBj2CR7UXaW312hF6x0OQUaIcnN9XScT3iO
a4h23/b+8J/e+hAJ4QbDWDDAtHeKoLh/kv+gGcD/f1WVcZeRZUj3EzMplRhP9gaw
MUGWXfNhYpzX2jKxTWBgRnjzbU63b35VwAok/KZG7/ONOjeeYUAD42PWfKtHXJbO
l27XDHfeZMfJ08uevJjbloi1bPJ1VaCzmSJvHpyGV6digYXFUCtSvztp08naJT20
5ctakarMBI0Zeyb236NcP91N2FlhpRvaBJ7fTJLsIemOFVR7P3hlSR1xVvyZDrYr
RxUN8EYU3fzypfNaBZbiys0OpTS1QAVFJDpgH2uiedLm
-----END CERTIFICATE-----