This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/ksdLr_cpg0SNdbhzGPEUMaDjaa0.roa
File:                     ksdLr_cpg0SNdbhzGPEUMaDjaa0.roa (raw, json)
Hash identifier:          aWZAiEXDI8uHWbww+kMMTpEPGkhJJ3i3CwUVKl+KHtA=
Subject key identifier:   92:C7:4B:AF:F7:29:83:44:8D:75:B8:73:18:F1:14:31:A0:E3:69:AD
Certificate issuer:       /CN=4ce90379bd8d04374b3adef060d51ae215710935
Certificate serial:       019B7FF2AF16C86B1161A2DE226265F6E75D
Authority key identifier: 4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/ksdLr_cpg0SNdbhzGPEUMaDjaa0.roa
Signing time:             Fri 02 Jan 2026 18:22:49 +0000
ROA not before:           Fri 02 Jan 2026 18:22:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206658
IP address blocks:        45.137.232.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:af:16:c8:6b:11:61:a2:de:22:62:65:f6:e7:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce90379bd8d04374b3adef060d51ae215710935
        Validity
            Not Before: Jan  2 18:22:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92c74baff72983448d75b87318f11431a0e369ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b5:23:7f:3b:d0:b0:a8:a8:e0:56:c4:4a:b1:
                    fa:cf:97:39:b8:eb:89:c7:3b:92:61:e9:50:cf:97:
                    34:18:3f:70:1c:51:cf:e9:a9:0b:03:dc:eb:c8:32:
                    a0:55:47:37:be:70:fa:ed:d4:aa:6b:0c:60:18:ad:
                    c8:0a:5e:79:e0:dc:a3:b3:09:7c:7a:61:a0:23:7a:
                    d2:a8:b8:0c:00:38:01:91:ea:61:e5:50:5c:ba:cb:
                    84:87:d1:48:21:56:da:c0:41:f1:66:dc:b2:05:ef:
                    ae:ec:2e:5a:35:fc:31:3a:60:db:c1:52:30:4f:da:
                    da:35:5a:a8:a4:2c:46:1a:cb:80:74:78:cc:e4:28:
                    ee:e4:8a:8e:f5:74:6f:e1:e2:e2:9a:8b:59:6d:44:
                    da:71:6e:6e:e4:ab:fd:b1:99:97:41:f2:78:a3:43:
                    be:35:1f:d8:4f:47:fb:48:d7:c9:60:cc:f5:12:ba:
                    d1:68:eb:8e:93:08:53:e2:6e:b6:6e:4a:a1:05:22:
                    fb:27:57:b6:9f:8c:92:85:08:06:d5:47:d5:ef:c4:
                    c3:fd:12:dd:ce:f3:c7:5f:6b:db:d7:da:53:8e:5a:
                    04:e8:78:13:fe:aa:01:ee:0a:f1:d8:19:b6:38:fa:
                    b0:60:e9:18:08:bf:32:71:12:64:8c:01:93:2f:01:
                    84:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C7:4B:AF:F7:29:83:44:8D:75:B8:73:18:F1:14:31:A0:E3:69:AD
            X509v3 Authority Key Identifier:
                keyid:4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/ksdLr_cpg0SNdbhzGPEUMaDjaa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:cb:81:dc:42:e6:22:19:15:38:9e:fc:10:1c:0c:53:7b:bb:
         7e:0f:52:23:b3:89:6a:b2:e8:25:2a:22:fd:d3:26:6b:5b:aa:
         85:a3:84:15:85:69:cd:eb:be:a4:3d:bb:21:c5:78:eb:e1:99:
         b5:eb:6e:94:ad:15:89:9e:f1:70:e4:70:01:dd:19:bb:f6:8e:
         7c:3d:98:a5:9e:cc:c0:9d:47:d2:47:38:18:92:b3:9c:4b:b0:
         3b:29:b8:28:80:d9:2c:bd:b1:65:6c:32:39:d3:d7:61:59:74:
         28:d1:47:e6:85:cf:ae:97:26:e3:38:3a:ed:38:31:84:66:d3:
         27:06:72:a2:c7:f8:48:aa:68:18:63:d5:6f:c7:d5:40:fd:0a:
         9d:e9:61:cf:dd:67:ab:e6:76:d8:08:11:cd:fe:7e:22:1d:73:
         52:fb:21:3c:9d:53:20:18:3b:e1:69:03:1e:48:0e:95:1f:cf:
         63:92:50:be:cb:32:a1:87:03:be:52:ae:f8:ff:f1:64:aa:d9:
         05:d2:97:dc:4f:a4:df:93:98:e1:94:24:a6:e0:9f:18:d7:0c:
         99:06:d1:73:ec:70:e9:d3:db:70:f5:26:62:2a:50:f1:f5:b4:
         44:14:a9:be:38:1b:18:0b:b2:3e:44:d9:27:12:28:c1:08:1e:
         a8:96:cb:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8q8WyGsRYaLeImJl9uddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTkwMzc5YmQ4ZDA0Mzc0YjNhZGVmMDYwZDUxYWUyMTU3
MTA5MzUwHhcNMjYwMTAyMTgyMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM3NGJhZmY3Mjk4MzQ0OGQ3NWI4NzMxOGYxMTQzMWEwZTM2OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bUjfzvQsKio4FbESrH6z5c5uOuJ
xzuSYelQz5c0GD9wHFHP6akLA9zryDKgVUc3vnD67dSqawxgGK3ICl554Nyjswl8
emGgI3rSqLgMADgBkeph5VBcusuEh9FIIVbawEHxZtyyBe+u7C5aNfwxOmDbwVIw
T9raNVqopCxGGsuAdHjM5Cju5IqO9XRv4eLimotZbUTacW5u5Kv9sZmXQfJ4o0O+
NR/YT0f7SNfJYMz1ErrRaOuOkwhT4m62bkqhBSL7J1e2n4yShQgG1UfV78TD/RLd
zvPHX2vb19pTjloE6HgT/qoB7grx2Bm2OPqwYOkYCL8ycRJkjAGTLwGEtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLHS6/3KYNEjXW4cxjxFDGg42mtMB8GA1UdIwQY
MBaAFEzpA3m9jQQ3Szre8GDVGuIVcQk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9rRGViMk5CRGRMT3Q3d1lOVWE0aFZ4Q1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85YmFjZjgtMTQ2Yy00YjYzLTlkMzYt
ODIwMGI4NjYwM2IxLzEva3NkTHJfY3BnMFNOZGJoekdQRVVNYURqYWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85YmFjZjgtMTQ2Yy00YjYzLTlkMzYtODIwMGI4NjYwM2Ix
LzEvVE9rRGViMk5CRGRMT3Q3d1lOVWE0aFZ4Q1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYnoMA0G
CSqGSIb3DQEBCwUAA4IBAQBxy4HcQuYiGRU4nvwQHAxTe7t+D1Ijs4lqsuglKiL9
0yZrW6qFo4QVhWnN676kPbshxXjr4Zm1626UrRWJnvFw5HAB3Rm79o58PZilnszA
nUfSRzgYkrOcS7A7KbgogNksvbFlbDI509dhWXQo0Ufmhc+ulybjODrtODGEZtMn
BnKix/hIqmgYY9Vvx9VA/Qqd6WHP3Wer5nbYCBHN/n4iHXNS+yE8nVMgGDvhaQMe
SA6VH89jklC+yzKhhwO+Uq74//FkqtkF0pfcT6Tfk5jhlCSm4J8Y1wyZBtFz7HDp
09tw9SZiKlDx9bREFKm+OBsYC7I+RNknEijBCB6olssn
-----END CERTIFICATE-----