This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KfKdKGXKrJVAyc679p1xVdKcOuU.roa
File:                     KfKdKGXKrJVAyc679p1xVdKcOuU.roa (raw, json)
Hash identifier:          MZjQw9I7nKK82B9sKr7/qbtBGaD/PhRCNNoKDtPpSRQ=
Subject key identifier:   29:F2:9D:28:65:CA:AC:95:40:C9:CE:BB:F6:9D:71:55:D2:9C:3A:E5
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019B7759402E583594B917AD270D5674EA06
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KfKdKGXKrJVAyc679p1xVdKcOuU.roa
Signing time:             Thu 01 Jan 2026 02:18:16 +0000
ROA not before:           Thu 01 Jan 2026 02:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        45.146.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:40:2e:58:35:94:b9:17:ad:27:0d:56:74:ea:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  1 02:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29f29d2865caac9540c9cebbf69d7155d29c3ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:9d:6c:cf:2d:ed:e3:e8:61:19:07:9d:75:
                    6c:af:b0:0b:44:7f:de:6f:ab:cb:e6:d8:64:71:5c:
                    20:6d:2a:5f:e1:d1:49:f7:c4:27:6b:60:08:5b:01:
                    3a:d3:6f:df:99:7a:57:5d:d8:ae:8f:c5:79:9c:81:
                    f6:ed:89:02:fe:6d:ad:d8:d6:72:e7:6e:dc:3b:c6:
                    bf:e2:f9:33:5f:5f:9f:c0:de:20:ba:ed:93:e4:12:
                    d8:3c:c6:58:02:80:8f:85:49:86:43:02:e1:11:0f:
                    9b:15:dc:1a:29:13:ea:77:80:ee:54:f8:51:2b:9e:
                    f2:57:c4:97:df:77:a5:5d:7c:3b:7f:a2:e3:0f:a4:
                    ce:03:92:6c:15:ba:55:f5:c1:a0:89:4a:b8:39:53:
                    27:b3:c5:ac:86:98:57:44:be:f6:ac:b3:c9:9f:9e:
                    4b:f4:b4:6c:b8:af:1e:8f:4f:d7:5a:37:ae:3f:59:
                    13:2b:ac:9a:68:6d:aa:e7:45:7c:63:b1:11:b9:6e:
                    b6:ec:6f:4a:be:db:76:a8:9d:b2:df:aa:13:33:19:
                    2c:a1:9e:30:39:0c:48:65:98:84:d2:63:00:17:d5:
                    99:8d:e7:f1:b5:73:4f:a6:2e:fd:8e:3a:c2:3e:35:
                    17:e9:65:6d:f3:aa:f8:b3:11:f6:dc:36:6d:bc:ac:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F2:9D:28:65:CA:AC:95:40:C9:CE:BB:F6:9D:71:55:D2:9C:3A:E5
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KfKdKGXKrJVAyc679p1xVdKcOuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d4:6b:35:9c:ee:9e:83:f2:26:86:84:77:1e:51:67:66:2b:
         cd:47:f4:f5:60:dd:87:5b:26:64:18:27:f8:be:3b:97:de:1c:
         ea:58:aa:03:9a:80:0c:c6:59:9e:7f:1a:74:3f:81:72:6d:8f:
         6e:1e:f8:5c:2a:4b:56:a4:f4:79:52:b5:45:c5:0d:52:d0:4b:
         9e:0d:30:33:ae:94:90:73:e5:07:02:5b:60:25:2e:58:46:71:
         82:c3:9f:25:14:90:de:c3:35:1a:d3:bd:78:9c:ba:e7:b2:ae:
         a9:1a:5e:32:78:9c:90:2c:2e:65:04:83:33:61:16:c8:f1:cd:
         27:13:90:cb:fe:85:c2:28:a8:fa:32:10:83:82:8f:c0:ee:d6:
         62:48:dd:c8:bd:32:b8:5e:75:9d:35:d8:07:dd:db:d6:2f:8d:
         dc:c5:ad:f3:af:86:86:94:0b:6e:64:91:a3:31:89:74:ad:0f:
         4b:31:f6:07:24:22:77:ee:44:ef:43:71:7d:fa:f0:21:3c:8c:
         38:9b:08:39:ce:0e:65:2e:08:1c:5b:11:c2:1a:7a:ad:f9:65:
         5d:f7:20:a0:3a:e1:de:df:b5:75:a2:aa:44:b7:74:2b:86:43:
         34:e2:f8:d9:27:f1:ce:1e:c8:02:43:18:54:93:8d:19:9d:20:
         08:f6:08:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WUAuWDWUuRetJw1WdOoGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwMTAxMDIxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYyOWQyODY1Y2FhYzk1NDBjOWNlYmJmNjlkNzE1NWQyOWMzYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArICdbM8t7ePoYRkHnXVsr7ALRH/e
b6vL5thkcVwgbSpf4dFJ98Qna2AIWwE602/fmXpXXdiuj8V5nIH27YkC/m2t2NZy
527cO8a/4vkzX1+fwN4guu2T5BLYPMZYAoCPhUmGQwLhEQ+bFdwaKRPqd4DuVPhR
K57yV8SX33elXXw7f6LjD6TOA5JsFbpV9cGgiUq4OVMns8WshphXRL72rLPJn55L
9LRsuK8ej0/XWjeuP1kTK6yaaG2q50V8Y7ERuW627G9Kvtt2qJ2y36oTMxksoZ4w
OQxIZZiE0mMAF9WZjefxtXNPpi79jjrCPjUX6WVt86r4sxH23DZtvKyFkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnynShlyqyVQMnOu/adcVXSnDrlMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvS2ZLZEtHWEtySlZBeWM2NzlwMXhWZEtjT3VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLJMA0G
CSqGSIb3DQEBCwUAA4IBAQBY1Gs1nO6eg/ImhoR3HlFnZivNR/T1YN2HWyZkGCf4
vjuX3hzqWKoDmoAMxlmefxp0P4FybY9uHvhcKktWpPR5UrVFxQ1S0EueDTAzrpSQ
c+UHAltgJS5YRnGCw58lFJDewzUa0714nLrnsq6pGl4yeJyQLC5lBIMzYRbI8c0n
E5DL/oXCKKj6MhCDgo/A7tZiSN3IvTK4XnWdNdgH3dvWL43cxa3zr4aGlAtuZJGj
MYl0rQ9LMfYHJCJ37kTvQ3F9+vAhPIw4mwg5zg5lLggcWxHCGnqt+WVd9yCgOuHe
37V1oqpEt3QrhkM04vjZJ/HOHsgCQxhUk40ZnSAI9ggp
-----END CERTIFICATE-----