This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/KRmva4VNbZlPY0IjvQ8shjxLrpg.roa
File:                     KRmva4VNbZlPY0IjvQ8shjxLrpg.roa (raw, json)
Hash identifier:          zDEMwmWSm/SD9eAVElOu0hm0PpDvViLDY6P+ZmLzxTM=
Subject key identifier:   29:19:AF:6B:85:4D:6D:99:4F:63:42:23:BD:0F:2C:86:3C:4B:AE:98
Certificate issuer:       /CN=1c72566ad628935c6ec75d0eddd317c7b0a76693
Certificate serial:       019B77C6FA130E5A87F4D3F19F87547BF7EE
Authority key identifier: 1C:72:56:6A:D6:28:93:5C:6E:C7:5D:0E:DD:D3:17:C7:B0:A7:66:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/KRmva4VNbZlPY0IjvQ8shjxLrpg.roa
Signing time:             Thu 01 Jan 2026 04:18:07 +0000
ROA not before:           Thu 01 Jan 2026 04:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197336
IP address blocks:        185.153.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:fa:13:0e:5a:87:f4:d3:f1:9f:87:54:7b:f7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c72566ad628935c6ec75d0eddd317c7b0a76693
        Validity
            Not Before: Jan  1 04:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2919af6b854d6d994f634223bd0f2c863c4bae98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e6:a6:1b:c9:bd:59:8b:4e:63:24:92:f6:1a:
                    d3:19:05:7f:9e:0e:f5:f4:89:bc:3b:71:1b:dd:5f:
                    8a:e8:37:82:0d:c3:82:89:c9:df:3a:08:ed:a4:61:
                    05:d6:cc:a9:29:e5:0d:24:4e:9c:f4:8b:96:a5:79:
                    54:5d:04:b6:2c:f0:86:ca:90:a7:4b:59:40:b1:01:
                    ec:49:f8:93:a6:14:ed:9e:0d:3f:ae:db:f7:53:24:
                    db:ab:88:7a:c3:db:f5:dd:87:4c:f6:61:af:bb:46:
                    a8:bb:0e:51:c0:f7:7e:de:c0:34:5f:72:d8:c6:40:
                    cd:e9:be:3f:e4:12:2a:0a:b8:06:a3:6e:66:a7:51:
                    1f:d3:e2:9a:57:71:70:81:3c:c0:26:db:bc:9f:7c:
                    55:05:ea:f3:17:34:e4:68:10:6f:10:77:e8:16:3d:
                    1d:9a:54:70:07:ff:a4:f8:4f:b1:80:92:9c:5c:12:
                    5e:31:47:ab:1d:42:92:99:bf:1a:79:01:44:5f:a5:
                    ad:cf:e9:83:22:c1:86:41:d4:a6:aa:6f:82:f8:d5:
                    47:74:4d:27:1b:b1:b7:c2:8c:11:1d:81:dc:86:65:
                    fb:e3:b9:1a:6a:c8:1e:5b:95:ea:4b:9a:13:ab:68:
                    90:a6:47:39:16:11:4f:34:a4:81:c5:67:e4:13:04:
                    74:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:19:AF:6B:85:4D:6D:99:4F:63:42:23:BD:0F:2C:86:3C:4B:AE:98
            X509v3 Authority Key Identifier:
                keyid:1C:72:56:6A:D6:28:93:5C:6E:C7:5D:0E:DD:D3:17:C7:B0:A7:66:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/KRmva4VNbZlPY0IjvQ8shjxLrpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:a8:fc:7e:bd:b1:d7:57:ce:4d:e9:04:99:74:8a:7c:02:96:
         bd:b7:0b:f0:f8:a8:8d:31:15:8e:29:1d:ae:8f:45:5a:ed:04:
         99:b1:b2:df:b7:54:49:4a:51:c3:7f:7b:f6:37:30:a1:c0:0f:
         65:52:ad:fd:67:ca:70:fd:f6:a3:0b:95:07:28:a1:32:80:eb:
         24:82:2c:83:39:91:7d:41:2e:7a:d4:b1:f3:60:82:8f:13:d1:
         ea:fa:fc:69:ef:5b:a2:3c:48:98:64:6f:ab:21:c9:78:f0:84:
         43:9d:2b:5c:a8:25:00:14:01:89:ec:0b:84:73:bc:57:8a:75:
         b9:10:e2:14:fb:69:2a:ae:5a:cc:04:60:9f:15:d8:0a:1a:23:
         88:28:98:aa:10:82:51:2c:50:a0:62:28:0b:c3:74:c0:f3:64:
         b0:22:6e:57:1f:56:70:1a:92:66:90:a0:10:95:b7:51:b8:53:
         5c:00:aa:6c:8f:fe:bb:c9:f2:07:3c:e6:a4:cb:38:d0:c2:bf:
         cd:fc:85:e5:66:77:23:1d:24:a3:a8:aa:89:29:d7:72:0c:e8:
         4f:9f:15:96:16:85:0e:1b:40:dd:4e:3e:da:c3:b5:7a:ad:cb:
         8a:54:6e:d4:cb:81:01:a8:61:c9:43:c0:8a:ec:55:36:2b:fd:
         e0:9d:71:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvoTDlqH9NPxn4dUe/fuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzI1NjZhZDYyODkzNWM2ZWM3NWQwZWRkZDMxN2M3YjBh
NzY2OTMwHhcNMjYwMTAxMDQxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE5YWY2Yjg1NGQ2ZDk5NGY2MzQyMjNiZDBmMmM4NjNjNGJhZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uamG8m9WYtOYySS9hrTGQV/ng71
9Im8O3Eb3V+K6DeCDcOCicnfOgjtpGEF1sypKeUNJE6c9IuWpXlUXQS2LPCGypCn
S1lAsQHsSfiTphTtng0/rtv3UyTbq4h6w9v13YdM9mGvu0aouw5RwPd+3sA0X3LY
xkDN6b4/5BIqCrgGo25mp1Ef0+KaV3FwgTzAJtu8n3xVBerzFzTkaBBvEHfoFj0d
mlRwB/+k+E+xgJKcXBJeMUerHUKSmb8aeQFEX6Wtz+mDIsGGQdSmqm+C+NVHdE0n
G7G3wowRHYHchmX747kaasgeW5XqS5oTq2iQpkc5FhFPNKSBxWfkEwR0JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkZr2uFTW2ZT2NCI70PLIY8S66YMB8GA1UdIwQY
MBaAFBxyVmrWKJNcbsddDt3TF8ewp2aTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhKV2F0WW9rMXh1eDEwTzNkTVh4N0NuWnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84ZWQ3YzktMGI0NS00ZDIxLWEyMDMt
ZmM3NTIxYTI1YmJhLzEvS1JtdmE0Vk5iWmxQWTBJanZROHNoanhMcnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84ZWQ3YzktMGI0NS00ZDIxLWEyMDMtZmM3NTIxYTI1YmJh
LzEvSEhKV2F0WW9rMXh1eDEwTzNkTVh4N0NuWnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZkgMA0G
CSqGSIb3DQEBCwUAA4IBAQB+qPx+vbHXV85N6QSZdIp8Apa9twvw+KiNMRWOKR2u
j0Va7QSZsbLft1RJSlHDf3v2NzChwA9lUq39Z8pw/fajC5UHKKEygOskgiyDOZF9
QS561LHzYIKPE9Hq+vxp71uiPEiYZG+rIcl48IRDnStcqCUAFAGJ7AuEc7xXinW5
EOIU+2kqrlrMBGCfFdgKGiOIKJiqEIJRLFCgYigLw3TA82SwIm5XH1ZwGpJmkKAQ
lbdRuFNcAKpsj/67yfIHPOakyzjQwr/N/IXlZncjHSSjqKqJKddyDOhPnxWWFoUO
G0DdTj7aw7V6rcuKVG7Uy4EBqGHJQ8CK7FU2K/3gnXH/
-----END CERTIFICATE-----