This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/KM6PkAFxCJgnCXLELW5hiOAKjus.roa
File:                     KM6PkAFxCJgnCXLELW5hiOAKjus.roa (raw, json)
Hash identifier:          DuJVolLG90aax0OKvLaTyX/VTpILvcyZxRZVQhnBPeY=
Subject key identifier:   28:CE:8F:90:01:71:08:98:27:09:72:C4:2D:6E:61:88:E0:0A:8E:EB
Certificate issuer:       /CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
Certificate serial:       019B79EC2BC9E627E526922D01830293F723
Authority key identifier: 0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/KM6PkAFxCJgnCXLELW5hiOAKjus.roa
Signing time:             Thu 01 Jan 2026 14:17:59 +0000
ROA not before:           Thu 01 Jan 2026 14:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35128
IP address blocks:        194.152.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:2b:c9:e6:27:e5:26:92:2d:01:83:02:93:f7:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
        Validity
            Not Before: Jan  1 14:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28ce8f9001710898270972c42d6e6188e00a8eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ce:d9:81:7d:d4:5c:37:9d:84:d9:fe:32:31:
                    4f:60:53:71:a9:11:cc:62:30:02:dd:66:7b:9c:00:
                    3f:e4:7a:21:61:72:a2:42:15:ac:54:eb:b5:9f:90:
                    cd:17:27:7f:90:d9:44:28:eb:7d:f0:1c:e2:d8:76:
                    0f:2b:a9:3c:e5:7c:24:54:56:5e:ab:88:f4:7c:75:
                    a5:e6:7b:5f:23:6d:70:cc:f2:76:cd:4d:72:15:eb:
                    2e:32:50:67:14:d8:74:b1:b4:f9:36:cd:1d:e5:dc:
                    7a:00:1e:f0:45:98:d2:77:96:99:d8:3d:1d:78:38:
                    36:42:01:f4:60:dd:a5:ca:32:a2:1e:5d:81:83:22:
                    db:2d:70:13:7e:59:dc:e3:b7:55:ab:34:8d:65:bf:
                    3f:47:57:a8:a8:64:30:ed:e9:1c:aa:96:a3:06:56:
                    dd:65:f1:6a:76:e2:4b:31:f9:d3:54:6a:0a:37:83:
                    fa:38:d3:cf:1c:92:29:eb:90:98:5f:34:ef:df:c3:
                    bf:b7:fe:89:e0:38:28:b3:ab:9e:63:43:bb:b6:da:
                    82:11:55:a2:94:be:22:dc:3c:ed:2d:a1:d3:c3:6c:
                    60:c9:08:9e:f1:9a:b4:71:66:d1:a1:4f:fd:36:2e:
                    29:6f:74:3a:86:d6:2f:58:ea:64:d6:e9:20:6d:b1:
                    4a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:CE:8F:90:01:71:08:98:27:09:72:C4:2D:6E:61:88:E0:0A:8E:EB
            X509v3 Authority Key Identifier:
                keyid:0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/KM6PkAFxCJgnCXLELW5hiOAKjus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:11:30:3e:14:37:97:39:60:3a:8c:ed:a3:33:43:f2:4d:b2:
         62:ce:5f:04:95:3f:ae:55:a5:a3:4a:76:7e:5f:73:13:36:41:
         12:15:e3:cd:1f:d8:8c:6d:99:fb:0e:d1:60:7f:49:19:13:86:
         cd:68:47:31:14:41:cf:a7:34:0f:a2:7a:f8:cb:28:db:06:07:
         d7:f9:c9:f3:77:c5:57:ea:0d:c6:cc:51:9d:24:d3:aa:c1:d9:
         57:47:ed:02:4f:9f:76:03:6d:5e:82:f0:9a:ca:ad:11:e3:1c:
         20:28:8b:5f:fc:ee:ed:c1:48:b5:84:9a:68:34:2f:d0:6e:d7:
         47:ee:53:e1:56:ef:8e:86:6e:68:94:32:e9:97:e5:a4:d4:6c:
         81:3c:6a:07:93:69:de:77:38:c7:95:0f:fa:81:c8:60:87:20:
         e7:a9:a7:8e:e8:93:79:79:eb:98:16:f2:78:ca:4e:da:2b:2c:
         88:fe:8e:de:8b:a5:43:42:f5:73:eb:9e:cf:9d:7e:70:e5:c1:
         e5:ac:09:f1:0d:d4:bc:66:a9:d9:87:23:63:a0:f8:72:f8:54:
         77:f3:39:15:da:cf:a0:cc:b2:21:b3:38:75:a5:00:e3:ff:e7:
         3e:1b:4a:e2:6b:3a:b3:f5:24:40:b2:af:ce:15:10:5c:0c:2e:
         7a:37:73:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57CvJ5iflJpItAYMCk/cjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGY0ODcyYWQxYzFmNGZjYjIxM2I2YjJlZGIzODhhMmQ5
YzlhMjMwHhcNMjYwMTAxMTQxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGNlOGY5MDAxNzEwODk4MjcwOTcyYzQyZDZlNjE4OGUwMGE4ZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2c7ZgX3UXDedhNn+MjFPYFNxqRHM
YjAC3WZ7nAA/5HohYXKiQhWsVOu1n5DNFyd/kNlEKOt98Bzi2HYPK6k85XwkVFZe
q4j0fHWl5ntfI21wzPJ2zU1yFesuMlBnFNh0sbT5Ns0d5dx6AB7wRZjSd5aZ2D0d
eDg2QgH0YN2lyjKiHl2BgyLbLXATflnc47dVqzSNZb8/R1eoqGQw7ekcqpajBlbd
ZfFqduJLMfnTVGoKN4P6ONPPHJIp65CYXzTv38O/t/6J4Dgos6ueY0O7ttqCEVWi
lL4i3DztLaHTw2xgyQie8Zq0cWbRoU/9Ni4pb3Q6htYvWOpk1ukgbbFKuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjOj5ABcQiYJwlyxC1uYYjgCo7rMB8GA1UdIwQY
MBaAFA4PSHKtHB9PyyE7ay7bOIotnJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQt
YzAxZjgwYTFjODA1LzEvS002UGtBRnhDSmduQ1hMRUxXNWhpT0FLanVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQtYzAxZjgwYTFjODA1
LzEvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpj2MA0G
CSqGSIb3DQEBCwUAA4IBAQABETA+FDeXOWA6jO2jM0PyTbJizl8ElT+uVaWjSnZ+
X3MTNkESFePNH9iMbZn7DtFgf0kZE4bNaEcxFEHPpzQPonr4yyjbBgfX+cnzd8VX
6g3GzFGdJNOqwdlXR+0CT592A21egvCayq0R4xwgKItf/O7twUi1hJpoNC/QbtdH
7lPhVu+Ohm5olDLpl+Wk1GyBPGoHk2nedzjHlQ/6gchghyDnqaeO6JN5eeuYFvJ4
yk7aKyyI/o7ei6VDQvVz657PnX5w5cHlrAnxDdS8ZqnZhyNjoPhy+FR38zkV2s+g
zLIhszh1pQDj/+c+G0riazqz9SRAsq/OFRBcDC56N3M9
-----END CERTIFICATE-----