This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/Kk4HsfGd30im4loLCXTsCFiytPU.roa
File:                     Kk4HsfGd30im4loLCXTsCFiytPU.roa (raw, json)
Hash identifier:          oKLzpVpeAoy3QzeCxsxeoWZkV7KJYmzZC8B43Ea48cY=
Subject key identifier:   2A:4E:07:B1:F1:9D:DF:48:A6:E2:5A:0B:09:74:EC:08:58:B2:B4:F5
Certificate issuer:       /CN=143239651db6aab1bcb67325f785b5ee1f4025cb
Certificate serial:       019B7B356CB2335481ED22747D32D2603F7B
Authority key identifier: 14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/Kk4HsfGd30im4loLCXTsCFiytPU.roa
Signing time:             Thu 01 Jan 2026 20:17:37 +0000
ROA not before:           Thu 01 Jan 2026 20:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208972
IP address blocks:        194.36.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:6c:b2:33:54:81:ed:22:74:7d:32:d2:60:3f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143239651db6aab1bcb67325f785b5ee1f4025cb
        Validity
            Not Before: Jan  1 20:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a4e07b1f19ddf48a6e25a0b0974ec0858b2b4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:07:83:97:96:eb:ed:fb:c8:4b:9c:f9:4e:2e:
                    ac:02:d6:a0:ec:29:ce:ed:9e:0c:7c:9f:f4:c7:a5:
                    f7:98:93:df:3d:5c:b3:7a:f7:0b:74:29:aa:c6:c7:
                    a3:a2:86:6a:67:26:29:bc:57:7d:ca:bb:25:44:48:
                    c6:d0:05:6c:39:84:6f:7d:4c:57:6f:9a:53:b1:87:
                    08:21:89:0d:ef:5b:09:4c:06:bb:9e:dd:fe:d2:01:
                    b1:6b:66:9f:71:dc:62:1e:83:aa:9a:07:60:51:a7:
                    e3:51:6a:1a:f4:f8:02:9c:c8:92:c9:e8:14:e7:de:
                    4f:4d:a0:1e:5a:32:5a:dd:2a:35:f8:b0:cd:ff:df:
                    39:1d:60:6f:aa:51:50:56:6e:38:d6:7e:b7:ea:9d:
                    37:bf:f4:85:c1:da:90:1c:fd:d4:3a:31:67:fd:01:
                    a5:db:67:3e:49:9d:82:c2:b2:1d:ef:de:2f:73:5d:
                    aa:4c:4e:c0:0f:20:7f:e9:93:4a:f6:56:26:4f:63:
                    8f:1a:4e:7e:71:ba:54:d6:2f:78:0e:31:89:eb:70:
                    3a:dd:1f:d2:59:84:52:db:6f:2a:b4:ab:f4:b6:30:
                    8e:a5:97:67:ba:01:4d:6e:db:15:9e:1e:a8:6d:52:
                    ba:2d:e0:c2:dd:05:eb:40:27:a0:e2:31:f3:3b:1e:
                    ab:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4E:07:B1:F1:9D:DF:48:A6:E2:5A:0B:09:74:EC:08:58:B2:B4:F5
            X509v3 Authority Key Identifier:
                keyid:14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/Kk4HsfGd30im4loLCXTsCFiytPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:51:ab:6f:73:96:a6:b8:5f:8b:26:4f:18:ae:95:b8:ea:77:
         ab:6f:c2:3d:ef:00:97:74:3b:da:82:d9:8d:8f:e3:1d:ad:25:
         7e:4a:3a:ba:af:47:58:bb:67:91:e7:5a:94:ac:40:b0:e4:45:
         a5:73:3f:08:93:fc:1a:85:5a:fa:f6:dd:77:e7:0b:45:9e:41:
         c0:67:c2:f9:6a:48:c3:15:4b:21:43:f6:20:46:75:f0:cd:90:
         54:5c:d9:9b:e5:34:fb:da:ad:04:5b:11:ca:b8:c1:13:8c:bc:
         4f:36:4b:79:97:3c:81:50:8c:d3:21:a3:3e:2e:a2:dc:5e:81:
         4f:2e:36:80:69:fe:0e:ce:ab:71:58:df:74:76:57:8d:68:99:
         0a:34:c2:b0:54:6c:d3:bd:4c:ae:a0:f0:22:bf:39:a8:90:47:
         21:eb:f3:8e:15:5f:7c:88:cf:07:42:d1:ec:be:24:ff:2e:01:
         32:39:eb:ce:c6:33:0c:99:f5:60:ea:2b:bb:8d:a7:1a:c8:1b:
         09:17:c8:80:a9:2d:fd:6d:48:20:00:2a:ea:3b:4b:a5:59:f5:
         0b:bb:49:6f:da:d7:33:0d:1b:5b:e4:ee:91:b4:8e:e5:3d:71:
         7d:56:2f:8f:25:ba:03:46:71:80:2a:f0:99:8e:51:97:2d:fa:
         2a:34:5d:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWyyM1SB7SJ0fTLSYD97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzIzOTY1MWRiNmFhYjFiY2I2NzMyNWY3ODViNWVlMWY0
MDI1Y2IwHhcNMjYwMTAxMjAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRlMDdiMWYxOWRkZjQ4YTZlMjVhMGIwOTc0ZWMwODU4YjJiNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgeDl5br7fvIS5z5Ti6sAtag7CnO
7Z4MfJ/0x6X3mJPfPVyzevcLdCmqxsejooZqZyYpvFd9yrslREjG0AVsOYRvfUxX
b5pTsYcIIYkN71sJTAa7nt3+0gGxa2afcdxiHoOqmgdgUafjUWoa9PgCnMiSyegU
595PTaAeWjJa3So1+LDN/985HWBvqlFQVm441n636p03v/SFwdqQHP3UOjFn/QGl
22c+SZ2CwrId794vc12qTE7ADyB/6ZNK9lYmT2OPGk5+cbpU1i94DjGJ63A63R/S
WYRS228qtKv0tjCOpZdnugFNbtsVnh6obVK6LeDC3QXrQCeg4jHzOx6rhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpOB7Hxnd9IpuJaCwl07AhYsrT1MB8GA1UdIwQY
MBaAFBQyOWUdtqqxvLZzJfeFte4fQCXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQt
NmVlYzc3ZDliOTg1LzEvS2s0SHNmR2QzMGltNGxvTENYVHNDRml5dFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQtNmVlYzc3ZDliOTg1
LzEvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiRWMA0G
CSqGSIb3DQEBCwUAA4IBAQBtUatvc5amuF+LJk8YrpW46nerb8I97wCXdDvagtmN
j+MdrSV+Sjq6r0dYu2eR51qUrECw5EWlcz8Ik/wahVr69t135wtFnkHAZ8L5akjD
FUshQ/YgRnXwzZBUXNmb5TT72q0EWxHKuMETjLxPNkt5lzyBUIzTIaM+LqLcXoFP
LjaAaf4OzqtxWN90dleNaJkKNMKwVGzTvUyuoPAivzmokEch6/OOFV98iM8HQtHs
viT/LgEyOevOxjMMmfVg6iu7jacayBsJF8iAqS39bUggACrqO0ulWfULu0lv2tcz
DRtb5O6RtI7lPXF9Vi+PJboDRnGAKvCZjlGXLfoqNF2y
-----END CERTIFICATE-----