This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/klIt1NStPul9M_ZMJsdKutacUMM.roa
File:                     klIt1NStPul9M_ZMJsdKutacUMM.roa (raw, json)
Hash identifier:          Bg/ud8VNM1Ut9qaDX4Qy7kRtx9Mw6PMvkK9VqDfBpa8=
Subject key identifier:   92:52:2D:D4:D4:AD:3E:E9:7D:33:F6:4C:26:C7:4A:BA:D6:9C:50:C3
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       019B7EA7145FC1D2EBB06663E44AE21E8FB2
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/klIt1NStPul9M_ZMJsdKutacUMM.roa
Signing time:             Fri 02 Jan 2026 12:20:37 +0000
ROA not before:           Fri 02 Jan 2026 12:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214972
IP address blocks:        185.150.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:14:5f:c1:d2:eb:b0:66:63:e4:4a:e2:1e:8f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Jan  2 12:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92522dd4d4ad3ee97d33f64c26c74abad69c50c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b9:4c:c5:ec:26:f7:92:f4:02:9f:42:7f:34:
                    ce:b5:51:38:f4:e9:a5:6f:db:02:d7:9f:05:85:76:
                    88:d2:1f:68:40:ed:09:1e:e4:e4:51:10:c6:bc:04:
                    66:6f:bf:8a:4c:d7:e2:de:a9:69:32:3e:65:48:d5:
                    c3:ac:5d:99:6e:5e:01:f1:44:06:f9:52:54:65:98:
                    79:57:c5:3a:92:35:74:67:d6:9a:33:3d:0f:fc:4e:
                    bd:62:31:2e:f3:d3:b0:7f:24:e5:71:91:b7:7b:9a:
                    9a:da:a9:86:5b:38:af:6f:94:84:a2:bf:c5:cb:99:
                    e1:33:3d:9d:e7:39:6d:ef:61:00:38:72:e3:37:85:
                    42:3b:b9:59:7b:a5:e1:49:81:4f:37:a0:fc:65:98:
                    70:ff:4b:5a:25:35:f4:c0:24:a2:ba:9e:c1:1c:51:
                    9b:d8:cb:40:81:ec:fd:17:de:56:3e:1f:a9:b2:4b:
                    ad:42:76:43:1a:43:31:65:8d:37:9a:81:05:a7:c3:
                    e7:6d:c5:23:d9:81:58:e4:2d:00:f2:30:ad:25:43:
                    54:72:ed:01:f7:91:73:34:27:bd:5c:8e:c1:99:8e:
                    e8:83:ed:05:09:ae:02:9e:54:0a:d2:aa:d3:57:e5:
                    a4:21:73:43:63:9c:f9:a6:77:67:85:ee:84:45:98:
                    69:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:52:2D:D4:D4:AD:3E:E9:7D:33:F6:4C:26:C7:4A:BA:D6:9C:50:C3
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/klIt1NStPul9M_ZMJsdKutacUMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:de:b6:1b:ee:11:b2:6d:e9:5b:db:cb:f0:56:72:16:b4:a3:
         b6:2b:13:8b:7b:c2:b5:70:e3:33:ae:e7:2b:c0:d4:7f:74:02:
         af:99:d9:e8:89:07:3e:12:73:a2:41:b7:23:74:5e:41:2f:52:
         0a:33:2d:3e:20:44:d7:b0:e8:e0:96:f6:25:f4:02:19:1b:4e:
         86:03:79:d3:fe:ea:ae:f7:2e:33:3d:c4:a1:b3:53:bb:c4:2e:
         bd:ce:23:f9:7a:1b:74:ee:19:1e:fb:4f:d9:45:bf:9b:7a:63:
         3e:7a:05:a8:f0:fd:74:15:45:ec:39:87:27:89:a5:13:6b:6a:
         e7:d8:cf:6e:72:2a:95:93:6b:9d:20:68:d6:a2:e8:6b:a5:d8:
         ad:b8:4c:2a:97:b2:67:c5:82:f3:9f:09:94:14:da:d3:7b:25:
         7a:1e:8f:db:90:88:97:26:3f:bf:5a:db:fa:0b:8c:80:14:31:
         c5:2d:ce:f8:18:7b:ae:d1:68:ad:d9:c2:01:38:d0:44:d8:d1:
         83:da:11:de:6d:24:ed:94:82:fa:44:9f:b6:9c:a4:b2:0e:0e:
         a2:d0:bb:cc:67:10:0d:47:44:5a:60:57:4a:c4:81:2a:35:9d:
         50:42:fe:41:f2:64:62:ad:74:18:3b:ed:cd:92:2e:9b:53:19:
         6a:c1:e6:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pxRfwdLrsGZj5EriHo+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjYwMTAyMTIyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjUyMmRkNGQ0YWQzZWU5N2QzM2Y2NGMyNmM3NGFiYWQ2OWM1MGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrlMxewm95L0Ap9CfzTOtVE49Oml
b9sC158FhXaI0h9oQO0JHuTkURDGvARmb7+KTNfi3qlpMj5lSNXDrF2Zbl4B8UQG
+VJUZZh5V8U6kjV0Z9aaMz0P/E69YjEu89OwfyTlcZG3e5qa2qmGWzivb5SEor/F
y5nhMz2d5zlt72EAOHLjN4VCO7lZe6XhSYFPN6D8ZZhw/0taJTX0wCSiup7BHFGb
2MtAgez9F95WPh+pskutQnZDGkMxZY03moEFp8PnbcUj2YFY5C0A8jCtJUNUcu0B
95FzNCe9XI7BmY7og+0FCa4CnlQK0qrTV+WkIXNDY5z5pndnhe6ERZhpZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJSLdTUrT7pfTP2TCbHSrrWnFDDMB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEva2xJdDFOU3RQdWw5TV9aTUpzZEt1dGFjVU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZaBMA0G
CSqGSIb3DQEBCwUAA4IBAQB33rYb7hGybelb28vwVnIWtKO2KxOLe8K1cOMzrucr
wNR/dAKvmdnoiQc+EnOiQbcjdF5BL1IKMy0+IETXsOjglvYl9AIZG06GA3nT/uqu
9y4zPcShs1O7xC69ziP5eht07hke+0/ZRb+bemM+egWo8P10FUXsOYcniaUTa2rn
2M9uciqVk2udIGjWouhrpdituEwql7JnxYLznwmUFNrTeyV6Ho/bkIiXJj+/Wtv6
C4yAFDHFLc74GHuu0Wit2cIBONBE2NGD2hHebSTtlIL6RJ+2nKSyDg6i0LvMZxAN
R0RaYFdKxIEqNZ1QQv5B8mRirXQYO+3Nki6bUxlqwebZ
-----END CERTIFICATE-----