This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/Kl7ksgdkf5mddCaAPgAWOeKhVvg.roa
File:                     Kl7ksgdkf5mddCaAPgAWOeKhVvg.roa (raw, json)
Hash identifier:          rOa18GJtuQqpcGIrwGnhcp3m4z08/3Ol4xsmgiWc0ew=
Subject key identifier:   2A:5E:E4:B2:07:64:7F:99:9D:74:26:80:3E:00:16:39:E2:A1:56:F8
Certificate issuer:       /CN=1c2716ef09fae490cc7cdbd36094db5f3d0a1c72
Certificate serial:       019B7DCB0988446B4A5B1B51E3072DC50954
Authority key identifier: 1C:27:16:EF:09:FA:E4:90:CC:7C:DB:D3:60:94:DB:5F:3D:0A:1C:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCcW7wn65JDMfNvTYJTbXz0KHHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/Kl7ksgdkf5mddCaAPgAWOeKhVvg.roa
Signing time:             Fri 02 Jan 2026 08:20:16 +0000
ROA not before:           Fri 02 Jan 2026 08:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197653
IP address blocks:        62.122.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/HCcW7wn65JDMfNvTYJTbXz0KHHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/HCcW7wn65JDMfNvTYJTbXz0KHHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCcW7wn65JDMfNvTYJTbXz0KHHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:09:88:44:6b:4a:5b:1b:51:e3:07:2d:c5:09:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c2716ef09fae490cc7cdbd36094db5f3d0a1c72
        Validity
            Not Before: Jan  2 08:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a5ee4b207647f999d7426803e001639e2a156f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d6:8d:e5:78:00:06:ff:f8:ef:16:1f:79:bf:
                    50:3f:81:5b:37:e2:ba:fd:62:c8:b7:46:04:2c:9d:
                    85:f3:23:65:d1:0f:6b:e7:e2:cd:d2:25:3f:9e:0e:
                    dd:fa:9c:af:c8:5d:01:10:0e:65:13:f0:d4:f5:65:
                    c2:ad:ff:4c:b3:a0:be:94:2d:5e:f1:f8:37:da:07:
                    c3:e6:c3:ef:40:1d:ef:af:36:a7:cc:73:56:3d:56:
                    32:d5:b0:ec:9a:89:76:bb:47:5c:04:98:0c:ab:c9:
                    15:06:42:2e:9c:0a:c7:4f:e3:ca:c5:ac:1d:ca:cf:
                    31:a4:84:d2:a6:b2:83:30:ce:56:6b:30:74:b8:ba:
                    b5:07:59:6d:4b:c4:d1:7f:51:be:20:b8:22:33:ef:
                    44:3e:5e:dd:f9:05:0d:60:d9:5b:fd:11:d2:fb:4a:
                    16:5c:e0:cc:e7:c2:47:59:a7:e8:01:f3:de:72:74:
                    07:ce:a7:c2:59:09:f5:70:6b:60:ba:70:3e:ad:fe:
                    b2:0d:08:3b:c5:1b:33:55:d3:ff:9e:95:e2:4b:5c:
                    dc:b9:86:d4:8b:79:90:18:2e:30:8c:49:41:02:a9:
                    70:30:dd:c9:73:11:60:57:ad:ec:f7:37:44:34:85:
                    b5:92:2b:5b:02:b9:9f:2e:73:cc:1f:42:02:ff:b4:
                    86:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5E:E4:B2:07:64:7F:99:9D:74:26:80:3E:00:16:39:E2:A1:56:F8
            X509v3 Authority Key Identifier:
                keyid:1C:27:16:EF:09:FA:E4:90:CC:7C:DB:D3:60:94:DB:5F:3D:0A:1C:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCcW7wn65JDMfNvTYJTbXz0KHHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/Kl7ksgdkf5mddCaAPgAWOeKhVvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/6a7ea2-abfd-44d2-a7ae-14d1ac34a5f2/1/HCcW7wn65JDMfNvTYJTbXz0KHHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:bc:40:a0:36:8f:19:3c:6b:c9:48:a6:59:e3:25:02:f9:57:
         be:d3:bb:1b:fd:f4:1f:04:46:09:17:34:85:6a:7e:85:da:5b:
         6d:52:5e:e4:0c:6b:c0:6f:79:44:65:71:ed:49:c8:e1:6d:c6:
         57:e6:0f:01:85:e4:5d:6a:0b:9a:57:bd:f7:8d:af:99:5a:42:
         4a:8a:74:68:f0:54:43:da:df:27:fd:66:8b:74:f1:b9:fd:06:
         59:f8:18:e5:b8:e1:ad:ed:fa:b1:8c:a3:5f:4d:4e:d5:b8:62:
         79:5b:1e:9d:e5:62:b7:d1:b8:9d:e1:3c:51:46:54:fc:04:58:
         28:98:ae:8f:50:2f:9b:6d:7b:7e:90:35:3e:ee:9f:4b:99:26:
         e6:3b:b0:d7:ce:64:3c:73:91:dd:8e:f1:d0:f0:2d:c5:d8:73:
         5e:ee:23:83:66:ee:96:5c:2b:74:64:7e:4b:02:db:16:f8:e1:
         50:f0:37:b6:7c:59:11:ca:6c:70:9f:dd:bf:74:cd:45:ba:b6:
         ae:89:5d:51:9c:b9:6b:dc:ce:e9:6c:ed:13:37:9f:e4:2e:46:
         fd:f9:3e:6e:4a:8f:f1:fe:f9:3c:c9:9c:e2:80:37:bb:69:af:
         f4:7d:9c:04:14:bf:49:2a:d1:43:37:fa:a1:70:e4:fa:b8:9e:
         3d:e6:98:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ywmIRGtKWxtR4wctxQlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMjcxNmVmMDlmYWU0OTBjYzdjZGJkMzYwOTRkYjVmM2Qw
YTFjNzIwHhcNMjYwMTAyMDgyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTVlZTRiMjA3NjQ3Zjk5OWQ3NDI2ODAzZTAwMTYzOWUyYTE1NmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtaN5XgABv/47xYfeb9QP4FbN+K6
/WLIt0YELJ2F8yNl0Q9r5+LN0iU/ng7d+pyvyF0BEA5lE/DU9WXCrf9Ms6C+lC1e
8fg32gfD5sPvQB3vrzanzHNWPVYy1bDsmol2u0dcBJgMq8kVBkIunArHT+PKxawd
ys8xpITSprKDMM5WazB0uLq1B1ltS8TRf1G+ILgiM+9EPl7d+QUNYNlb/RHS+0oW
XODM58JHWafoAfPecnQHzqfCWQn1cGtgunA+rf6yDQg7xRszVdP/npXiS1zcuYbU
i3mQGC4wjElBAqlwMN3JcxFgV63s9zdENIW1kitbArmfLnPMH0IC/7SGHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpe5LIHZH+ZnXQmgD4AFjnioVb4MB8GA1UdIwQY
MBaAFBwnFu8J+uSQzHzb02CU2189ChxyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENjVzd3bjY1SkRNZk52VFlKVGJYejBLSEhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82YTdlYTItYWJmZC00NGQyLWE3YWUt
MTRkMWFjMzRhNWYyLzEvS2w3a3NnZGtmNW1kZENhQVBnQVdPZUtoVnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82YTdlYTItYWJmZC00NGQyLWE3YWUtMTRkMWFjMzRhNWYy
LzEvSENjVzd3bjY1SkRNZk52VFlKVGJYejBLSEhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPnrgMA0G
CSqGSIb3DQEBCwUAA4IBAQAsvECgNo8ZPGvJSKZZ4yUC+Ve+07sb/fQfBEYJFzSF
an6F2lttUl7kDGvAb3lEZXHtScjhbcZX5g8BheRdaguaV733ja+ZWkJKinRo8FRD
2t8n/WaLdPG5/QZZ+BjluOGt7fqxjKNfTU7VuGJ5Wx6d5WK30bid4TxRRlT8BFgo
mK6PUC+bbXt+kDU+7p9LmSbmO7DXzmQ8c5HdjvHQ8C3F2HNe7iODZu6WXCt0ZH5L
AtsW+OFQ8De2fFkRymxwn92/dM1FurauiV1RnLlr3M7pbO0TN5/kLkb9+T5uSo/x
/vk8yZzigDe7aa/0fZwEFL9JKtFDN/qhcOT6uJ495pgY
-----END CERTIFICATE-----