This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/ks1Upzi-z1nTgrusPaDvwPggJeE.roa
File:                     ks1Upzi-z1nTgrusPaDvwPggJeE.roa (raw, json)
Hash identifier:          tJEUHp24WZ9clCaFX4TL4xbQ3JWQ7mZBdJ+SKgZZfVc=
Subject key identifier:   92:CD:54:A7:38:BE:CF:59:D3:82:BB:AC:3D:A0:EF:C0:F8:20:25:E1
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       019B79101B7C7D96DB736FD73FCF6068760A
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/ks1Upzi-z1nTgrusPaDvwPggJeE.roa
Signing time:             Thu 01 Jan 2026 10:17:37 +0000
ROA not before:           Thu 01 Jan 2026 10:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211421
IP address blocks:        213.109.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:1b:7c:7d:96:db:73:6f:d7:3f:cf:60:68:76:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 10:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92cd54a738becf59d382bbac3da0efc0f82025e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:54:b7:a1:ce:4a:72:b4:11:e0:58:2a:7b:5d:
                    b7:08:ce:3b:be:6c:f7:70:73:09:e5:40:fd:a5:b9:
                    4e:e9:01:0c:3b:62:d9:c1:80:5e:54:e5:f4:66:84:
                    d0:f1:bc:53:bd:96:52:97:19:a9:af:a2:3d:19:7e:
                    4f:49:7c:de:d7:d9:52:e4:90:4e:4d:19:0f:d7:05:
                    64:ff:8d:b8:96:37:27:ba:0a:22:6a:ba:f7:10:90:
                    c7:20:55:af:f3:20:1d:3d:1f:3f:df:64:d0:2b:58:
                    e0:1b:0b:45:50:87:65:00:18:5e:66:6c:5d:e3:08:
                    95:6d:cd:8d:49:4b:f8:81:49:46:88:81:17:e1:4a:
                    ec:15:19:03:83:37:db:4e:88:56:19:36:38:d6:7d:
                    fa:c5:6d:f1:5f:10:ae:48:b7:ea:05:1b:59:f7:f9:
                    f1:44:13:38:cb:ad:2d:09:00:b0:e8:7f:63:c6:d0:
                    f1:ad:08:e6:0c:2a:bb:ae:32:23:6f:ad:6d:0b:51:
                    c1:55:1b:55:ad:f2:f5:5c:ca:f4:1b:91:5f:00:97:
                    2d:1e:38:14:c2:16:ec:81:2c:b0:9d:4a:43:b5:52:
                    4b:cb:fc:f3:3e:fe:15:6f:8f:38:35:87:73:fd:20:
                    53:59:17:5b:14:b4:f3:f5:01:c1:2c:c4:6c:1a:db:
                    4b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CD:54:A7:38:BE:CF:59:D3:82:BB:AC:3D:A0:EF:C0:F8:20:25:E1
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/ks1Upzi-z1nTgrusPaDvwPggJeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:02:64:31:5f:a7:9b:bf:04:d4:2b:d6:94:71:41:a4:38:9c:
         19:2a:45:c9:f9:6b:7d:bc:58:79:16:76:7e:12:61:1a:b7:50:
         ca:1b:d5:4c:b2:f4:31:a5:ae:fe:94:15:72:2d:ce:4e:d1:6d:
         02:f9:23:d5:14:00:83:9b:6d:dc:20:5a:e3:6b:08:bf:ec:9c:
         5d:c3:ea:6c:15:83:ab:d0:06:83:52:21:dc:a3:0a:ce:1c:75:
         73:47:5d:29:51:0a:ca:7e:06:d8:05:15:7d:29:fe:3b:25:55:
         15:fb:52:1d:14:88:0e:c9:9b:73:7d:76:37:e3:42:58:c4:b3:
         d8:b3:ce:3d:b9:23:33:86:ea:4b:7e:5b:bd:ae:df:d9:e8:2f:
         93:b2:a7:62:0f:0c:f6:4d:86:75:81:54:63:d8:5e:a8:0a:95:
         5b:49:97:8b:00:cd:70:68:20:4f:d9:6a:1e:ca:23:23:e9:08:
         0b:c6:e2:37:fe:fa:45:90:47:50:68:2e:d3:ff:0b:16:9a:e2:
         79:d1:28:60:f0:61:e3:a8:d0:bf:f0:d5:f9:67:8a:0d:ca:39:
         ff:88:a2:bd:dd:69:f0:53:27:1d:09:dc:a2:db:1e:2c:58:98:
         24:0a:49:aa:fa:47:55:60:8a:67:d9:af:68:36:de:67:41:d4:
         34:0a:d9:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EBt8fZbbc2/XP89gaHYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjYwMTAxMTAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmNkNTRhNzM4YmVjZjU5ZDM4MmJiYWMzZGEwZWZjMGY4MjAyNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFS3oc5KcrQR4Fgqe123CM47vmz3
cHMJ5UD9pblO6QEMO2LZwYBeVOX0ZoTQ8bxTvZZSlxmpr6I9GX5PSXze19lS5JBO
TRkP1wVk/424ljcnugoiarr3EJDHIFWv8yAdPR8/32TQK1jgGwtFUIdlABheZmxd
4wiVbc2NSUv4gUlGiIEX4UrsFRkDgzfbTohWGTY41n36xW3xXxCuSLfqBRtZ9/nx
RBM4y60tCQCw6H9jxtDxrQjmDCq7rjIjb61tC1HBVRtVrfL1XMr0G5FfAJctHjgU
whbsgSywnUpDtVJLy/zzPv4Vb484NYdz/SBTWRdbFLTz9QHBLMRsGttLpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLNVKc4vs9Z04K7rD2g78D4ICXhMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEva3MxVXB6aS16MW5UZ3J1c1BhRHZ3UGdnSmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1W3HMA0G
CSqGSIb3DQEBCwUAA4IBAQB/AmQxX6ebvwTUK9aUcUGkOJwZKkXJ+Wt9vFh5FnZ+
EmEat1DKG9VMsvQxpa7+lBVyLc5O0W0C+SPVFACDm23cIFrjawi/7Jxdw+psFYOr
0AaDUiHcowrOHHVzR10pUQrKfgbYBRV9Kf47JVUV+1IdFIgOyZtzfXY340JYxLPY
s849uSMzhupLflu9rt/Z6C+TsqdiDwz2TYZ1gVRj2F6oCpVbSZeLAM1waCBP2Woe
yiMj6QgLxuI3/vpFkEdQaC7T/wsWmuJ50Shg8GHjqNC/8NX5Z4oNyjn/iKK93Wnw
UycdCdyi2x4sWJgkCkmq+kdVYIpn2a9oNt5nQdQ0Ctn+
-----END CERTIFICATE-----