This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/KjnHPRF-cTfafr7GSVcAiCyWeb0.roa
File:                     KjnHPRF-cTfafr7GSVcAiCyWeb0.roa (raw, json)
Hash identifier:          3qGWJTyestuh3mdWTHBj0z2W00hoEy0Lbm5OnbjIxk0=
Subject key identifier:   2A:39:C7:3D:11:7E:71:37:DA:7E:BE:C6:49:57:00:88:2C:96:79:BD
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019B7AC8FDBEB8A776C7077092728F5B0AE3
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/KjnHPRF-cTfafr7GSVcAiCyWeb0.roa
Signing time:             Thu 01 Jan 2026 18:19:11 +0000
ROA not before:           Thu 01 Jan 2026 18:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211557
IP address blocks:        185.23.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:fd:be:b8:a7:76:c7:07:70:92:72:8f:5b:0a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Jan  1 18:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a39c73d117e7137da7ebec6495700882c9679bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:20:fa:c1:8f:85:f1:41:95:4f:6d:80:33:c4:
                    17:8a:23:fe:10:37:ce:58:ae:42:60:ff:4a:6e:74:
                    bc:55:ce:97:7d:e8:f6:69:d6:88:e1:44:a7:10:25:
                    a7:f9:53:e2:c2:e4:83:7e:26:4c:99:4c:f3:19:93:
                    dd:9f:d8:e2:5d:2c:9a:c0:8b:7c:66:19:1e:78:35:
                    cc:e1:b6:62:d5:33:cd:70:19:75:92:29:f0:5c:a8:
                    d7:3b:33:66:76:7f:7d:65:c4:2e:d2:ab:2f:95:14:
                    c8:2d:03:30:b8:6d:b0:33:fa:f8:a6:c7:71:69:9b:
                    ea:a9:95:b9:6a:3d:0f:6b:4e:ae:cf:0a:ef:e2:8b:
                    21:8b:2b:48:32:b6:38:50:64:ae:db:ad:33:26:2a:
                    8d:2e:cc:84:37:42:71:c3:e2:dc:cb:0d:82:40:a0:
                    11:35:f3:19:e5:a8:78:62:78:dd:90:d4:03:58:96:
                    1e:61:cf:5e:ad:d9:33:78:3e:b4:39:7b:15:fd:68:
                    6a:22:ca:f0:83:9b:16:04:3a:50:e2:41:ac:ee:d1:
                    87:25:1f:f0:45:dd:c3:f1:68:2c:95:4b:db:c3:b9:
                    da:ec:16:f0:56:2e:77:f3:22:e3:57:0d:5c:ed:ee:
                    e5:00:da:6e:91:a0:88:95:70:65:19:3e:f8:bc:8e:
                    3b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:39:C7:3D:11:7E:71:37:DA:7E:BE:C6:49:57:00:88:2C:96:79:BD
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/KjnHPRF-cTfafr7GSVcAiCyWeb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:e1:42:86:35:bf:e1:8e:c8:24:73:8a:92:33:35:89:75:76:
         70:0c:27:8b:7d:f0:b7:3e:4f:40:7e:a0:01:a1:3b:9a:fa:6f:
         3b:83:ca:d6:14:16:38:a4:de:f8:50:43:48:80:2e:95:ae:e3:
         29:56:d5:cb:36:44:e9:65:9d:06:90:26:97:df:9d:1a:5c:67:
         03:54:65:8f:e8:ac:36:47:e4:53:50:21:ab:65:e8:95:b7:72:
         f7:c4:5d:90:d0:f9:d4:ad:ab:f4:3d:a5:1f:98:2f:55:00:d6:
         eb:7c:a4:0c:0e:a2:ca:75:3f:26:27:14:ec:bf:75:7f:62:0b:
         2e:13:bf:34:b2:84:12:23:94:38:d1:75:02:48:f1:ef:1f:f0:
         d1:c1:44:98:13:7b:55:ee:3b:7b:7e:ca:20:7b:4f:5e:71:54:
         93:dc:e3:5e:e0:fa:38:d0:98:2f:d0:fb:60:60:ff:71:93:1b:
         06:91:22:78:f5:a7:f2:01:cc:90:2a:14:d6:66:62:d7:06:1a:
         c6:52:41:dd:b6:f7:87:89:7b:a1:40:76:44:fd:24:cb:3d:60:
         a4:e1:2c:bd:b7:6b:cd:5c:7f:f8:5f:c6:ac:f3:18:81:81:5f:
         32:98:f9:f3:c9:1b:30:6f:40:77:97:8e:40:3d:4f:ce:bd:f5:
         10:fd:03:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yP2+uKd2xwdwknKPWwrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjYwMTAxMTgxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTM5YzczZDExN2U3MTM3ZGE3ZWJlYzY0OTU3MDA4ODJjOTY3OWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SD6wY+F8UGVT22AM8QXiiP+EDfO
WK5CYP9KbnS8Vc6Xfej2adaI4USnECWn+VPiwuSDfiZMmUzzGZPdn9jiXSyawIt8
ZhkeeDXM4bZi1TPNcBl1kinwXKjXOzNmdn99ZcQu0qsvlRTILQMwuG2wM/r4psdx
aZvqqZW5aj0Pa06uzwrv4oshiytIMrY4UGSu260zJiqNLsyEN0Jxw+Lcyw2CQKAR
NfMZ5ah4YnjdkNQDWJYeYc9erdkzeD60OXsV/WhqIsrwg5sWBDpQ4kGs7tGHJR/w
Rd3D8WgslUvbw7na7BbwVi538yLjVw1c7e7lANpukaCIlXBlGT74vI47SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCo5xz0RfnE32n6+xklXAIgslnm9MB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEvS2puSFBSRi1jVGZhZnI3R1NWY0FpQ3lXZWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRcRMA0G
CSqGSIb3DQEBCwUAA4IBAQBy4UKGNb/hjsgkc4qSMzWJdXZwDCeLffC3Pk9AfqAB
oTua+m87g8rWFBY4pN74UENIgC6VruMpVtXLNkTpZZ0GkCaX350aXGcDVGWP6Kw2
R+RTUCGrZeiVt3L3xF2Q0PnUrav0PaUfmC9VANbrfKQMDqLKdT8mJxTsv3V/Ygsu
E780soQSI5Q40XUCSPHvH/DRwUSYE3tV7jt7fsoge09ecVST3ONe4Po40Jgv0Ptg
YP9xkxsGkSJ49afyAcyQKhTWZmLXBhrGUkHdtveHiXuhQHZE/STLPWCk4Sy9t2vN
XH/4X8as8xiBgV8ymPnzyRswb0B3l45APU/OvfUQ/QMA
-----END CERTIFICATE-----