This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/KvNF-GNwZ3nupnOa4r1l2jy1zCI.roa
File:                     KvNF-GNwZ3nupnOa4r1l2jy1zCI.roa (raw, json)
Hash identifier:          atOFPKEzfFHxFdsBH5bVAxThEg5GX7FYolGtUJKktyc=
Subject key identifier:   2A:F3:45:F8:63:70:67:79:EE:A6:73:9A:E2:BD:65:DA:3C:B5:CC:22
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019B77C764C57B94A1C1643A1D99F9E4F58F
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/KvNF-GNwZ3nupnOa4r1l2jy1zCI.roa
Signing time:             Thu 01 Jan 2026 04:18:34 +0000
ROA not before:           Thu 01 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43513
IP address blocks:        2a11:9883::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:64:c5:7b:94:a1:c1:64:3a:1d:99:f9:e4:f5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jan  1 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2af345f863706779eea6739ae2bd65da3cb5cc22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9d:c7:4c:59:e7:c1:c0:f1:28:9c:06:d4:02:
                    30:9a:38:ae:d6:26:54:8c:bc:c5:a4:be:bf:b2:bd:
                    3e:bc:b8:8b:6b:6b:2b:2e:50:86:0e:72:65:07:c0:
                    91:84:ca:41:cb:1b:b7:50:97:d3:da:76:4e:21:fa:
                    04:a8:e9:91:76:cc:be:f3:1d:5e:27:48:75:be:33:
                    1b:bf:85:cb:4c:06:ba:a2:e1:98:86:32:6e:12:14:
                    57:b6:ec:dc:ba:8e:02:20:08:a1:e7:40:bd:ac:95:
                    d3:0e:9c:53:95:a4:f8:db:38:c1:2b:e7:f7:91:a3:
                    1c:9f:ea:ca:b7:d6:1d:d1:d1:26:a2:c8:05:c2:db:
                    45:4b:6e:84:38:a2:ea:34:d6:f5:f7:0c:27:20:9c:
                    79:91:d9:a2:3b:c8:14:53:f0:bb:47:d5:d6:c4:35:
                    e1:1b:cc:dc:a0:07:f0:54:f3:8b:df:af:ff:d7:5b:
                    8c:33:e9:44:ce:68:91:8a:f7:2e:bb:1b:3d:c0:20:
                    be:23:be:29:dc:b1:91:5f:6c:ca:3c:30:fe:7b:e3:
                    27:5f:2f:a5:1d:df:26:61:7b:92:0c:2f:df:b7:3f:
                    bd:fc:d4:ff:d8:90:11:d2:20:7c:40:97:50:8c:ef:
                    e7:d7:12:c5:92:6e:82:a1:3d:d0:53:4c:9c:e3:96:
                    35:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F3:45:F8:63:70:67:79:EE:A6:73:9A:E2:BD:65:DA:3C:B5:CC:22
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/KvNF-GNwZ3nupnOa4r1l2jy1zCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:9883::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:2d:05:a7:bc:2f:8d:1d:a0:69:2a:34:36:ed:7b:bd:41:7d:
         de:71:a0:0c:b5:12:f8:9b:37:44:34:ac:b6:fc:af:c1:4b:1e:
         b1:5d:e0:da:e6:1f:6d:3f:b7:20:8b:79:d2:8b:d7:b6:2f:a7:
         8a:bf:4a:b1:65:f7:a1:c7:dd:cc:a1:4d:cb:3f:df:10:cc:71:
         1e:94:90:29:87:da:22:e4:8b:27:10:23:34:a3:8e:f7:26:fe:
         8e:68:f6:f1:04:2f:a0:99:43:5a:ca:23:7c:83:03:65:41:70:
         24:ea:0a:0d:18:0b:bf:9e:28:e6:db:9e:66:c1:01:92:18:33:
         d3:cd:bb:ed:89:52:9a:a9:fa:63:18:da:cd:7b:20:06:6f:f9:
         5e:c8:37:67:cf:03:00:53:07:bd:67:f1:aa:21:24:44:33:11:
         dc:11:5e:57:1e:bd:1a:58:45:1d:a6:1b:1d:61:68:b5:29:16:
         59:e1:b9:66:5c:2f:5d:80:89:ab:e9:3a:63:15:0c:46:86:5e:
         47:6e:92:1c:48:97:1c:53:42:c2:9a:dc:b7:4d:b5:84:60:6f:
         4a:74:9d:32:0c:17:64:74:f1:c4:1d:3e:67:04:58:8f:7d:e0:
         9e:14:32:61:cb:f0:55:a3:e9:5e:87:d1:a1:d3:cd:8c:2d:9c:
         36:b5:47:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3x2TFe5ShwWQ6HZn55PWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMTAxMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYzNDVmODYzNzA2Nzc5ZWVhNjczOWFlMmJkNjVkYTNjYjVjYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Z3HTFnnwcDxKJwG1AIwmjiu1iZU
jLzFpL6/sr0+vLiLa2srLlCGDnJlB8CRhMpByxu3UJfT2nZOIfoEqOmRdsy+8x1e
J0h1vjMbv4XLTAa6ouGYhjJuEhRXtuzcuo4CIAih50C9rJXTDpxTlaT42zjBK+f3
kaMcn+rKt9Yd0dEmosgFwttFS26EOKLqNNb19wwnIJx5kdmiO8gUU/C7R9XWxDXh
G8zcoAfwVPOL36//11uMM+lEzmiRivcuuxs9wCC+I74p3LGRX2zKPDD+e+MnXy+l
Hd8mYXuSDC/ftz+9/NT/2JAR0iB8QJdQjO/n1xLFkm6CoT3QU0yc45Y1kwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCrzRfhjcGd57qZzmuK9Zdo8tcwiMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvS3ZORi1HTndaM251cG5PYTRyMWwyankxekNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGYgzAN
BgkqhkiG9w0BAQsFAAOCAQEAQC0Fp7wvjR2gaSo0Nu17vUF93nGgDLUS+Js3RDSs
tvyvwUsesV3g2uYfbT+3IIt50ovXti+nir9KsWX3ocfdzKFNyz/fEMxxHpSQKYfa
IuSLJxAjNKOO9yb+jmj28QQvoJlDWsojfIMDZUFwJOoKDRgLv54o5tueZsEBkhgz
08277YlSmqn6YxjazXsgBm/5Xsg3Z88DAFMHvWfxqiEkRDMR3BFeVx69GlhFHaYb
HWFotSkWWeG5ZlwvXYCJq+k6YxUMRoZeR26SHEiXHFNCwprct021hGBvSnSdMgwX
ZHTxxB0+ZwRYj33gnhQyYcvwVaPpXofRodPNjC2cNrVHyw==
-----END CERTIFICATE-----