This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/KQsPApaYWV1_80rHUTYo4kduGEc.roa
File:                     KQsPApaYWV1_80rHUTYo4kduGEc.roa (raw, json)
Hash identifier:          DMlh9LVsGQgoH2sC6mgiD6McwaNhSBUcv3JC9I342EY=
Subject key identifier:   29:0B:0F:02:96:98:59:5D:7F:F3:4A:C7:51:36:28:E2:47:6E:18:47
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       019B791133910368987ACB10C2B71D905861
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/KQsPApaYWV1_80rHUTYo4kduGEc.roa
Signing time:             Thu 01 Jan 2026 10:18:49 +0000
ROA not before:           Thu 01 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60162
IP address blocks:        213.128.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:33:91:03:68:98:7a:cb:10:c2:b7:1d:90:58:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=290b0f029698595d7ff34ac7513628e2476e1847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d3:ef:33:bf:a5:b2:9e:7e:18:5b:8e:a5:9c:
                    05:8b:1c:99:03:b8:9a:3f:fd:26:82:e6:a6:33:aa:
                    fb:71:f0:9e:3c:f0:b3:92:2f:83:b5:b3:ba:2f:e9:
                    f6:49:dd:5b:6b:3d:1a:73:d0:a2:c1:a1:59:02:17:
                    af:fe:83:87:5e:72:f4:5f:ef:a6:7f:42:dd:da:01:
                    8d:05:ed:38:df:37:9a:c9:34:21:a6:6c:2e:bc:0c:
                    9f:ba:7f:c7:4d:96:a2:2e:84:05:b2:37:ad:50:a1:
                    64:16:78:bd:e4:3f:7a:7b:17:d3:aa:6c:a9:b2:48:
                    67:ed:d0:a4:8b:d8:d4:e6:f0:e6:19:a8:23:34:af:
                    f7:53:f6:e0:4a:d0:92:e6:e1:17:3b:01:a2:15:53:
                    ae:dc:df:d0:a4:0a:b1:03:cf:2b:0c:73:25:43:60:
                    22:66:b0:8d:85:8a:c6:97:f4:9d:56:72:1e:d9:5c:
                    f5:77:cd:b8:53:1d:22:96:53:53:05:f6:99:fe:e2:
                    a0:c7:86:4a:5f:53:fe:39:22:f9:e6:8c:9e:a2:36:
                    13:67:7e:6c:09:ec:18:3f:1d:ad:66:c2:36:29:02:
                    f7:4b:a0:12:cf:29:67:b2:86:d9:a4:9d:f3:ff:39:
                    92:84:b1:ca:26:e9:78:e2:b5:5a:6b:1e:88:4f:04:
                    c2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0B:0F:02:96:98:59:5D:7F:F3:4A:C7:51:36:28:E2:47:6E:18:47
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/KQsPApaYWV1_80rHUTYo4kduGEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.128.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:40:2b:ba:42:a6:1d:06:4f:dc:1d:16:c0:66:05:fc:08:3f:
         89:f6:23:55:fb:2c:6d:f8:0f:5c:bf:a0:69:8f:30:fc:dc:dc:
         e1:67:13:66:a2:bd:78:2b:f0:0e:98:2d:ab:60:6f:e3:a8:16:
         1d:5b:62:f1:18:7e:56:56:6a:31:a6:b6:89:0e:90:d5:7a:f3:
         72:3b:b9:46:b7:5e:72:e9:24:5e:6e:7d:c3:73:e8:df:6f:ec:
         2b:a1:69:24:67:a5:7e:65:25:9d:7d:ee:07:46:ee:d0:62:6f:
         d0:3f:b8:d9:fa:aa:75:80:39:d3:e6:d0:f2:b7:b7:d3:71:58:
         8c:5f:39:3f:34:ae:be:45:73:5d:95:cb:26:24:5a:7b:6d:4b:
         30:76:89:d5:6e:85:41:64:36:80:aa:51:d1:f1:0a:01:a3:81:
         f3:cc:64:ce:b4:fc:53:29:37:2c:ec:08:82:48:22:b1:cc:d3:
         fd:79:b3:4d:08:57:d9:27:34:57:9d:5b:de:02:a2:b7:23:b5:
         f0:75:94:83:1e:21:0b:61:ec:13:92:09:b0:51:db:75:f5:d8:
         e2:a8:41:08:85:53:a4:64:3f:87:28:39:03:b2:e9:65:f4:18:
         66:01:6a:9b:f3:17:ad:5e:71:fe:47:e4:55:41:13:cc:ba:51:
         b9:e5:ce:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ETORA2iYessQwrcdkFhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjYwMTAxMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBiMGYwMjk2OTg1OTVkN2ZmMzRhYzc1MTM2MjhlMjQ3NmUxODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtPvM7+lsp5+GFuOpZwFixyZA7ia
P/0mguamM6r7cfCePPCzki+DtbO6L+n2Sd1baz0ac9CiwaFZAhev/oOHXnL0X++m
f0Ld2gGNBe043zeayTQhpmwuvAyfun/HTZaiLoQFsjetUKFkFni95D96exfTqmyp
skhn7dCki9jU5vDmGagjNK/3U/bgStCS5uEXOwGiFVOu3N/QpAqxA88rDHMlQ2Ai
ZrCNhYrGl/SdVnIe2Vz1d824Ux0illNTBfaZ/uKgx4ZKX1P+OSL55oyeojYTZ35s
CewYPx2tZsI2KQL3S6ASzylnsobZpJ3z/zmShLHKJul44rVaax6ITwTCdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkLDwKWmFldf/NKx1E2KOJHbhhHMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvS1FzUEFwYVlXVjFfODBySFVUWW80a2R1R0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YDQMA0G
CSqGSIb3DQEBCwUAA4IBAQC0QCu6QqYdBk/cHRbAZgX8CD+J9iNV+yxt+A9cv6Bp
jzD83NzhZxNmor14K/AOmC2rYG/jqBYdW2LxGH5WVmoxpraJDpDVevNyO7lGt15y
6SRebn3Dc+jfb+wroWkkZ6V+ZSWdfe4HRu7QYm/QP7jZ+qp1gDnT5tDyt7fTcViM
Xzk/NK6+RXNdlcsmJFp7bUswdonVboVBZDaAqlHR8QoBo4HzzGTOtPxTKTcs7AiC
SCKxzNP9ebNNCFfZJzRXnVveAqK3I7XwdZSDHiELYewTkgmwUdt19djiqEEIhVOk
ZD+HKDkDsull9BhmAWqb8xetXnH+R+RVQRPMulG55c4v
-----END CERTIFICATE-----