This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KT302nZV2Y2p4WDMTwVmIhKydvc.roa
File:                     KT302nZV2Y2p4WDMTwVmIhKydvc.roa (raw, json)
Hash identifier:          RA/+n+j+c+JYu9hIIUbQQ1FyM1sNRqfioO7K+YA4lYo=
Subject key identifier:   29:3D:F4:DA:76:55:D9:8D:A9:E1:60:CC:4F:05:66:22:12:B2:76:F7
Certificate issuer:       /CN=2902c99ca732c64a19c7d9734a98fb24e5455549
Certificate serial:       019B791096B75EB6ABFBE801302AB3F029F8
Authority key identifier: 29:02:C9:9C:A7:32:C6:4A:19:C7:D9:73:4A:98:FB:24:E5:45:55:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQLJnKcyxkoZx9lzSpj7JOVFVUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KT302nZV2Y2p4WDMTwVmIhKydvc.roa
Signing time:             Thu 01 Jan 2026 10:18:08 +0000
ROA not before:           Thu 01 Jan 2026 10:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8412
IP address blocks:        91.208.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KQLJnKcyxkoZx9lzSpj7JOVFVUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KQLJnKcyxkoZx9lzSpj7JOVFVUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQLJnKcyxkoZx9lzSpj7JOVFVUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:96:b7:5e:b6:ab:fb:e8:01:30:2a:b3:f0:29:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2902c99ca732c64a19c7d9734a98fb24e5455549
        Validity
            Not Before: Jan  1 10:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=293df4da7655d98da9e160cc4f05662212b276f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:13:23:19:45:b6:8f:b4:e2:99:0f:2e:d3:55:
                    42:3d:c4:6b:6a:6e:61:e8:2a:2d:ef:c3:be:f4:33:
                    42:ba:f8:60:d7:8e:76:08:02:82:bf:6b:40:05:cb:
                    0d:0c:c3:5e:c6:b0:93:b7:51:b8:1f:3f:cb:18:f3:
                    7c:5a:9f:2c:18:df:cb:9d:de:d7:9f:d3:0f:ae:97:
                    4a:ce:e7:f1:b9:4e:70:91:4a:35:67:96:1c:2f:49:
                    0e:aa:e5:6e:89:d1:04:f1:83:23:b6:70:e7:75:89:
                    39:e8:e9:40:56:c1:29:b9:9a:08:a9:4f:81:15:ae:
                    94:bd:8e:76:e5:6d:fe:de:30:30:e2:44:f3:51:d3:
                    ed:a9:1e:97:21:e7:b3:a4:f6:c3:bb:89:bd:8d:fe:
                    d3:6d:96:02:6f:0d:8b:ba:f7:95:9d:dd:ee:7c:9e:
                    c4:dd:c1:2c:84:c4:5a:1a:53:0c:56:80:27:ab:37:
                    bc:cf:92:98:0c:12:54:b3:01:18:24:e2:3a:1b:a4:
                    5f:bc:43:8b:b1:d8:79:c6:90:f2:30:d7:a5:ba:21:
                    87:fc:ca:8a:3c:5e:12:59:c2:c6:c7:7d:5d:85:d5:
                    a5:00:b3:82:2a:ca:4b:e1:fb:cf:8e:9f:62:26:4e:
                    7c:ac:29:3e:e6:df:ab:48:9f:3b:76:5c:20:7b:24:
                    8e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3D:F4:DA:76:55:D9:8D:A9:E1:60:CC:4F:05:66:22:12:B2:76:F7
            X509v3 Authority Key Identifier:
                keyid:29:02:C9:9C:A7:32:C6:4A:19:C7:D9:73:4A:98:FB:24:E5:45:55:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQLJnKcyxkoZx9lzSpj7JOVFVUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KT302nZV2Y2p4WDMTwVmIhKydvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/54ca24-6e56-47d3-a429-b649a578f89c/1/KQLJnKcyxkoZx9lzSpj7JOVFVUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c5:66:e6:33:8d:97:e7:e6:8a:91:c2:07:66:6a:28:f3:38:
         6d:ca:be:fb:df:47:5d:9b:c9:50:a9:97:58:b4:cb:b1:67:ef:
         5b:6a:44:c6:07:11:f8:af:e8:2e:50:dd:10:3e:5f:a5:69:92:
         9d:40:6c:5c:42:3c:4b:ea:59:c1:aa:41:23:ce:35:16:dd:fc:
         64:a6:47:c2:79:1d:ce:58:48:a7:3b:44:fd:b7:bb:02:50:07:
         d3:38:47:da:51:3b:09:75:ee:4f:fe:ef:c2:00:74:ed:5e:03:
         c1:9e:61:9d:21:b2:71:cc:f0:57:31:77:7e:f8:c3:f7:04:8b:
         ab:b4:b8:81:0f:5e:38:8e:8b:11:a4:21:45:13:5a:9e:5c:7e:
         f1:aa:bd:5b:85:d9:cd:5d:e7:d0:ec:97:13:67:7a:7e:61:d9:
         48:d4:95:ab:7f:cb:7a:90:97:8d:9b:63:8c:2a:8d:8b:27:45:
         34:c4:2a:63:31:76:20:a0:77:3b:32:b1:da:5e:56:84:09:a3:
         65:ca:c9:57:01:05:24:1d:f9:24:0d:8a:ef:f5:17:5b:e3:82:
         07:90:8c:14:e4:c7:d5:a6:58:69:d5:86:53:21:40:29:53:b3:
         36:64:f6:11:f7:25:aa:b0:61:f3:61:69:ec:d5:86:de:85:b8:
         32:51:a7:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EJa3Xrar++gBMCqz8Cn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDJjOTljYTczMmM2NGExOWM3ZDk3MzRhOThmYjI0ZTU0
NTU1NDkwHhcNMjYwMTAxMTAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNkZjRkYTc2NTVkOThkYTllMTYwY2M0ZjA1NjYyMjEyYjI3NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBMjGUW2j7TimQ8u01VCPcRram5h
6Cot78O+9DNCuvhg1452CAKCv2tABcsNDMNexrCTt1G4Hz/LGPN8Wp8sGN/Lnd7X
n9MPrpdKzufxuU5wkUo1Z5YcL0kOquVuidEE8YMjtnDndYk56OlAVsEpuZoIqU+B
Fa6UvY525W3+3jAw4kTzUdPtqR6XIeezpPbDu4m9jf7TbZYCbw2LuveVnd3ufJ7E
3cEshMRaGlMMVoAnqze8z5KYDBJUswEYJOI6G6RfvEOLsdh5xpDyMNeluiGH/MqK
PF4SWcLGx31dhdWlALOCKspL4fvPjp9iJk58rCk+5t+rSJ87dlwgeySOIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk99Np2VdmNqeFgzE8FZiISsnb3MB8GA1UdIwQY
MBaAFCkCyZynMsZKGcfZc0qY+yTlRVVJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FMSm5LY3l4a29aeDlselNwajdKT1ZGVlVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81NGNhMjQtNmU1Ni00N2QzLWE0Mjkt
YjY0OWE1NzhmODljLzEvS1QzMDJuWlYyWTJwNFdETVR3Vm1JaEt5ZHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81NGNhMjQtNmU1Ni00N2QzLWE0MjktYjY0OWE1NzhmODlj
LzEvS1FMSm5LY3l4a29aeDlselNwajdKT1ZGVlVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DJMA0G
CSqGSIb3DQEBCwUAA4IBAQBbxWbmM42X5+aKkcIHZmoo8zhtyr7730ddm8lQqZdY
tMuxZ+9bakTGBxH4r+guUN0QPl+laZKdQGxcQjxL6lnBqkEjzjUW3fxkpkfCeR3O
WEinO0T9t7sCUAfTOEfaUTsJde5P/u/CAHTtXgPBnmGdIbJxzPBXMXd++MP3BIur
tLiBD144josRpCFFE1qeXH7xqr1bhdnNXefQ7JcTZ3p+YdlI1JWrf8t6kJeNm2OM
Ko2LJ0U0xCpjMXYgoHc7MrHaXlaECaNlyslXAQUkHfkkDYrv9Rdb44IHkIwU5MfV
plhp1YZTIUApU7M2ZPYR9yWqsGHzYWns1YbehbgyUacb
-----END CERTIFICATE-----