This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/KcmV8oBRoGzjxOHt-8ic3_JKEog.roa
File:                     KcmV8oBRoGzjxOHt-8ic3_JKEog.roa (raw, json)
Hash identifier:          I0SFj3nuJizf26jnbqDeLC1lOQjufyA0x0s3y7ZnVXg=
Subject key identifier:   29:C9:95:F2:80:51:A0:6C:E3:C4:E1:ED:FB:C8:9C:DF:F2:4A:12:88
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED1FB190D369E89D6940FA19E8A862
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/KcmV8oBRoGzjxOHt-8ic3_JKEog.roa
Signing time:             Thu 01 Jan 2026 14:19:01 +0000
ROA not before:           Thu 01 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201125
IP address blocks:        148.81.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1f:b1:90:d3:69:e8:9d:69:40:fa:19:e8:a8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29c995f28051a06ce3c4e1edfbc89cdff24a1288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:59:44:80:89:10:69:a3:b1:23:41:85:1f:35:
                    f3:95:1e:d6:e4:e0:4d:58:ec:6f:ef:89:e9:27:ff:
                    87:a9:49:20:0e:d2:01:b2:f7:4e:74:7d:3b:d4:8b:
                    d7:09:a6:8c:90:43:da:c8:3e:35:36:2c:9b:c2:5e:
                    25:b5:67:7c:f7:91:96:06:95:26:97:b5:7c:4b:41:
                    d5:2f:1b:4a:d4:eb:9e:a4:f9:44:55:b0:96:af:7a:
                    a2:db:27:9b:ab:3a:ce:7e:60:02:9f:45:aa:64:63:
                    0d:1b:2a:19:3a:fd:db:b0:1f:ae:04:f9:2c:d7:71:
                    e4:c8:a3:b8:39:ef:0d:a2:3c:78:be:5b:d6:91:9e:
                    d7:c8:1d:f8:f8:d3:ae:ee:47:16:22:8e:87:4c:2f:
                    3a:a5:23:76:dd:70:e9:0e:15:89:d9:3c:dd:ad:1e:
                    5c:0b:74:4c:82:82:04:3f:9c:4c:16:b1:fc:f7:25:
                    23:ad:f6:db:5a:e0:31:c5:4e:56:a3:cf:71:c3:dd:
                    77:a9:11:0e:e0:3d:1c:68:98:de:3e:e4:98:5a:ae:
                    fc:72:94:83:85:d4:b6:09:2e:a3:29:8d:4a:05:e8:
                    5d:eb:f6:54:1e:a1:6b:6c:54:12:36:60:dc:f0:38:
                    09:74:39:61:f5:3b:df:c2:cc:b6:8f:f2:5d:11:df:
                    0b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C9:95:F2:80:51:A0:6C:E3:C4:E1:ED:FB:C8:9C:DF:F2:4A:12:88
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/KcmV8oBRoGzjxOHt-8ic3_JKEog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.81.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:b8:10:da:35:42:7d:65:24:da:9b:00:10:4d:f4:61:61:e7:
         7e:31:ce:43:02:dc:df:59:3a:95:b2:60:04:63:c3:f9:37:65:
         0e:b6:e4:58:bd:de:09:96:31:db:a4:a1:2c:72:26:e6:c9:88:
         e3:bf:51:49:71:13:1f:16:ed:21:86:1b:fc:86:49:90:b9:4c:
         ef:de:a5:ae:8e:4a:fa:d5:d0:36:e2:7a:f0:bc:cb:e8:75:80:
         11:d4:7c:30:3f:f9:cd:dc:b4:24:71:be:94:14:e2:0e:bc:34:
         40:25:84:87:cf:c0:bc:cb:d3:ec:0f:ff:7f:d2:6d:25:83:e6:
         4e:0c:b0:e6:3d:4e:2d:e3:3f:5b:9b:96:1a:4d:a5:fa:05:74:
         9d:0e:5f:70:64:2f:eb:b6:dc:fb:4f:88:57:cc:e7:df:67:95:
         82:9f:d2:24:76:fb:17:2d:96:e3:36:c7:f5:22:ec:15:2a:cf:
         03:dd:6d:da:35:f3:ed:04:b2:b6:75:39:f9:9b:1b:4a:98:a4:
         f0:bf:fd:01:92:31:b6:80:63:86:c5:50:1e:1f:d9:16:1b:4c:
         11:ad:bc:fa:7d:e5:92:e7:61:f5:bc:87:f8:be:c7:34:10:50:
         48:cd:bb:da:89:8e:64:43:c0:19:48:79:c1:c3:b4:8f:6d:3a:
         e9:3f:67:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57R+xkNNp6J1pQPoZ6KhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM5OTVmMjgwNTFhMDZjZTNjNGUxZWRmYmM4OWNkZmYyNGExMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAullEgIkQaaOxI0GFHzXzlR7W5OBN
WOxv74npJ/+HqUkgDtIBsvdOdH071IvXCaaMkEPayD41Niybwl4ltWd895GWBpUm
l7V8S0HVLxtK1OuepPlEVbCWr3qi2yebqzrOfmACn0WqZGMNGyoZOv3bsB+uBPks
13HkyKO4Oe8Nojx4vlvWkZ7XyB34+NOu7kcWIo6HTC86pSN23XDpDhWJ2TzdrR5c
C3RMgoIEP5xMFrH89yUjrfbbWuAxxU5Wo89xw913qREO4D0caJjePuSYWq78cpSD
hdS2CS6jKY1KBehd6/ZUHqFrbFQSNmDc8DgJdDlh9Tvfwsy2j/JdEd8LYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnJlfKAUaBs48Th7fvInN/yShKIMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvS2NtVjhvQlJvR3pqeE9IdC04aWMzX0pLRW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlFH4MA0G
CSqGSIb3DQEBCwUAA4IBAQAduBDaNUJ9ZSTamwAQTfRhYed+Mc5DAtzfWTqVsmAE
Y8P5N2UOtuRYvd4JljHbpKEscibmyYjjv1FJcRMfFu0hhhv8hkmQuUzv3qWujkr6
1dA24nrwvMvodYAR1HwwP/nN3LQkcb6UFOIOvDRAJYSHz8C8y9PsD/9/0m0lg+ZO
DLDmPU4t4z9bm5YaTaX6BXSdDl9wZC/rttz7T4hXzOffZ5WCn9IkdvsXLZbjNsf1
IuwVKs8D3W3aNfPtBLK2dTn5mxtKmKTwv/0BkjG2gGOGxVAeH9kWG0wRrbz6feWS
52H1vIf4vsc0EFBIzbvaiY5kQ8AZSHnBw7SPbTrpP2dg
-----END CERTIFICATE-----