This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kkHB61WN-CPxZYrzxrTriZ-lqus.roa
File:                     kkHB61WN-CPxZYrzxrTriZ-lqus.roa (raw, json)
Hash identifier:          hsia/UXqwLKul6GnXH8y3H8DDqRsxv/08mEalhRFrp0=
Subject key identifier:   92:41:C1:EB:55:8D:F8:23:F1:65:8A:F3:C6:B4:EB:89:9F:A5:AA:EB
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B356C242A2A883A34D900A2C06D0010
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kkHB61WN-CPxZYrzxrTriZ-lqus.roa
Signing time:             Thu 01 Jan 2026 20:17:37 +0000
ROA not before:           Thu 01 Jan 2026 20:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41461
IP address blocks:        85.120.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:6c:24:2a:2a:88:3a:34:d9:00:a2:c0:6d:00:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9241c1eb558df823f1658af3c6b4eb899fa5aaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f1:70:9b:d7:1a:26:0f:75:bc:e8:43:12:0f:
                    dd:d5:38:d5:5c:69:dd:cd:a2:f5:c8:ab:6d:f3:38:
                    70:a2:50:3a:c6:e8:d9:82:f2:00:e7:36:8d:44:e4:
                    cf:74:cc:4c:e4:41:88:3a:e4:71:00:ad:8b:61:b5:
                    6d:3f:72:35:62:a9:d3:c2:1b:09:bb:af:ae:a8:ce:
                    ca:c2:7f:e5:a2:08:ba:92:4f:c4:6c:26:1e:8e:ef:
                    fc:6d:65:fd:96:1e:30:f1:d0:b0:e1:a4:88:fd:4f:
                    6a:e6:f4:6a:e4:39:40:66:93:eb:28:b9:9f:67:aa:
                    9b:2c:e1:c9:13:28:f4:b1:ca:6b:91:24:46:43:89:
                    49:d0:6e:ad:e9:46:b1:52:5d:8d:d5:77:b9:68:01:
                    9c:c4:45:a2:ad:18:46:76:c0:88:41:05:96:d7:26:
                    06:41:b6:9b:38:31:ce:ea:16:29:3f:97:04:29:6b:
                    b5:f5:c4:b8:0d:ee:2c:b3:b3:7d:ff:9a:1b:02:fd:
                    ff:a1:9e:55:7a:85:ec:4f:d3:6d:af:30:19:a5:e6:
                    9e:48:83:8f:46:38:2e:a1:d0:cc:96:fc:92:e4:b6:
                    37:d0:ec:41:68:ce:38:26:04:2d:ac:eb:4f:e1:44:
                    d6:56:41:5a:9a:b8:b1:b5:c4:4e:9d:10:c2:3f:28:
                    ba:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:41:C1:EB:55:8D:F8:23:F1:65:8A:F3:C6:B4:EB:89:9F:A5:AA:EB
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kkHB61WN-CPxZYrzxrTriZ-lqus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:94:5d:79:a1:f4:05:85:76:66:62:3a:ef:3f:63:45:49:d5:
         e8:a1:0f:cb:45:75:91:3a:a7:7c:de:0d:45:00:96:37:2f:f6:
         7f:19:4f:76:ae:19:79:2f:b9:1d:51:ee:f7:dc:a0:91:16:16:
         a8:f9:3a:3d:16:95:b4:73:7b:f5:3f:5c:78:3e:b2:28:70:28:
         91:9c:38:86:76:d8:33:23:07:2d:f1:b0:fe:c0:9d:83:d4:91:
         39:d5:5f:35:fd:24:c2:de:88:77:3d:d6:f4:16:27:62:d3:27:
         83:73:75:ef:87:6a:8e:f0:ab:16:d8:a2:d6:7f:2c:29:4e:b6:
         a7:d6:8d:e5:24:ec:6b:1c:18:71:23:a8:d7:b3:77:05:f2:84:
         07:8f:f3:b7:4a:26:a3:7f:09:9c:b1:60:ba:08:b6:78:a1:4f:
         e1:5f:7f:57:b5:76:19:2c:ed:32:b7:89:2b:db:96:aa:6e:41:
         0e:c6:40:3d:72:cd:3d:4d:3e:24:48:94:d2:f6:2c:37:eb:c1:
         46:c2:8a:69:13:89:3e:c7:e0:1f:77:7d:27:7c:14:26:03:36:
         a8:93:00:ac:fd:05:62:b6:77:fb:82:ff:6e:12:9e:26:b5:ff:
         55:18:c1:f5:7a:8d:15:17:9b:f2:ba:2d:6a:64:c7:55:34:8e:
         a6:e0:71:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWwkKiqIOjTZAKLAbQAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQxYzFlYjU1OGRmODIzZjE2NThhZjNjNmI0ZWI4OTlmYTVhYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fFwm9caJg91vOhDEg/d1TjVXGnd
zaL1yKtt8zhwolA6xujZgvIA5zaNROTPdMxM5EGIOuRxAK2LYbVtP3I1YqnTwhsJ
u6+uqM7Kwn/logi6kk/EbCYeju/8bWX9lh4w8dCw4aSI/U9q5vRq5DlAZpPrKLmf
Z6qbLOHJEyj0scprkSRGQ4lJ0G6t6UaxUl2N1Xe5aAGcxEWirRhGdsCIQQWW1yYG
QbabODHO6hYpP5cEKWu19cS4De4ss7N9/5obAv3/oZ5VeoXsT9NtrzAZpeaeSIOP
RjguodDMlvyS5LY30OxBaM44JgQtrOtP4UTWVkFamrixtcROnRDCPyi6vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJBwetVjfgj8WWK88a064mfparrMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEva2tIQjYxV04tQ1B4WllyenhyVHJpWi1scXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXjYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGlF15ofQFhXZmYjrvP2NFSdXooQ/LRXWROqd83g1F
AJY3L/Z/GU92rhl5L7kdUe733KCRFhao+To9FpW0c3v1P1x4PrIocCiRnDiGdtgz
Iwct8bD+wJ2D1JE51V81/STC3oh3Pdb0Fidi0yeDc3Xvh2qO8KsW2KLWfywpTran
1o3lJOxrHBhxI6jXs3cF8oQHj/O3SiajfwmcsWC6CLZ4oU/hX39XtXYZLO0yt4kr
25aqbkEOxkA9cs09TT4kSJTS9iw368FGwoppE4k+x+Afd30nfBQmAzaokwCs/QVi
tnf7gv9uEp4mtf9VGMH1eo0VF5vyui1qZMdVNI6m4HFr
-----END CERTIFICATE-----