This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KFFVYsNNqPWQAJzLUu7upcxejWE.roa
File:                     KFFVYsNNqPWQAJzLUu7upcxejWE.roa (raw, json)
Hash identifier:          8llu7QG3tr/4MDRw7HzOB/yEOW7SJf44k0+T9xT388E=
Subject key identifier:   28:51:55:62:C3:4D:A8:F5:90:00:9C:CB:52:EE:EE:A5:CC:5E:8D:61
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C802D4CB0BE5C0F2C276E2C21EBF750
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KFFVYsNNqPWQAJzLUu7upcxejWE.roa
Signing time:             Fri 02 Jan 2026 02:18:53 +0000
ROA not before:           Fri 02 Jan 2026 02:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214560
IP address blocks:        45.134.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 Jan 2026 02:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:2d:4c:b0:be:5c:0f:2c:27:6e:2c:21:eb:f7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28515562c34da8f590009ccb52eeeea5cc5e8d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e4:8e:47:53:6b:5f:f1:b9:5a:63:0f:37:84:
                    31:d9:ac:ae:df:2a:69:69:c8:f4:ad:c8:81:e6:72:
                    82:7d:ae:a0:50:db:0e:44:3a:02:47:9c:23:df:ed:
                    89:52:b5:dc:ac:f8:ca:f9:53:90:cb:8c:63:40:b7:
                    ef:71:07:b8:cb:08:2e:8a:74:d1:2f:16:c4:dd:d9:
                    73:e5:98:be:af:81:42:a8:f2:56:3d:da:ee:0c:5b:
                    51:fc:78:1a:ea:3b:05:0c:b8:a7:02:0e:eb:11:6e:
                    d0:a2:a2:fb:4c:f5:62:43:73:bb:c0:3c:aa:11:51:
                    2e:b0:36:3f:85:a8:c5:2d:38:c0:ce:11:01:35:39:
                    82:47:04:4d:4c:98:ee:b9:9a:bf:92:51:9e:89:0c:
                    b6:76:ed:f2:64:65:69:42:f8:5d:a1:f1:ba:37:db:
                    47:b0:02:8c:09:a1:7a:62:dd:db:c3:68:61:4a:d3:
                    60:11:92:7f:5d:37:93:c9:9f:36:b8:b3:73:23:61:
                    be:f4:3c:7d:0b:ec:25:5c:e7:57:5b:58:bc:b1:f5:
                    81:a0:43:1d:ba:b4:dd:49:66:74:00:8d:b2:f3:28:
                    43:96:ab:28:c1:d4:21:6e:60:5d:a0:2f:48:51:4c:
                    cb:41:0e:5f:01:b7:ca:63:c8:21:6f:83:48:af:f2:
                    79:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:51:55:62:C3:4D:A8:F5:90:00:9C:CB:52:EE:EE:A5:CC:5E:8D:61
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/KFFVYsNNqPWQAJzLUu7upcxejWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e9:bf:4c:b2:c5:f9:04:a5:59:94:bb:b2:be:97:58:ab:9d:
         89:29:f9:ef:6e:65:d9:32:da:2e:e9:80:77:a4:a5:f8:ce:74:
         4d:e5:c8:06:ec:d1:fb:89:2c:00:db:03:9a:cf:7e:41:4f:ff:
         2d:e2:6b:8f:71:c2:d7:3b:fd:90:98:9c:bf:2c:22:89:d5:05:
         37:2d:a2:f3:ba:26:c2:82:a4:a3:c2:f2:d0:c9:27:08:10:ec:
         87:15:97:9a:70:a6:38:81:cf:cc:e1:22:a3:fc:58:9a:37:56:
         47:62:66:58:0c:73:1a:0d:d2:bc:67:7e:28:f1:3d:61:87:ea:
         ad:cd:69:7f:5c:98:58:b4:81:68:2a:7d:01:e6:c3:50:20:a7:
         5d:26:f6:6a:43:56:b3:dd:d2:6a:a6:d5:ec:35:b9:f7:8f:dd:
         4a:e9:7b:90:cb:cd:9d:e1:63:7f:50:98:24:af:87:94:4f:45:
         b2:96:af:f8:c2:5f:2c:3c:2f:98:ec:1d:fc:2e:71:c6:9c:bd:
         09:63:59:58:19:f2:e1:70:27:dc:93:b2:83:67:86:4a:73:f7:
         de:48:10:a7:bd:a2:16:50:06:1b:94:33:61:6d:28:b5:c8:6a:
         53:66:50:65:40:c8:0f:48:eb:f1:74:1d:05:a4:83:23:3d:d9:
         ab:a9:95:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gC1MsL5cDywnbiwh6/dQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODUxNTU2MmMzNGRhOGY1OTAwMDljY2I1MmVlZWVhNWNjNWU4ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreSOR1NrX/G5WmMPN4Qx2ayu3ypp
acj0rciB5nKCfa6gUNsORDoCR5wj3+2JUrXcrPjK+VOQy4xjQLfvcQe4ywguinTR
LxbE3dlz5Zi+r4FCqPJWPdruDFtR/Hga6jsFDLinAg7rEW7QoqL7TPViQ3O7wDyq
EVEusDY/hajFLTjAzhEBNTmCRwRNTJjuuZq/klGeiQy2du3yZGVpQvhdofG6N9tH
sAKMCaF6Yt3bw2hhStNgEZJ/XTeTyZ82uLNzI2G+9Dx9C+wlXOdXW1i8sfWBoEMd
urTdSWZ0AI2y8yhDlqsowdQhbmBdoC9IUUzLQQ5fAbfKY8ghb4NIr/J5JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChRVWLDTaj1kACcy1Lu7qXMXo1hMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvS0ZGVllzTk5xUFdRQUp6TFV1N3VwY3hlaldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYmMA0G
CSqGSIb3DQEBCwUAA4IBAQCY6b9MssX5BKVZlLuyvpdYq52JKfnvbmXZMtou6YB3
pKX4znRN5cgG7NH7iSwA2wOaz35BT/8t4muPccLXO/2QmJy/LCKJ1QU3LaLzuibC
gqSjwvLQyScIEOyHFZeacKY4gc/M4SKj/FiaN1ZHYmZYDHMaDdK8Z34o8T1hh+qt
zWl/XJhYtIFoKn0B5sNQIKddJvZqQ1az3dJqptXsNbn3j91K6XuQy82d4WN/UJgk
r4eUT0Wylq/4wl8sPC+Y7B38LnHGnL0JY1lYGfLhcCfck7KDZ4ZKc/feSBCnvaIW
UAYblDNhbSi1yGpTZlBlQMgPSOvxdB0FpIMjPdmrqZVE
-----END CERTIFICATE-----