This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfQzsYbrG-cr7VRAfEYT0ZSmYT4.roa
File:                     KfQzsYbrG-cr7VRAfEYT0ZSmYT4.roa (raw, json)
Hash identifier:          HILZvB4mwf3Ra0r1c0aAVU0nwCuGLiNLlLA4VHRHuxI=
Subject key identifier:   29:F4:33:B1:86:EB:1B:E7:2B:ED:54:40:7C:46:13:D1:94:A6:61:3E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15E327B369163D44C7ED60378D73D9
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfQzsYbrG-cr7VRAfEYT0ZSmYT4.roa
Signing time:             Fri 02 Jan 2026 14:21:39 +0000
ROA not before:           Fri 02 Jan 2026 14:21:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44547
IP address blocks:        5.181.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e3:27:b3:69:16:3d:44:c7:ed:60:37:8d:73:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29f433b186eb1be72bed54407c4613d194a6613e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9e:71:d3:ff:9b:89:23:8c:24:7f:f9:93:07:
                    48:8f:da:91:76:97:73:6b:b8:d5:93:e2:de:bf:4f:
                    d1:fa:fc:95:14:98:11:d2:25:94:67:ef:ff:e3:c7:
                    f7:9c:11:7c:e1:c8:8e:7e:7f:af:79:ec:cd:b3:da:
                    6a:26:a4:b4:06:b8:6d:e4:26:f2:e5:47:db:d9:bc:
                    14:f6:12:e6:12:23:c3:25:78:4f:8e:85:58:cf:b6:
                    b1:9a:ab:f2:0d:cb:f8:8d:bd:69:e0:07:4b:e2:9d:
                    bd:d9:85:f3:40:4a:2b:57:7b:5b:71:19:f7:37:65:
                    ec:30:19:3e:5a:4e:07:96:2d:0d:58:5e:e4:b7:0e:
                    5e:f5:a2:d1:8b:ac:cf:2e:90:ed:1a:70:5b:44:5b:
                    50:ed:d3:e5:ab:b1:d8:b3:31:fa:7a:f6:ef:cf:41:
                    9d:75:2d:27:d7:25:74:ba:55:91:19:31:5c:f6:8c:
                    d8:b1:7b:37:1f:e0:8c:69:ba:68:90:d0:28:41:8b:
                    e4:de:25:ec:10:83:34:da:4f:9c:12:63:8d:9f:19:
                    ab:b7:a0:84:01:aa:42:e4:bb:b9:34:bb:0c:81:25:
                    1d:9c:c2:85:41:80:c7:c0:ea:6f:0a:a5:a7:90:0a:
                    bb:99:98:12:0a:a0:d0:0d:2a:7a:27:ec:cb:5f:fc:
                    4f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F4:33:B1:86:EB:1B:E7:2B:ED:54:40:7C:46:13:D1:94:A6:61:3E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KfQzsYbrG-cr7VRAfEYT0ZSmYT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fc:00:2e:f1:33:be:0d:04:f8:df:c4:89:9a:be:73:6a:5b:
         41:28:c3:32:71:45:95:6a:84:9e:3c:a8:ad:36:d7:71:43:60:
         59:fd:2f:71:aa:ab:a8:00:d5:14:81:0f:74:98:72:d2:cd:9c:
         39:7b:c6:88:f5:50:cc:7b:a1:be:b9:5a:23:d7:08:de:ea:ab:
         42:fe:f3:78:49:d2:dc:5c:9d:ae:ff:21:f0:11:62:94:26:4e:
         96:48:70:e8:c5:6f:b6:51:fb:9f:5b:b3:0c:7b:65:76:f3:d9:
         d8:55:6c:eb:5f:fe:a6:6b:88:b5:79:6d:97:aa:43:32:29:73:
         3a:53:91:82:e8:d5:dd:e6:e2:79:19:26:33:b1:1d:02:09:8e:
         6c:32:48:83:ac:3b:5c:a2:28:07:97:48:b0:e6:b4:e2:99:35:
         1c:36:ca:81:05:4b:60:b0:fb:b0:18:84:a2:30:d5:7c:4d:ee:
         9a:2c:0c:ce:e0:88:71:d3:07:98:18:73:94:9f:c6:10:e2:65:
         f1:a5:fc:38:e8:00:9e:25:7a:4e:37:c2:e3:22:8e:1c:fc:7a:
         19:d4:6f:f2:06:b2:2e:6d:9c:24:f4:a9:63:e3:31:74:8c:0f:
         67:0e:8d:4e:a7:fa:fa:01:c4:ee:d3:a0:e9:de:cf:ee:42:db:
         9a:43:2b:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FeMns2kWPUTH7WA3jXPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY0MzNiMTg2ZWIxYmU3MmJlZDU0NDA3YzQ2MTNkMTk0YTY2MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ5x0/+biSOMJH/5kwdIj9qRdpdz
a7jVk+Lev0/R+vyVFJgR0iWUZ+//48f3nBF84ciOfn+veezNs9pqJqS0Brht5Cby
5Ufb2bwU9hLmEiPDJXhPjoVYz7axmqvyDcv4jb1p4AdL4p292YXzQEorV3tbcRn3
N2XsMBk+Wk4Hli0NWF7ktw5e9aLRi6zPLpDtGnBbRFtQ7dPlq7HYszH6evbvz0Gd
dS0n1yV0ulWRGTFc9ozYsXs3H+CMabpokNAoQYvk3iXsEIM02k+cEmONnxmrt6CE
AapC5Lu5NLsMgSUdnMKFQYDHwOpvCqWnkAq7mZgSCqDQDSp6J+zLX/xPQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn0M7GG6xvnK+1UQHxGE9GUpmE+MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvS2ZRenNZYnJHLWNyN1ZSQWZFWVQwWlNtWVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbVXMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ/AAu8TO+DQT438SJmr5zaltBKMMycUWVaoSePKit
NtdxQ2BZ/S9xqquoANUUgQ90mHLSzZw5e8aI9VDMe6G+uVoj1wje6qtC/vN4SdLc
XJ2u/yHwEWKUJk6WSHDoxW+2UfufW7MMe2V289nYVWzrX/6ma4i1eW2XqkMyKXM6
U5GC6NXd5uJ5GSYzsR0CCY5sMkiDrDtcoigHl0iw5rTimTUcNsqBBUtgsPuwGISi
MNV8Te6aLAzO4Ihx0weYGHOUn8YQ4mXxpfw46ACeJXpON8LjIo4c/HoZ1G/yBrIu
bZwk9Klj4zF0jA9nDo1Op/r6AcTu06Dp3s/uQtuaQysM
-----END CERTIFICATE-----