This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/KLBn-NZE0RYvMwwyNnmNCI892AI.roa
File:                     KLBn-NZE0RYvMwwyNnmNCI892AI.roa (raw, json)
Hash identifier:          LczLO17SD2QsgU7Uq7rv/g0ZD/T3BVzbeJL3HcpGFAY=
Subject key identifier:   28:B0:67:F8:D6:44:D1:16:2F:33:0C:32:36:79:8D:08:8F:3D:D8:02
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82C573BCCE7D2F693F37711FDCDECB
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/KLBn-NZE0RYvMwwyNnmNCI892AI.roa
Signing time:             Fri 02 Jan 2026 16:20:35 +0000
ROA not before:           Fri 02 Jan 2026 16:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202418
IP address blocks:        185.242.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:c5:73:bc:ce:7d:2f:69:3f:37:71:1f:dc:de:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28b067f8d644d1162f330c3236798d088f3dd802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fb:ab:bf:8d:5f:0b:ee:45:c3:79:e3:ed:2e:
                    16:f1:60:04:f4:ba:7b:f4:ca:b9:c6:c9:50:b7:52:
                    a2:4c:7d:92:8a:6a:c6:85:7a:d0:14:0f:d5:8e:a6:
                    d9:2a:a4:fc:e3:13:e7:97:eb:18:1e:eb:81:0d:51:
                    03:be:f7:61:1b:6e:47:b5:e9:12:f9:85:c8:d7:e9:
                    e0:a8:ff:3b:9f:72:76:f5:d1:43:3d:7f:c6:e4:01:
                    e3:0b:ac:1c:cd:1a:60:53:ce:af:4b:fb:75:da:6b:
                    94:04:cc:d4:46:b5:aa:29:2c:a1:ed:f3:29:b6:ac:
                    8a:1b:27:b5:84:c4:ca:6b:43:c6:94:72:03:b2:e1:
                    41:d1:89:8d:68:21:a0:20:1e:33:34:81:88:e9:0f:
                    13:3b:83:5f:ee:b3:29:ac:9f:12:c0:ed:ff:3d:62:
                    46:f9:9c:79:06:fd:04:ff:aa:63:9d:7d:6d:c9:73:
                    52:29:82:a2:3b:cf:cf:77:c9:03:bc:87:f6:fd:db:
                    97:c6:e0:71:ec:7a:42:4d:42:07:f6:ab:af:56:da:
                    94:ca:6c:0a:69:0c:b3:a0:ff:81:a0:15:f0:71:3c:
                    f9:d1:51:d1:43:27:31:42:b7:4c:16:95:1d:5e:88:
                    c1:fc:5f:cc:7d:dd:91:1a:cd:0a:fb:82:75:14:2d:
                    80:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B0:67:F8:D6:44:D1:16:2F:33:0C:32:36:79:8D:08:8F:3D:D8:02
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/KLBn-NZE0RYvMwwyNnmNCI892AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7c:b3:74:8d:33:5b:37:96:10:60:66:1b:3e:b4:52:5a:ef:
         85:9e:87:51:33:9f:4a:c5:12:2b:a7:b4:20:10:60:9e:75:b8:
         d8:8e:34:37:58:6e:46:e5:14:e0:f7:6c:96:e5:b9:9a:4d:8f:
         2a:1d:d0:f1:34:0a:f7:39:2b:f3:d4:b3:e6:1f:de:82:0b:74:
         4d:a9:4b:67:da:c9:a8:69:a0:21:3b:54:dc:7b:ea:e7:f3:78:
         ef:53:ad:2d:d3:4b:01:24:85:5d:f0:55:a1:dd:06:69:26:51:
         d8:5e:0f:a9:28:33:e8:33:95:5b:dd:24:31:86:a9:d1:39:4d:
         e9:6e:73:b2:28:70:eb:99:9c:2a:0f:ad:93:60:77:67:e6:44:
         54:76:b6:4b:5c:a7:26:fc:24:19:51:5a:2a:46:65:f6:0c:bf:
         36:83:95:88:cb:54:bf:9d:92:0b:cd:ef:4d:f5:40:66:70:d0:
         76:14:f5:79:eb:dd:8b:48:74:90:9a:92:7b:e6:80:e1:9c:29:
         a3:2a:69:04:a7:f0:fa:d6:bc:db:6d:c4:87:e1:6a:fa:32:ed:
         13:0f:b7:53:7a:62:8b:3d:bb:93:10:87:dd:fb:98:46:14:3c:
         21:a2:36:4a:f5:22:c3:13:d8:1b:ad:6c:d4:46:b0:3a:0b:72:
         af:89:6a:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gsVzvM59L2k/N3Ef3N7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGIwNjdmOGQ2NDRkMTE2MmYzMzBjMzIzNjc5OGQwODhmM2RkODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vurv41fC+5Fw3nj7S4W8WAE9Lp7
9Mq5xslQt1KiTH2SimrGhXrQFA/VjqbZKqT84xPnl+sYHuuBDVEDvvdhG25HtekS
+YXI1+ngqP87n3J29dFDPX/G5AHjC6wczRpgU86vS/t12muUBMzURrWqKSyh7fMp
tqyKGye1hMTKa0PGlHIDsuFB0YmNaCGgIB4zNIGI6Q8TO4Nf7rMprJ8SwO3/PWJG
+Zx5Bv0E/6pjnX1tyXNSKYKiO8/Pd8kDvIf2/duXxuBx7HpCTUIH9quvVtqUymwK
aQyzoP+BoBXwcTz50VHRQycxQrdMFpUdXojB/F/Mfd2RGs0K+4J1FC2A+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiwZ/jWRNEWLzMMMjZ5jQiPPdgCMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvS0xCbi1OWkUwUll2TXd3eU5ubU5DSTg5MkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLjMA0G
CSqGSIb3DQEBCwUAA4IBAQCIfLN0jTNbN5YQYGYbPrRSWu+FnodRM59KxRIrp7Qg
EGCedbjYjjQ3WG5G5RTg92yW5bmaTY8qHdDxNAr3OSvz1LPmH96CC3RNqUtn2smo
aaAhO1Tce+rn83jvU60t00sBJIVd8FWh3QZpJlHYXg+pKDPoM5Vb3SQxhqnROU3p
bnOyKHDrmZwqD62TYHdn5kRUdrZLXKcm/CQZUVoqRmX2DL82g5WIy1S/nZILze9N
9UBmcNB2FPV5692LSHSQmpJ75oDhnCmjKmkEp/D61rzbbcSH4Wr6Mu0TD7dTemKL
PbuTEIfd+5hGFDwhojZK9SLDE9gbrWzURrA6C3KviWpf
-----END CERTIFICATE-----