This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/K1WYHWxT9hUhyCzFRd3qp6J1SRo.roa
File:                     K1WYHWxT9hUhyCzFRd3qp6J1SRo.roa (raw, json)
Hash identifier:          ofCgYNoPNZP6vNBlI2XsxCW6wFsFBZey/s584doB1q4=
Subject key identifier:   2B:55:98:1D:6C:53:F6:15:21:C8:2C:C5:45:DD:EA:A7:A2:75:49:1A
Certificate issuer:       /CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
Certificate serial:       019B7AC867005E7A35B667B9D0DDFADDABEF
Authority key identifier: CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/K1WYHWxT9hUhyCzFRd3qp6J1SRo.roa
Signing time:             Thu 01 Jan 2026 18:18:32 +0000
ROA not before:           Thu 01 Jan 2026 18:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31400
IP address blocks:        193.107.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:67:00:5e:7a:35:b6:67:b9:d0:dd:fa:dd:ab:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
        Validity
            Not Before: Jan  1 18:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b55981d6c53f61521c82cc545ddeaa7a275491a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f7:51:70:10:2e:fd:e6:3e:0f:66:a2:f5:91:
                    f6:6a:29:e4:1c:7e:64:0c:f7:07:e5:ea:55:0d:9e:
                    18:00:2e:a1:f8:c0:3d:bf:fc:e1:8f:fc:fc:d2:d0:
                    2e:c7:fa:0e:c4:ce:0c:69:61:8b:cb:ca:ec:44:64:
                    40:62:a5:be:c0:a9:a1:f3:81:d3:46:ec:81:76:4e:
                    34:74:57:29:e3:dd:af:dd:46:8c:47:8e:fd:a7:5c:
                    86:f4:de:b5:19:13:03:06:56:7b:9c:d1:26:0e:43:
                    f0:9a:82:9d:27:cf:41:61:30:3e:aa:30:58:91:88:
                    a4:70:d3:f5:01:ef:fb:e6:9e:e4:f9:8c:24:1f:af:
                    8b:65:3d:7f:18:18:75:6b:4c:80:93:6d:df:9c:10:
                    c0:6f:79:51:8a:4c:47:74:5c:d9:5d:de:32:90:07:
                    ec:2d:ab:b8:a0:2b:4a:8a:1f:fe:33:68:eb:b0:c9:
                    e2:5e:f7:4b:29:a8:3f:dd:8c:79:8c:b3:02:b1:f4:
                    b3:d4:1f:40:f0:53:cc:12:7a:7b:62:f8:c5:c3:6a:
                    58:3e:68:e3:9e:94:cb:79:e7:88:07:e4:2e:d3:20:
                    06:ab:93:d9:36:0d:d6:2c:60:c4:85:94:74:3a:be:
                    c9:5b:a6:c8:fa:30:0d:a1:8e:ba:cd:5b:4e:a3:60:
                    c6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:55:98:1D:6C:53:F6:15:21:C8:2C:C5:45:DD:EA:A7:A2:75:49:1A
            X509v3 Authority Key Identifier:
                keyid:CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/K1WYHWxT9hUhyCzFRd3qp6J1SRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:e0:c2:f8:dd:56:e3:db:75:da:eb:7b:c7:d2:dc:b0:48:a1:
         6a:07:17:11:0f:16:94:43:90:a5:ae:0d:e4:11:74:45:e0:ca:
         70:d4:05:5e:12:fb:c4:9c:05:39:85:5d:cb:12:2e:41:ab:39:
         57:b0:7d:1f:3a:b2:f1:0b:53:e2:6c:ea:c9:12:aa:e8:ac:a1:
         e9:65:42:7a:59:fc:01:ab:81:e5:46:53:14:ac:8e:f7:95:99:
         73:f1:de:01:ea:b9:f7:68:09:04:7b:eb:71:e0:fe:bb:88:b8:
         4a:a9:62:8e:07:05:c9:fc:ad:16:48:73:bc:6c:84:3f:c8:d5:
         2b:69:4f:36:8b:34:51:26:cf:78:fb:d3:5c:b6:2e:a7:5c:2b:
         47:73:0e:51:1b:9f:cf:51:5d:82:38:be:47:2c:78:5a:84:13:
         3a:82:98:74:2b:8b:8a:4e:66:7b:48:1f:0c:10:c9:ea:14:1f:
         05:96:06:e5:7f:20:58:07:4c:e3:9f:f6:8f:eb:d8:d9:1c:5b:
         bb:99:4f:aa:de:84:e0:10:6d:41:80:2e:af:73:2b:14:fa:41:
         43:9e:53:75:7c:e0:fc:4f:51:4e:7e:26:85:15:ff:77:9c:f5:
         7b:61:d8:a6:cd:a9:9c:5a:d8:6f:ca:f1:4e:45:8c:45:93:fc:
         3c:e9:32:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yGcAXno1tme50N363avvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlY2QzOTFjNjYwYzNlNTdjNTNiODdjMGI1MmVjMGQyZjJm
NDI3NzUwHhcNMjYwMTAxMTgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjU1OTgxZDZjNTNmNjE1MjFjODJjYzU0NWRkZWFhN2EyNzU0OTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvdRcBAu/eY+D2ai9ZH2ainkHH5k
DPcH5epVDZ4YAC6h+MA9v/zhj/z80tAux/oOxM4MaWGLy8rsRGRAYqW+wKmh84HT
RuyBdk40dFcp492v3UaMR479p1yG9N61GRMDBlZ7nNEmDkPwmoKdJ89BYTA+qjBY
kYikcNP1Ae/75p7k+YwkH6+LZT1/GBh1a0yAk23fnBDAb3lRikxHdFzZXd4ykAfs
Lau4oCtKih/+M2jrsMniXvdLKag/3Yx5jLMCsfSz1B9A8FPMEnp7YvjFw2pYPmjj
npTLeeeIB+Qu0yAGq5PZNg3WLGDEhZR0Or7JW6bI+jANoY66zVtOo2DGyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtVmB1sU/YVIcgsxUXd6qeidUkaMB8GA1UdIwQY
MBaAFM7NORxmDD5XxTuHwLUuwNLy9Cd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEt
YTRkMzU5ZDkxMjUxLzEvSzFXWUhXeFQ5aFVoeUN6RlJkM3FwNkoxU1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEtYTRkMzU5ZDkxMjUx
LzEvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWt4MA0G
CSqGSIb3DQEBCwUAA4IBAQAF4ML43Vbj23Xa63vH0tywSKFqBxcRDxaUQ5Clrg3k
EXRF4Mpw1AVeEvvEnAU5hV3LEi5BqzlXsH0fOrLxC1PibOrJEqrorKHpZUJ6WfwB
q4HlRlMUrI73lZlz8d4B6rn3aAkEe+tx4P67iLhKqWKOBwXJ/K0WSHO8bIQ/yNUr
aU82izRRJs94+9Ncti6nXCtHcw5RG5/PUV2COL5HLHhahBM6gph0K4uKTmZ7SB8M
EMnqFB8FlgblfyBYB0zjn/aP69jZHFu7mU+q3oTgEG1BgC6vcysU+kFDnlN1fOD8
T1FOfiaFFf93nPV7YdimzamcWthvyvFORYxFk/w86TJY
-----END CERTIFICATE-----