This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/cBSRB4O0rt965GGsn8A2s4pg_DA.roa
File:                     cBSRB4O0rt965GGsn8A2s4pg_DA.roa (raw, json)
Hash identifier:          uu3le68VCrwbgy10AnjrGBO0DA+D/b5MUJEn6iEvayk=
Subject key identifier:   70:14:91:07:83:B4:AE:DF:7A:E4:61:AC:9F:C0:36:B3:8A:60:FC:30
Certificate issuer:       /CN=92680145cfb2371ecf4c364726b64708572c4223
Certificate serial:       019B7C7F693E18DA3C9EF66B6D70009E1372
Authority key identifier: 92:68:01:45:CF:B2:37:1E:CF:4C:36:47:26:B6:47:08:57:2C:42:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmgBRc-yNx7PTDZHJrZHCFcsQiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/cBSRB4O0rt965GGsn8A2s4pg_DA.roa
Signing time:             Fri 02 Jan 2026 02:18:03 +0000
ROA not before:           Fri 02 Jan 2026 02:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39457
IP address blocks:        193.84.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/kmgBRc-yNx7PTDZHJrZHCFcsQiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/kmgBRc-yNx7PTDZHJrZHCFcsQiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmgBRc-yNx7PTDZHJrZHCFcsQiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:69:3e:18:da:3c:9e:f6:6b:6d:70:00:9e:13:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92680145cfb2371ecf4c364726b64708572c4223
        Validity
            Not Before: Jan  2 02:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7014910783b4aedf7ae461ac9fc036b38a60fc30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0e:61:ce:34:c2:75:8d:ae:bb:05:2b:07:e6:
                    6e:f6:e1:51:8a:be:b6:7b:3e:f5:71:be:55:a1:06:
                    c5:65:63:54:0e:95:71:84:55:dd:9e:cd:81:89:09:
                    b7:52:24:db:21:e7:73:95:67:04:31:b2:59:07:0d:
                    1a:c7:8b:e7:31:86:5f:1e:dd:b8:7f:a1:8d:8d:1b:
                    a9:24:1f:6d:ac:18:ad:00:cc:57:e7:a2:f9:5e:89:
                    77:01:75:61:92:0a:62:a9:71:42:a5:21:e7:26:d9:
                    0f:10:7c:5b:36:e4:d8:20:22:33:ef:d7:1e:55:a0:
                    2d:83:f3:6c:f0:23:f7:7d:3d:0f:0b:ab:0c:fe:1e:
                    94:6a:26:a0:cf:dc:26:79:48:98:df:37:8f:6e:8a:
                    e2:cd:c5:b6:d7:96:8d:96:ea:09:e3:b2:c4:11:79:
                    6a:ba:b4:02:96:77:b6:7a:f8:1d:b3:60:de:b8:51:
                    7e:be:fd:95:bf:12:01:29:39:4d:64:df:81:83:d7:
                    2e:90:47:94:90:12:f8:d0:9b:6a:5d:4d:c2:7f:50:
                    3c:83:a3:11:95:1e:0a:da:a7:61:ab:99:5c:42:37:
                    9b:9f:41:ee:2b:9a:fa:dc:d3:11:0e:5f:48:b0:0e:
                    cd:d2:0f:38:c8:e5:83:7e:3f:0c:be:62:cf:9a:8e:
                    55:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:14:91:07:83:B4:AE:DF:7A:E4:61:AC:9F:C0:36:B3:8A:60:FC:30
            X509v3 Authority Key Identifier:
                keyid:92:68:01:45:CF:B2:37:1E:CF:4C:36:47:26:B6:47:08:57:2C:42:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmgBRc-yNx7PTDZHJrZHCFcsQiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/cBSRB4O0rt965GGsn8A2s4pg_DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/13f69a-0bbd-4595-8a44-13d7bebf47ba/1/kmgBRc-yNx7PTDZHJrZHCFcsQiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:70:c4:28:24:ff:05:f3:fe:07:05:dc:ad:ac:b5:2b:5a:1a:
         77:42:d3:79:17:27:d7:14:1d:0f:1d:a4:2d:34:0f:83:25:d9:
         e7:3d:b0:2e:0c:80:07:c9:4b:cc:b4:f8:27:ab:2a:8a:22:e2:
         d9:4a:1f:ea:70:11:fe:e0:36:14:9a:2c:de:11:e3:48:10:ae:
         7d:1b:00:32:c0:6d:72:3d:c8:8b:12:74:5b:71:a6:8d:a3:0a:
         76:e6:29:ae:c9:97:13:d4:4b:36:ae:70:1f:80:49:fe:70:6c:
         8e:81:a1:56:26:48:b0:7c:62:3a:92:d2:0c:c2:ee:e4:37:5e:
         ec:b6:39:17:30:6a:4b:b9:7f:2b:fe:93:ec:c0:d5:1d:98:c9:
         61:fe:74:18:bf:dd:45:92:c2:cd:e1:cc:86:23:11:eb:d8:fd:
         ed:08:4f:99:2c:fb:f2:db:d3:ed:92:3b:cf:d2:31:68:00:72:
         40:3a:9c:aa:26:b8:55:3c:40:06:3a:69:ce:47:a3:9e:37:29:
         2d:3b:af:26:70:7d:0e:03:69:4a:d8:ce:c6:5e:54:fa:3d:89:
         a0:55:2c:08:00:17:f6:a8:a3:9e:13:a6:01:2d:ce:32:93:61:
         41:4b:9a:3a:68:95:8e:db:97:6c:82:b8:16:39:8a:9f:83:be:
         8e:a3:3f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f2k+GNo8nvZrbXAAnhNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjgwMTQ1Y2ZiMjM3MWVjZjRjMzY0NzI2YjY0NzA4NTcy
YzQyMjMwHhcNMjYwMTAyMDIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE0OTEwNzgzYjRhZWRmN2FlNDYxYWM5ZmMwMzZiMzhhNjBmYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ5hzjTCdY2uuwUrB+Zu9uFRir62
ez71cb5VoQbFZWNUDpVxhFXdns2BiQm3UiTbIedzlWcEMbJZBw0ax4vnMYZfHt24
f6GNjRupJB9trBitAMxX56L5Xol3AXVhkgpiqXFCpSHnJtkPEHxbNuTYICIz79ce
VaAtg/Ns8CP3fT0PC6sM/h6Uaiagz9wmeUiY3zePborizcW215aNluoJ47LEEXlq
urQClne2evgds2DeuFF+vv2VvxIBKTlNZN+Bg9cukEeUkBL40JtqXU3Cf1A8g6MR
lR4K2qdhq5lcQjebn0HuK5r63NMRDl9IsA7N0g84yOWDfj8MvmLPmo5V1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAUkQeDtK7feuRhrJ/ANrOKYPwwMB8GA1UdIwQY
MBaAFJJoAUXPsjcez0w2Rya2RwhXLEIjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21nQlJjLXlOeDdQVERaSEpyWkhDRmNzUWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xM2Y2OWEtMGJiZC00NTk1LThhNDQt
MTNkN2JlYmY0N2JhLzEvY0JTUkI0TzBydDk2NUdHc244QTJzNHBnX0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xM2Y2OWEtMGJiZC00NTk1LThhNDQtMTNkN2JlYmY0N2Jh
LzEva21nQlJjLXlOeDdQVERaSEpyWkhDRmNzUWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVQZMA0G
CSqGSIb3DQEBCwUAA4IBAQB3cMQoJP8F8/4HBdytrLUrWhp3QtN5FyfXFB0PHaQt
NA+DJdnnPbAuDIAHyUvMtPgnqyqKIuLZSh/qcBH+4DYUmizeEeNIEK59GwAywG1y
PciLEnRbcaaNowp25imuyZcT1Es2rnAfgEn+cGyOgaFWJkiwfGI6ktIMwu7kN17s
tjkXMGpLuX8r/pPswNUdmMlh/nQYv91FksLN4cyGIxHr2P3tCE+ZLPvy29PtkjvP
0jFoAHJAOpyqJrhVPEAGOmnOR6OeNyktO68mcH0OA2lK2M7GXlT6PYmgVSwIABf2
qKOeE6YBLc4yk2FBS5o6aJWO25dsgrgWOYqfg76Ooz/0
-----END CERTIFICATE-----