This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KpVnZHnF_BPay6WbfzTXxoJYdOY.roa
File:                     KpVnZHnF_BPay6WbfzTXxoJYdOY.roa (raw, json)
Hash identifier:          BrLRLrTiGa+yN+fKdwLLVZuWOjOp87PgodqgDTXxNt4=
Subject key identifier:   2A:95:67:64:79:C5:FC:13:DA:CB:A5:9B:7F:34:D7:C6:82:58:74:E6
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E382328196100231419D2483F6FB01C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KpVnZHnF_BPay6WbfzTXxoJYdOY.roa
Signing time:             Fri 02 Jan 2026 10:19:26 +0000
ROA not before:           Fri 02 Jan 2026 10:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48225
IP address blocks:        5.189.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:23:28:19:61:00:23:14:19:d2:48:3f:6f:b0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a95676479c5fc13dacba59b7f34d7c6825874e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:cc:50:35:87:90:9f:0e:ac:37:ab:33:32:b6:
                    e4:b0:c4:90:c1:cd:06:cd:58:74:91:37:c6:5e:ae:
                    20:3d:aa:74:86:40:c7:e8:de:cd:e9:05:0d:1e:ad:
                    72:1f:9f:42:63:61:37:9c:c8:c2:1f:aa:d1:32:27:
                    00:24:2e:a1:1f:79:39:b1:e2:8b:9c:62:44:87:f7:
                    68:03:55:ff:fe:93:f9:24:af:84:b1:3b:d1:90:2d:
                    d1:88:69:6f:da:b9:3f:d0:85:48:39:16:a0:fe:a0:
                    f1:84:ae:fd:78:af:63:ec:d5:d7:25:97:59:e9:3d:
                    f1:dd:1d:36:2a:4c:7f:25:2f:52:2c:a1:d0:40:54:
                    43:aa:73:34:b7:b3:32:bb:c3:f1:f9:ac:a6:8d:55:
                    0d:33:08:65:92:6e:44:b5:7f:04:28:f4:6d:b8:13:
                    50:ca:52:f4:b4:39:1f:ca:8b:34:f9:e9:82:46:d2:
                    69:16:57:af:bd:d4:45:43:99:24:88:2a:1b:4a:06:
                    88:87:ff:0b:06:2d:57:74:8c:d3:29:3e:3d:f3:3a:
                    0a:27:46:00:3a:37:c5:7d:b4:f9:ca:d8:84:95:61:
                    75:06:0c:d0:f0:50:f8:df:67:5c:e3:90:07:e1:fb:
                    ec:19:73:6d:7d:d6:f5:9f:34:db:5b:0b:53:9a:37:
                    86:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:95:67:64:79:C5:FC:13:DA:CB:A5:9B:7F:34:D7:C6:82:58:74:E6
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KpVnZHnF_BPay6WbfzTXxoJYdOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.189.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:fe:ad:67:01:17:3b:d8:fa:28:04:06:2e:96:25:bf:1b:ed:
         5b:da:e2:a1:c6:c2:77:39:e8:eb:f9:fd:49:b8:30:3c:c9:86:
         6e:dc:87:51:c7:be:06:b1:71:5f:91:92:16:8f:4e:b1:63:28:
         93:50:63:95:79:36:47:8b:29:ad:af:68:69:f3:01:09:7b:3c:
         8d:12:7e:bb:44:3e:5f:e6:f9:c6:cc:ea:64:20:86:0e:56:e4:
         3c:ca:38:58:91:fb:1e:73:92:b2:d0:e9:eb:25:05:1f:fa:d3:
         d5:e0:b8:fa:1e:b2:fe:e1:59:49:1f:70:9d:38:a8:ef:72:22:
         27:eb:55:ea:57:5d:a8:ba:9f:9d:08:98:c0:30:8f:75:90:cb:
         c2:75:d9:13:98:47:fb:88:fb:c6:5c:bd:27:c2:d5:46:db:79:
         04:db:2c:58:45:c9:a3:6c:38:28:70:81:c4:83:b1:e9:43:2b:
         f6:6d:46:af:18:2e:35:37:ec:ad:41:59:3d:59:d3:fd:eb:7e:
         94:80:cd:19:a9:98:66:7c:26:eb:d2:c0:69:ac:0d:c1:7f:19:
         9f:bd:ea:30:19:02:8c:1a:dd:0f:0d:8d:89:08:2a:8d:e7:cf:
         bf:e0:88:49:eb:28:1c:cf:4c:eb:01:87:c0:a5:02:d5:d3:d0:
         3c:f1:6f:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCMoGWEAIxQZ0kg/b7AcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk1Njc2NDc5YzVmYzEzZGFjYmE1OWI3ZjM0ZDdjNjgyNTg3NGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sxQNYeQnw6sN6szMrbksMSQwc0G
zVh0kTfGXq4gPap0hkDH6N7N6QUNHq1yH59CY2E3nMjCH6rRMicAJC6hH3k5seKL
nGJEh/doA1X//pP5JK+EsTvRkC3RiGlv2rk/0IVIORag/qDxhK79eK9j7NXXJZdZ
6T3x3R02Kkx/JS9SLKHQQFRDqnM0t7Myu8Px+aymjVUNMwhlkm5EtX8EKPRtuBNQ
ylL0tDkfyos0+emCRtJpFlevvdRFQ5kkiCobSgaIh/8LBi1XdIzTKT498zoKJ0YA
OjfFfbT5ytiElWF1BgzQ8FD432dc45AH4fvsGXNtfdb1nzTbWwtTmjeGGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqVZ2R5xfwT2sulm38018aCWHTmMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvS3BWblpIbkZfQlBheTZXYmZ6VFh4b0pZZE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABb3bMA0G
CSqGSIb3DQEBCwUAA4IBAQBE/q1nARc72PooBAYuliW/G+1b2uKhxsJ3Oejr+f1J
uDA8yYZu3IdRx74GsXFfkZIWj06xYyiTUGOVeTZHiymtr2hp8wEJezyNEn67RD5f
5vnGzOpkIIYOVuQ8yjhYkfsec5Ky0OnrJQUf+tPV4Lj6HrL+4VlJH3CdOKjvciIn
61XqV12oup+dCJjAMI91kMvCddkTmEf7iPvGXL0nwtVG23kE2yxYRcmjbDgocIHE
g7HpQyv2bUavGC41N+ytQVk9WdP9636UgM0ZqZhmfCbr0sBprA3BfxmfveowGQKM
Gt0PDY2JCCqN58+/4IhJ6ygcz0zrAYfApQLV09A88W9m
-----END CERTIFICATE-----