This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/KfYGsusnHllzc3HN92AAdqUVjQo.roa
File:                     KfYGsusnHllzc3HN92AAdqUVjQo.roa (raw, json)
Hash identifier:          gW3c/fjZpWHlQkkjPS1/2ufW3e6QoYfqV4VH4SK5fWk=
Subject key identifier:   29:F6:06:B2:EB:27:1E:59:73:73:71:CD:F7:60:00:76:A5:15:8D:0A
Certificate issuer:       /CN=b11157c98f26279fc3eed2dab3cf118372bdbe1b
Certificate serial:       019B7EA50DD4F79FFCC93A9FDDC392583D73
Authority key identifier: B1:11:57:C9:8F:26:27:9F:C3:EE:D2:DA:B3:CF:11:83:72:BD:BE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRFXyY8mJ5_D7tLas88Rg3K9vhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/KfYGsusnHllzc3HN92AAdqUVjQo.roa
Signing time:             Fri 02 Jan 2026 12:18:24 +0000
ROA not before:           Fri 02 Jan 2026 12:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2116
IP address blocks:        193.23.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/sRFXyY8mJ5_D7tLas88Rg3K9vhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/sRFXyY8mJ5_D7tLas88Rg3K9vhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRFXyY8mJ5_D7tLas88Rg3K9vhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:0d:d4:f7:9f:fc:c9:3a:9f:dd:c3:92:58:3d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b11157c98f26279fc3eed2dab3cf118372bdbe1b
        Validity
            Not Before: Jan  2 12:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29f606b2eb271e59737371cdf7600076a5158d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8b:da:fc:98:a0:89:b5:88:7d:d9:0f:e7:8b:
                    df:6f:b6:a5:c4:54:01:73:2a:55:e7:7f:f0:ad:67:
                    72:7f:fd:09:80:1a:1e:06:0e:74:87:1b:27:dd:58:
                    c9:33:2d:4c:7e:ba:93:dc:57:e3:57:bb:1c:48:74:
                    08:0f:75:67:7e:d8:43:8d:03:55:56:d8:43:48:b4:
                    66:d1:55:dc:9e:ee:d4:2a:59:ff:d7:f6:03:09:a1:
                    b4:ad:cf:fb:a4:8d:9b:ee:82:28:84:c0:8e:6f:2e:
                    a0:45:b4:a5:cb:9f:43:1f:94:2b:a3:0d:20:b4:73:
                    b1:f6:bb:24:6d:d2:e4:50:32:55:46:6a:33:af:0c:
                    92:64:5d:63:24:24:d6:11:e3:c3:1a:e1:67:d9:2d:
                    c3:8a:84:cd:7d:80:19:5b:0c:aa:8d:2e:ed:2a:de:
                    4f:08:1f:86:21:a9:db:86:64:16:a9:94:3b:32:9f:
                    f2:50:7e:8b:e4:46:d3:ab:fc:92:21:55:be:24:4f:
                    ef:b7:f0:1e:01:1f:3b:e5:79:70:11:6a:cf:2e:d0:
                    11:fe:bb:be:76:72:de:7c:7d:0f:1d:44:21:06:a5:
                    80:1d:0a:24:f7:5b:a5:b5:a0:0a:3a:66:51:13:39:
                    97:a6:ed:a9:73:fb:ea:ae:09:4a:83:2c:fd:d2:b9:
                    ae:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F6:06:B2:EB:27:1E:59:73:73:71:CD:F7:60:00:76:A5:15:8D:0A
            X509v3 Authority Key Identifier:
                keyid:B1:11:57:C9:8F:26:27:9F:C3:EE:D2:DA:B3:CF:11:83:72:BD:BE:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRFXyY8mJ5_D7tLas88Rg3K9vhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/KfYGsusnHllzc3HN92AAdqUVjQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/sRFXyY8mJ5_D7tLas88Rg3K9vhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:d6:92:5c:c6:01:ca:cc:94:47:be:97:23:ce:56:19:a1:cd:
         29:f1:bc:0f:78:47:83:9f:bd:92:f9:77:d5:02:79:64:09:33:
         88:35:59:14:b4:e1:c7:ec:3d:49:65:8f:fc:70:81:6a:d9:4b:
         90:38:be:b2:9d:f7:41:b4:ed:52:a7:d1:4b:a6:a3:b0:c2:01:
         2b:e9:17:ee:09:94:66:de:14:bf:64:1e:a0:d4:8d:2e:4d:d5:
         bf:02:72:06:28:ae:dd:7a:b5:05:89:03:68:aa:6f:3d:4b:89:
         77:dd:3a:25:ee:b2:59:00:80:f9:6c:6c:d5:37:af:90:79:17:
         8d:64:a1:3b:3e:93:50:97:d6:f4:d1:2c:c8:1b:d1:96:4e:97:
         13:65:38:89:65:05:ac:fe:41:a8:86:f5:92:8f:42:20:1d:3b:
         86:48:b4:e3:6b:27:0e:d6:fb:fb:95:5b:c2:1f:7e:5a:58:87:
         34:4a:28:c7:d7:2b:24:f1:69:28:02:34:c7:9c:ac:64:16:98:
         c7:0d:dc:79:6a:1e:85:37:93:bd:b9:26:54:66:09:b1:3f:41:
         cf:35:df:b4:ef:5f:bf:16:9c:ce:cb:bd:a0:2c:14:53:c5:60:
         50:f2:ec:74:81:d1:78:84:b9:9e:14:3e:99:5b:d1:32:ec:4e:
         4b:76:47:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pQ3U95/8yTqf3cOSWD1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMTE1N2M5OGYyNjI3OWZjM2VlZDJkYWIzY2YxMTgzNzJi
ZGJlMWIwHhcNMjYwMTAyMTIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY2MDZiMmViMjcxZTU5NzM3MzcxY2RmNzYwMDA3NmE1MTU4ZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIva/JigibWIfdkP54vfb7alxFQB
cypV53/wrWdyf/0JgBoeBg50hxsn3VjJMy1MfrqT3FfjV7scSHQID3VnfthDjQNV
VthDSLRm0VXcnu7UKln/1/YDCaG0rc/7pI2b7oIohMCOby6gRbSly59DH5Qrow0g
tHOx9rskbdLkUDJVRmozrwySZF1jJCTWEePDGuFn2S3DioTNfYAZWwyqjS7tKt5P
CB+GIanbhmQWqZQ7Mp/yUH6L5EbTq/ySIVW+JE/vt/AeAR875XlwEWrPLtAR/ru+
dnLefH0PHUQhBqWAHQok91ultaAKOmZREzmXpu2pc/vqrglKgyz90rmukQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn2BrLrJx5Zc3NxzfdgAHalFY0KMB8GA1UdIwQY
MBaAFLERV8mPJiefw+7S2rPPEYNyvb4bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JGWHlZOG1KNV9EN3RMYXM4OFJnM0s5dmhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81MjFhNzQtZWJjOS00MjY3LWIwNDYt
ZTBhY2FjYzEwZWY1LzEvS2ZZR3N1c25IbGx6YzNITjkyQUFkcVVWalFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81MjFhNzQtZWJjOS00MjY3LWIwNDYtZTBhY2FjYzEwZWY1
LzEvc1JGWHlZOG1KNV9EN3RMYXM4OFJnM0s5dmhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRflMA0G
CSqGSIb3DQEBCwUAA4IBAQCA1pJcxgHKzJRHvpcjzlYZoc0p8bwPeEeDn72S+XfV
AnlkCTOINVkUtOHH7D1JZY/8cIFq2UuQOL6ynfdBtO1Sp9FLpqOwwgEr6RfuCZRm
3hS/ZB6g1I0uTdW/AnIGKK7derUFiQNoqm89S4l33Tol7rJZAID5bGzVN6+QeReN
ZKE7PpNQl9b00SzIG9GWTpcTZTiJZQWs/kGohvWSj0IgHTuGSLTjaycO1vv7lVvC
H35aWIc0SijH1ysk8WkoAjTHnKxkFpjHDdx5ah6FN5O9uSZUZgmxP0HPNd+071+/
FpzOy72gLBRTxWBQ8ux0gdF4hLmeFD6ZW9Ey7E5LdkfA
-----END CERTIFICATE-----