This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/KKcG59VmFqQ4cXd0BBLDjoayHpI.roa
File:                     KKcG59VmFqQ4cXd0BBLDjoayHpI.roa (raw, json)
Hash identifier:          I8RNIw+sEHGZn2p4ZlnQNs1qXyAS/e9dFOjjqFagY3w=
Subject key identifier:   28:A7:06:E7:D5:66:16:A4:38:71:77:74:04:12:C3:8E:86:B2:1E:92
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019B7AC7E54FB8C2A6BEB9ACBF77DED312F6
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/KKcG59VmFqQ4cXd0BBLDjoayHpI.roa
Signing time:             Thu 01 Jan 2026 18:17:59 +0000
ROA not before:           Thu 01 Jan 2026 18:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        80.174.224.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:e5:4f:b8:c2:a6:be:b9:ac:bf:77:de:d3:12:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Jan  1 18:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28a706e7d56616a4387177740412c38e86b21e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:2f:ef:fb:1d:e7:14:b2:97:fa:9c:39:dd:
                    38:cc:6a:cf:13:92:ac:8f:10:0d:c1:c1:6b:dc:6d:
                    77:bf:48:0f:95:9a:f7:21:cb:5a:ed:79:4e:43:70:
                    7f:36:59:41:67:7a:59:ee:d4:7f:94:06:3c:20:46:
                    ef:85:96:94:0d:4b:28:5f:03:94:40:13:09:87:87:
                    1e:f0:cc:32:b0:10:a6:c9:3e:6c:a3:d5:0c:ce:20:
                    17:18:ff:d1:0c:a2:2b:16:3e:2e:53:9c:0a:10:6e:
                    67:49:e0:cd:59:f9:ce:a0:52:e6:a5:7a:43:c3:63:
                    fb:da:18:47:4a:70:98:3a:7c:6a:83:45:b9:73:ba:
                    4b:42:39:72:c1:ba:04:d3:1e:6a:51:cb:2d:14:6e:
                    3b:5f:c9:cd:06:d8:05:28:12:0b:ab:49:26:0b:0f:
                    fb:6e:4a:d6:6b:b6:5a:cf:bd:e0:00:7b:78:90:0b:
                    5a:4b:ae:f3:d5:3a:c3:0d:d7:89:2a:1c:88:66:ca:
                    60:ef:69:94:d6:e2:57:96:78:01:87:79:f5:c0:0e:
                    e8:ea:ed:35:25:fa:bf:77:b1:e9:fc:de:30:93:c3:
                    8d:e5:25:7d:4a:03:92:6d:4c:80:01:f6:f2:56:1e:
                    d3:fc:c4:b0:7b:2d:84:4d:fc:04:56:65:41:e7:72:
                    9e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:A7:06:E7:D5:66:16:A4:38:71:77:74:04:12:C3:8E:86:B2:1E:92
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/KKcG59VmFqQ4cXd0BBLDjoayHpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:8f:0f:8e:59:26:58:0e:2a:0d:a2:c7:2d:cc:e9:0f:ab:d1:
         d3:ea:15:d5:77:11:55:03:5d:02:fb:69:0c:54:16:71:29:4c:
         06:8e:72:ee:b2:e0:60:6d:16:28:a0:2b:7a:a2:9b:ab:53:3f:
         78:c6:18:1d:b9:9e:2a:04:cb:d8:1f:2a:b1:82:d8:4b:28:b3:
         56:46:a4:83:f4:c0:a0:ba:02:48:6f:03:ef:e4:c3:25:17:49:
         16:96:53:38:ec:65:97:cc:85:36:01:71:77:0c:a6:6a:ef:7b:
         20:db:86:fe:49:07:8f:71:7d:ee:6c:73:83:eb:c3:b4:ef:39:
         b9:90:67:54:66:d3:cc:da:0b:1b:45:b1:9f:5d:ae:a6:ec:94:
         b9:de:dc:bd:f6:7e:ce:71:8e:63:fd:7f:4f:28:92:81:36:d4:
         3e:d5:df:53:3a:d8:67:1a:8e:10:4d:52:11:bc:94:a3:79:6b:
         2a:19:15:80:62:e2:40:1c:11:8b:73:23:52:0f:d0:ab:d7:91:
         17:26:8f:fb:4a:50:c8:bd:36:7a:84:c8:ae:91:ca:f0:72:e8:
         20:e6:7b:30:62:67:01:33:8d:f0:7c:e2:86:49:74:e1:60:9f:
         1c:a0:61:bc:86:ad:a9:eb:61:ad:4f:b7:73:4d:87:af:58:45:
         07:dc:f4:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x+VPuMKmvrmsv3fe0xL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwMTAxMTgxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGE3MDZlN2Q1NjYxNmE0Mzg3MTc3NzQwNDEyYzM4ZTg2YjIxZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFsv7/sd5xSyl/qcOd04zGrPE5Ks
jxANwcFr3G13v0gPlZr3Icta7XlOQ3B/NllBZ3pZ7tR/lAY8IEbvhZaUDUsoXwOU
QBMJh4ce8MwysBCmyT5so9UMziAXGP/RDKIrFj4uU5wKEG5nSeDNWfnOoFLmpXpD
w2P72hhHSnCYOnxqg0W5c7pLQjlywboE0x5qUcstFG47X8nNBtgFKBILq0kmCw/7
bkrWa7Zaz73gAHt4kAtaS67z1TrDDdeJKhyIZspg72mU1uJXlngBh3n1wA7o6u01
Jfq/d7Hp/N4wk8ON5SV9SgOSbUyAAfbyVh7T/MSwey2ETfwEVmVB53Ke8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCinBufVZhakOHF3dAQSw46Gsh6SMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvS0tjRzU5Vm1GcVE0Y1hkMEJCTERqb2F5SHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUK7gMA0G
CSqGSIb3DQEBCwUAA4IBAQAQjw+OWSZYDioNosctzOkPq9HT6hXVdxFVA10C+2kM
VBZxKUwGjnLusuBgbRYooCt6opurUz94xhgduZ4qBMvYHyqxgthLKLNWRqSD9MCg
ugJIbwPv5MMlF0kWllM47GWXzIU2AXF3DKZq73sg24b+SQePcX3ubHOD68O07zm5
kGdUZtPM2gsbRbGfXa6m7JS53ty99n7OcY5j/X9PKJKBNtQ+1d9TOthnGo4QTVIR
vJSjeWsqGRWAYuJAHBGLcyNSD9Cr15EXJo/7SlDIvTZ6hMiukcrwcugg5nswYmcB
M43wfOKGSXThYJ8coGG8hq2p62GtT7dzTYevWEUH3PRm
-----END CERTIFICATE-----