This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KR8JPJtIbnU_ZvcCdAeP06NHMPA.roa
File:                     KR8JPJtIbnU_ZvcCdAeP06NHMPA.roa (raw, json)
Hash identifier:          hrvg4WBysOdnB2MT80djvP+/LKY74DwbRcQ0vdx9z3o=
Subject key identifier:   29:1F:09:3C:9B:48:6E:75:3F:66:F7:02:74:07:8F:D3:A3:47:30:F0
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019A96BECB72C202E7BECB15F2200EAF4E41
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KR8JPJtIbnU_ZvcCdAeP06NHMPA.roa
Signing time:             Tue 18 Nov 2025 11:34:37 +0000
ROA not before:           Tue 18 Nov 2025 11:34:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        95.178.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 09:56:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:96:be:cb:72:c2:02:e7:be:cb:15:f2:20:0e:af:4e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Nov 18 11:34:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=291f093c9b486e753f66f70274078fd3a34730f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9a:5e:5a:78:ca:a0:4f:04:02:96:64:6b:39:
                    0c:58:ad:63:2d:f6:84:47:3a:2e:54:b5:1f:70:94:
                    68:20:d7:14:15:88:7e:cd:34:58:37:cc:8d:a7:63:
                    2a:41:60:d5:5f:a4:f7:d3:e7:48:ce:ac:e4:9d:f2:
                    15:df:fd:fe:bf:05:80:e9:55:64:07:5a:78:13:1e:
                    97:9f:8d:61:93:68:63:57:b1:e1:7f:02:0c:a9:75:
                    af:a3:56:da:16:e7:6d:63:1d:b9:78:a3:4a:92:d9:
                    cf:d1:3c:25:7c:c4:54:35:c7:83:b1:93:67:d3:d6:
                    66:05:2c:0b:b7:52:25:2e:c8:ae:a8:72:b4:d5:83:
                    5c:b3:af:fc:cf:0c:f3:3e:5c:4f:eb:c1:e6:ed:64:
                    a4:69:74:a5:a1:c8:82:2a:b7:0a:d2:d1:95:4f:37:
                    30:5d:d8:29:67:2c:29:60:c6:22:52:18:3e:c1:12:
                    a0:19:e9:8a:28:41:bd:e2:a2:a4:e5:68:2e:32:3a:
                    82:e1:66:d1:fb:7e:02:fc:fc:9b:5d:59:e6:79:b9:
                    78:5d:66:9f:4d:98:01:02:f4:66:3d:b0:9c:3b:2e:
                    62:e5:22:47:76:0b:2b:d5:97:a6:82:f8:17:91:3b:
                    2f:b3:a6:88:85:95:60:6b:92:48:31:60:30:53:fe:
                    20:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1F:09:3C:9B:48:6E:75:3F:66:F7:02:74:07:8F:D3:A3:47:30:F0
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KR8JPJtIbnU_ZvcCdAeP06NHMPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.178.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:1c:d5:20:08:d3:d0:e5:96:b7:e0:8d:80:bd:2c:83:e6:bf:
         c7:f5:77:42:ac:e5:c8:f8:1d:8b:38:c9:d8:bf:f5:45:59:d4:
         07:8a:51:e8:14:44:5a:08:93:ed:a5:c8:0b:ab:b0:ea:24:b6:
         78:0d:1e:6f:75:92:f9:84:89:b3:27:7a:fd:a2:0c:16:a1:06:
         44:c1:ba:70:e1:73:e0:41:3d:48:bc:3d:3b:bb:19:92:f4:60:
         0d:f3:36:d0:63:b0:92:c0:a9:ec:7c:dd:bb:c7:8c:cd:93:d6:
         90:16:a9:bd:18:15:b9:c1:39:c1:e9:f9:be:f2:a6:e8:99:1f:
         30:ba:e0:c2:31:63:d4:ad:9e:c9:0e:b7:a2:ab:d3:af:21:a5:
         e9:3e:eb:0b:68:7e:22:55:7a:71:ba:82:ad:c4:73:91:8a:49:
         0c:6f:73:53:55:a1:6a:36:cc:ae:75:e2:01:88:bc:95:fd:b7:
         d4:ad:25:15:33:a4:fe:0b:8e:7e:bc:97:c2:0c:8f:1f:a4:fa:
         b7:1b:f0:02:90:a2:1c:7d:90:88:10:c2:30:fa:fc:f3:3b:49:
         ca:be:74:98:8d:49:95:38:c8:e0:68:07:12:a9:aa:8f:7d:51:
         24:1a:77:32:0d:0b:0b:6e:11:91:b2:fe:b3:09:b3:36:49:cb:
         63:0c:27:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqWvstywgLnvssV8iAOr05BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUxMTE4MTEzNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTFmMDkzYzliNDg2ZTc1M2Y2NmY3MDI3NDA3OGZkM2EzNDczMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApppeWnjKoE8EApZkazkMWK1jLfaE
RzouVLUfcJRoINcUFYh+zTRYN8yNp2MqQWDVX6T30+dIzqzknfIV3/3+vwWA6VVk
B1p4Ex6Xn41hk2hjV7HhfwIMqXWvo1baFudtYx25eKNKktnP0TwlfMRUNceDsZNn
09ZmBSwLt1IlLsiuqHK01YNcs6/8zwzzPlxP68Hm7WSkaXSlociCKrcK0tGVTzcw
XdgpZywpYMYiUhg+wRKgGemKKEG94qKk5WguMjqC4WbR+34C/PybXVnmebl4XWaf
TZgBAvRmPbCcOy5i5SJHdgsr1ZemgvgXkTsvs6aIhZVga5JIMWAwU/4g5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkfCTybSG51P2b3AnQHj9OjRzDwMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvS1I4SlBKdEliblVfWnZjQ2RBZVAwNk5ITVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7IgMA0G
CSqGSIb3DQEBCwUAA4IBAQCyHNUgCNPQ5Za34I2AvSyD5r/H9XdCrOXI+B2LOMnY
v/VFWdQHilHoFERaCJPtpcgLq7DqJLZ4DR5vdZL5hImzJ3r9ogwWoQZEwbpw4XPg
QT1IvD07uxmS9GAN8zbQY7CSwKnsfN27x4zNk9aQFqm9GBW5wTnB6fm+8qbomR8w
uuDCMWPUrZ7JDreiq9OvIaXpPusLaH4iVXpxuoKtxHORikkMb3NTVaFqNsyudeIB
iLyV/bfUrSUVM6T+C45+vJfCDI8fpPq3G/ACkKIcfZCIEMIw+vzzO0nKvnSYjUmV
OMjgaAcSqaqPfVEkGncyDQsLbhGRsv6zCbM2SctjDCf/
-----END CERTIFICATE-----