This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/KAP-MsAL1-oaDIoSW3d4FoyluNI.roa
File:                     KAP-MsAL1-oaDIoSW3d4FoyluNI.roa (raw, json)
Hash identifier:          DJPA2AzD9hRKdzp6bE6dP915E7mEGvpu0CRcSDF372w=
Subject key identifier:   28:03:FE:32:C0:0B:D7:EA:1A:0C:8A:12:5B:77:78:16:8C:A5:B8:D2
Certificate issuer:       /CN=220a9859fbf2e6bc3ed8273911762bd8fa5e802e
Certificate serial:       019B7CED1AC3ECD6801837F42024832BED2A
Authority key identifier: 22:0A:98:59:FB:F2:E6:BC:3E:D8:27:39:11:76:2B:D8:FA:5E:80:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IgqYWfvy5rw-2Cc5EXYr2PpegC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/KAP-MsAL1-oaDIoSW3d4FoyluNI.roa
Signing time:             Fri 02 Jan 2026 04:17:52 +0000
ROA not before:           Fri 02 Jan 2026 04:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50005
IP address blocks:        91.224.84.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/IgqYWfvy5rw-2Cc5EXYr2PpegC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/IgqYWfvy5rw-2Cc5EXYr2PpegC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IgqYWfvy5rw-2Cc5EXYr2PpegC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:1a:c3:ec:d6:80:18:37:f4:20:24:83:2b:ed:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=220a9859fbf2e6bc3ed8273911762bd8fa5e802e
        Validity
            Not Before: Jan  2 04:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2803fe32c00bd7ea1a0c8a125b7778168ca5b8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1a:ba:56:7c:f4:9b:b8:83:99:c1:67:f6:9b:
                    ca:fe:01:7d:30:bf:95:f2:d9:35:8c:8c:71:1f:42:
                    07:98:73:4c:b9:59:b7:6b:b8:0c:2e:f1:9f:1d:f6:
                    7b:56:5c:49:2f:b5:ce:cd:a2:cd:f1:57:d4:a1:ad:
                    2c:89:94:f8:c3:19:25:89:86:75:c6:00:93:d3:0e:
                    51:95:94:94:29:4a:0c:91:b9:07:f7:a0:25:bb:94:
                    d7:d2:6a:d7:01:4c:63:3d:05:32:28:f3:83:04:ed:
                    73:fc:35:9d:c1:71:99:a9:1d:4c:19:ea:e1:0c:3a:
                    7d:26:4f:dc:89:5b:76:83:23:10:d4:5e:ba:f2:e4:
                    ac:76:b4:ac:5e:e0:17:18:06:77:2d:3e:54:13:f4:
                    9a:4f:f8:a9:df:78:35:83:f9:bd:f2:2e:6c:e4:4f:
                    54:55:f5:15:ff:68:29:1f:ca:c5:aa:e5:c9:d8:82:
                    32:a1:65:ef:eb:d5:bf:0d:77:db:49:f2:24:dd:0c:
                    2e:8f:46:ab:c3:cc:a7:11:65:ca:3c:bb:c2:82:81:
                    cb:ea:d9:3a:6d:87:00:5f:0c:87:74:d8:08:b3:6e:
                    03:64:2b:3b:82:a9:79:d7:d9:bd:5e:8f:ed:6b:0b:
                    bb:e3:76:63:57:01:5e:2e:23:6d:f9:0d:4f:c2:1f:
                    cc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:03:FE:32:C0:0B:D7:EA:1A:0C:8A:12:5B:77:78:16:8C:A5:B8:D2
            X509v3 Authority Key Identifier:
                keyid:22:0A:98:59:FB:F2:E6:BC:3E:D8:27:39:11:76:2B:D8:FA:5E:80:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IgqYWfvy5rw-2Cc5EXYr2PpegC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/KAP-MsAL1-oaDIoSW3d4FoyluNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/IgqYWfvy5rw-2Cc5EXYr2PpegC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:45:c8:2b:f1:10:30:47:b3:41:bb:de:0f:3e:52:ea:ae:9e:
         a3:3e:ff:8f:da:8d:8d:1d:a1:f1:47:80:60:ba:12:83:72:48:
         22:b1:57:83:51:65:29:72:b1:79:e3:cd:88:a5:8e:be:44:d8:
         62:2c:be:47:ec:ab:47:fa:64:7a:54:6c:aa:43:b1:c9:fa:44:
         99:bc:b0:8a:ba:5b:52:19:8c:b2:6a:2b:61:db:40:d0:26:25:
         92:33:de:39:d5:ab:25:85:e8:f7:3b:fb:35:8e:6b:3e:a1:e4:
         eb:03:a1:48:fb:bf:95:58:46:08:fb:32:ee:f8:ee:1d:17:97:
         01:0a:f7:66:e5:27:a9:9a:c9:7d:0b:9a:fd:ce:54:f4:39:7d:
         6a:64:3f:1a:f6:75:b8:0b:2f:9a:ed:13:c0:1a:83:8f:b9:62:
         5e:c1:c5:9e:1b:de:0e:3f:95:29:b7:3c:be:25:bf:c4:a8:41:
         f9:2c:41:d5:81:72:79:3a:26:62:91:c1:f7:02:b8:eb:15:14:
         82:62:d4:b8:60:4a:ee:3e:d6:ba:09:ac:2d:91:60:a8:80:96:
         4d:5d:98:58:cc:eb:fc:31:76:e5:b7:42:b6:dc:9c:62:78:d7:
         80:1b:31:24:34:2c:74:95:9e:fa:c6:ba:e3:77:58:d7:5b:05:
         8b:1d:85:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87RrD7NaAGDf0ICSDK+0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGE5ODU5ZmJmMmU2YmMzZWQ4MjczOTExNzYyYmQ4ZmE1
ZTgwMmUwHhcNMjYwMTAyMDQxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODAzZmUzMmMwMGJkN2VhMWEwYzhhMTI1Yjc3NzgxNjhjYTViOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxq6Vnz0m7iDmcFn9pvK/gF9ML+V
8tk1jIxxH0IHmHNMuVm3a7gMLvGfHfZ7VlxJL7XOzaLN8VfUoa0siZT4wxkliYZ1
xgCT0w5RlZSUKUoMkbkH96Alu5TX0mrXAUxjPQUyKPODBO1z/DWdwXGZqR1MGerh
DDp9Jk/ciVt2gyMQ1F668uSsdrSsXuAXGAZ3LT5UE/SaT/ip33g1g/m98i5s5E9U
VfUV/2gpH8rFquXJ2IIyoWXv69W/DXfbSfIk3Qwuj0arw8ynEWXKPLvCgoHL6tk6
bYcAXwyHdNgIs24DZCs7gql519m9Xo/tawu743ZjVwFeLiNt+Q1Pwh/MNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgD/jLAC9fqGgyKElt3eBaMpbjSMB8GA1UdIwQY
MBaAFCIKmFn78ua8PtgnORF2K9j6XoAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdxWVdmdnk1cnctMkNjNUVYWXIyUHBlZ0M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lODI4MWYtY2QxNy00ZTAyLThmY2Et
OGM1YWMwNmMxNGE4LzEvS0FQLU1zQUwxLW9hRElvU1czZDRGb3lsdU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lODI4MWYtY2QxNy00ZTAyLThmY2EtOGM1YWMwNmMxNGE4
LzEvSWdxWVdmdnk1cnctMkNjNUVYWXIyUHBlZ0M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BUMA0G
CSqGSIb3DQEBCwUAA4IBAQByRcgr8RAwR7NBu94PPlLqrp6jPv+P2o2NHaHxR4Bg
uhKDckgisVeDUWUpcrF5482IpY6+RNhiLL5H7KtH+mR6VGyqQ7HJ+kSZvLCKultS
GYyyaith20DQJiWSM9451aslhej3O/s1jms+oeTrA6FI+7+VWEYI+zLu+O4dF5cB
Cvdm5Sepmsl9C5r9zlT0OX1qZD8a9nW4Cy+a7RPAGoOPuWJewcWeG94OP5Uptzy+
Jb/EqEH5LEHVgXJ5OiZikcH3ArjrFRSCYtS4YEruPta6CawtkWCogJZNXZhYzOv8
MXblt0K23JxieNeAGzEkNCx0lZ76xrrjd1jXWwWLHYX9
-----END CERTIFICATE-----