This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Kaw-R6nt0c9UTKMJRIcERmmyojA.roa
File:                     Kaw-R6nt0c9UTKMJRIcERmmyojA.roa (raw, json)
Hash identifier:          9dPYZ/sLiSPcCqk0XuPEzHSs93L+Ae8yi0Zq/Hdvq0g=
Subject key identifier:   29:AC:3E:47:A9:ED:D1:CF:54:4C:A3:09:44:87:04:46:69:B2:A2:30
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C134B3E91714C1BC457C2276F69835F
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Kaw-R6nt0c9UTKMJRIcERmmyojA.roa
Signing time:             Fri 02 Jan 2026 00:19:57 +0000
ROA not before:           Fri 02 Jan 2026 00:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273853
IP address blocks:        217.76.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:4b:3e:91:71:4c:1b:c4:57:c2:27:6f:69:83:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29ac3e47a9edd1cf544ca3094487044669b2a230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a7:11:c4:eb:20:d9:79:fd:81:41:b0:0d:27:
                    4a:1e:2f:53:28:42:a7:e6:42:81:cb:a7:4a:38:88:
                    5b:d0:07:19:e1:fc:12:8d:c7:05:96:37:3a:cb:b1:
                    ae:19:d8:1c:20:fd:3d:bb:7b:f0:7f:7f:57:89:80:
                    d9:2e:76:dc:a5:94:28:37:b2:93:ab:08:d9:c4:7b:
                    07:b8:4c:32:5c:e3:f6:94:c4:f3:2c:6d:a1:f9:4b:
                    1d:ed:c7:14:03:07:82:20:5b:7f:48:81:04:1e:72:
                    10:d2:dc:5f:52:15:24:b6:88:cc:ea:70:fa:f2:b8:
                    32:3b:bd:c4:ef:1f:60:f1:ea:84:a0:fd:8e:03:62:
                    03:2e:13:a3:ba:7f:cd:5c:39:ab:80:c6:1f:93:06:
                    f3:9b:d6:64:d6:76:d0:7b:72:33:57:99:e0:ab:c0:
                    ca:f2:75:1c:a9:95:84:00:10:6d:34:4f:72:c9:6d:
                    e5:46:e8:64:24:51:c4:d7:2b:32:88:94:37:78:80:
                    98:88:ed:89:11:ae:6f:c2:89:a8:e8:6c:3f:cb:1a:
                    28:c5:84:4e:b5:5c:83:e5:59:22:ef:66:fd:62:4d:
                    5f:0e:b2:59:d6:27:b4:74:df:3e:27:6c:64:25:27:
                    19:bb:2c:e3:52:e6:57:8b:77:a7:57:f0:2a:3f:f9:
                    0d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AC:3E:47:A9:ED:D1:CF:54:4C:A3:09:44:87:04:46:69:B2:A2:30
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Kaw-R6nt0c9UTKMJRIcERmmyojA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ef:b3:b4:29:58:b5:37:e5:2f:c6:b0:7e:9c:ab:6c:39:58:
         18:6f:80:b6:4e:57:77:2d:1b:7f:f8:4c:0a:15:f6:5f:0b:14:
         08:34:c7:01:0d:9d:98:84:08:fe:54:93:74:15:05:f5:f2:c0:
         e2:13:44:e9:56:d0:a5:d5:2a:02:30:80:df:e1:75:c4:a0:88:
         8c:6a:57:bd:42:2f:f7:4c:bf:ce:fa:fe:d6:f1:f6:df:9f:07:
         03:86:bb:7a:92:0f:1d:d6:cc:07:db:2f:4a:81:9c:64:9b:52:
         f8:43:75:15:f3:ec:2d:c2:ca:5f:21:b3:e4:ea:a4:d3:ef:fe:
         98:25:5a:12:74:95:d9:41:7c:61:89:63:7b:42:6d:fd:68:45:
         60:f6:16:c1:60:9f:e0:83:b6:16:10:6f:4a:22:58:0f:bc:c6:
         64:5b:5d:1a:05:28:45:6d:38:8a:d7:54:ee:7d:4e:08:67:3f:
         e0:24:2b:f3:da:fc:97:e5:b2:16:2e:e6:65:a6:53:a6:e0:dd:
         12:d7:1b:f1:8d:76:df:2b:56:98:33:1a:4b:d5:bc:bd:0a:f4:
         c9:26:cb:94:f0:40:81:5c:da:b8:31:31:b0:4c:14:17:0a:b4:
         b4:6b:e5:29:54:ff:3a:6b:65:95:20:d6:b0:a9:bb:89:6b:3b:
         3b:42:c1:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0s+kXFMG8RXwidvaYNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFjM2U0N2E5ZWRkMWNmNTQ0Y2EzMDk0NDg3MDQ0NjY5YjJhMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqcRxOsg2Xn9gUGwDSdKHi9TKEKn
5kKBy6dKOIhb0AcZ4fwSjccFljc6y7GuGdgcIP09u3vwf39XiYDZLnbcpZQoN7KT
qwjZxHsHuEwyXOP2lMTzLG2h+Usd7ccUAweCIFt/SIEEHnIQ0txfUhUktojM6nD6
8rgyO73E7x9g8eqEoP2OA2IDLhOjun/NXDmrgMYfkwbzm9Zk1nbQe3IzV5ngq8DK
8nUcqZWEABBtNE9yyW3lRuhkJFHE1ysyiJQ3eICYiO2JEa5vwomo6Gw/yxooxYRO
tVyD5Vki72b9Yk1fDrJZ1ie0dN8+J2xkJScZuyzjUuZXi3enV/AqP/kNewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmsPkep7dHPVEyjCUSHBEZpsqIwMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvS2F3LVI2bnQwYzlVVEtNSlJJY0VSbW15b2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Uz0MA0G
CSqGSIb3DQEBCwUAA4IBAQBL77O0KVi1N+UvxrB+nKtsOVgYb4C2Tld3LRt/+EwK
FfZfCxQINMcBDZ2YhAj+VJN0FQX18sDiE0TpVtCl1SoCMIDf4XXEoIiMale9Qi/3
TL/O+v7W8fbfnwcDhrt6kg8d1swH2y9KgZxkm1L4Q3UV8+wtwspfIbPk6qTT7/6Y
JVoSdJXZQXxhiWN7Qm39aEVg9hbBYJ/gg7YWEG9KIlgPvMZkW10aBShFbTiK11Tu
fU4IZz/gJCvz2vyX5bIWLuZlplOm4N0S1xvxjXbfK1aYMxpL1by9CvTJJsuU8ECB
XNq4MTGwTBQXCrS0a+UpVP86a2WVINawqbuJazs7QsHJ
-----END CERTIFICATE-----