This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/KW64rtt74S1zhjsRECqiGcQpL7Q.roa
File:                     KW64rtt74S1zhjsRECqiGcQpL7Q.roa (raw, json)
Hash identifier:          R6F/nrfUdQaOnAWUHDehNGl6m7vmiH2zvZoykDnOykg=
Subject key identifier:   29:6E:B8:AE:DB:7B:E1:2D:73:86:3B:11:10:2A:A2:19:C4:29:2F:B4
Certificate issuer:       /CN=d721fd9d278b6458e9bf1cceba2c31a19fb96cfd
Certificate serial:       019B7F83A4E70C27461FF76F096BFA0FF854
Authority key identifier: D7:21:FD:9D:27:8B:64:58:E9:BF:1C:CE:BA:2C:31:A1:9F:B9:6C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/KW64rtt74S1zhjsRECqiGcQpL7Q.roa
Signing time:             Fri 02 Jan 2026 16:21:32 +0000
ROA not before:           Fri 02 Jan 2026 16:21:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6453
IP address blocks:        91.208.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:a4:e7:0c:27:46:1f:f7:6f:09:6b:fa:0f:f8:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d721fd9d278b6458e9bf1cceba2c31a19fb96cfd
        Validity
            Not Before: Jan  2 16:21:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=296eb8aedb7be12d73863b11102aa219c4292fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4a:6a:b0:38:ca:97:11:51:38:e3:49:c1:57:
                    2d:99:43:b9:85:72:0b:34:e3:5a:fc:f9:7d:b2:30:
                    d9:da:dc:f6:36:8e:3d:0e:5a:08:c0:7f:8e:fb:d5:
                    7a:00:a3:96:fb:ef:35:1b:a9:58:60:6c:f9:ec:13:
                    22:6d:0e:02:61:3c:e3:fb:58:b0:8a:da:d0:7f:78:
                    e5:ca:28:89:00:8e:15:02:f5:b5:ca:a9:9d:ed:fd:
                    7c:24:23:df:00:80:8c:db:0b:76:ae:82:71:05:21:
                    2a:6f:fe:cc:8c:3a:1c:f7:06:dc:dd:43:71:dc:5e:
                    7a:61:38:b1:31:cd:2f:b9:2f:b7:34:ce:bc:ea:fd:
                    05:5b:2d:f4:37:d7:1a:21:84:81:16:a3:9e:5e:df:
                    92:f9:2e:80:2e:2c:43:5b:2d:9d:af:45:99:11:b6:
                    cf:ab:ba:a8:e9:a1:6e:cd:ad:cc:54:48:69:b4:3d:
                    af:9d:00:83:e0:e4:f7:cd:e9:72:c3:4f:c0:96:53:
                    3e:e2:90:f5:96:02:54:b8:3b:f3:c4:d6:64:ac:15:
                    ee:b4:41:23:d6:97:b3:5e:23:a1:04:47:d9:b1:c8:
                    43:11:e8:db:d9:55:7f:7f:62:18:71:a6:fd:c2:45:
                    78:24:ab:1c:13:bd:b2:10:9f:0b:cd:f7:9b:12:08:
                    6d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6E:B8:AE:DB:7B:E1:2D:73:86:3B:11:10:2A:A2:19:C4:29:2F:B4
            X509v3 Authority Key Identifier:
                keyid:D7:21:FD:9D:27:8B:64:58:E9:BF:1C:CE:BA:2C:31:A1:9F:B9:6C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/KW64rtt74S1zhjsRECqiGcQpL7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:25:80:ad:75:94:10:c9:53:67:9d:ab:14:5c:1f:1d:fd:96:
         97:2a:c7:a0:28:53:d8:07:b7:d6:dc:e2:a5:31:83:bd:93:c1:
         72:45:d7:6d:1c:42:7e:35:26:8a:c6:26:7d:ac:24:57:94:72:
         9a:ad:01:ea:2a:37:8e:b7:f1:cd:5a:57:0f:db:c4:5c:4f:91:
         2a:6e:02:62:9d:8a:ea:8f:67:da:d8:d3:e6:7a:8c:cd:c1:40:
         9f:7d:37:94:d2:06:ac:44:2a:6b:80:82:04:9f:9c:f4:be:85:
         59:bb:46:c1:70:43:e7:b2:cf:88:1c:88:ef:85:4f:66:e9:82:
         99:5a:c4:65:e3:44:79:9b:01:b6:ec:eb:78:01:9e:81:21:b3:
         27:5b:ae:7c:18:fe:00:47:8e:f5:cc:d6:b6:27:f7:f9:eb:df:
         9d:5a:cf:73:07:47:e9:1d:fa:af:64:f0:5b:e8:c8:2b:13:3a:
         3e:ee:11:f7:3a:de:46:b0:a8:36:97:70:f1:3d:a7:0c:3d:c4:
         e1:f0:0c:61:25:53:5a:0e:6b:bd:93:d5:61:37:ee:7b:51:27:
         72:35:c6:e6:38:6b:4c:45:b8:01:8d:c2:81:a3:e4:53:99:28:
         82:69:9d:8c:bf:67:21:bb:98:6d:09:70:35:26:1f:f5:ce:8f:
         e6:5f:fe:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6TnDCdGH/dvCWv6D/hUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjFmZDlkMjc4YjY0NThlOWJmMWNjZWJhMmMzMWExOWZi
OTZjZmQwHhcNMjYwMTAyMTYyMTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZlYjhhZWRiN2JlMTJkNzM4NjNiMTExMDJhYTIxOWM0MjkyZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEpqsDjKlxFROONJwVctmUO5hXIL
NONa/Pl9sjDZ2tz2No49DloIwH+O+9V6AKOW++81G6lYYGz57BMibQ4CYTzj+1iw
itrQf3jlyiiJAI4VAvW1yqmd7f18JCPfAICM2wt2roJxBSEqb/7MjDoc9wbc3UNx
3F56YTixMc0vuS+3NM686v0FWy30N9caIYSBFqOeXt+S+S6ALixDWy2dr0WZEbbP
q7qo6aFuza3MVEhptD2vnQCD4OT3zelyw0/AllM+4pD1lgJUuDvzxNZkrBXutEEj
1pezXiOhBEfZschDEejb2VV/f2IYcab9wkV4JKscE72yEJ8LzfebEghtBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCluuK7be+Etc4Y7ERAqohnEKS+0MB8GA1UdIwQY
MBaAFNch/Z0ni2RY6b8czrosMaGfuWz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlIOW5TZUxaRmpwdnh6T3Vpd3hvWi01YlAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi82ZDc1MmEtNTljNS00N2EwLWIzY2Qt
OGY5NzliNjk5NDNmLzEvS1c2NHJ0dDc0UzF6aGpzUkVDcWlHY1FwTDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi82ZDc1MmEtNTljNS00N2EwLWIzY2QtOGY5NzliNjk5NDNm
LzEvMXlIOW5TZUxaRmpwdnh6T3Vpd3hvWi01YlAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AEMA0G
CSqGSIb3DQEBCwUAA4IBAQCPJYCtdZQQyVNnnasUXB8d/ZaXKsegKFPYB7fW3OKl
MYO9k8FyRddtHEJ+NSaKxiZ9rCRXlHKarQHqKjeOt/HNWlcP28RcT5EqbgJinYrq
j2fa2NPmeozNwUCffTeU0gasRCprgIIEn5z0voVZu0bBcEPnss+IHIjvhU9m6YKZ
WsRl40R5mwG27Ot4AZ6BIbMnW658GP4AR471zNa2J/f569+dWs9zB0fpHfqvZPBb
6MgrEzo+7hH3Ot5GsKg2l3DxPacMPcTh8AxhJVNaDmu9k9VhN+57USdyNcbmOGtM
RbgBjcKBo+RTmSiCaZ2Mv2chu5htCXA1Jh/1zo/mX/6O
-----END CERTIFICATE-----