This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kRYrMqZrnMnLWz5ONjoI0aIiVzU.roa
File:                     kRYrMqZrnMnLWz5ONjoI0aIiVzU.roa (raw, json)
Hash identifier:          9MKMM1ZDcRNWNvJJCbbjFSFRL0p0yF8DYi5dS7KJAWY=
Subject key identifier:   91:16:2B:32:A6:6B:9C:C9:CB:5B:3E:4E:36:3A:08:D1:A2:22:57:35
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019B797E0007CC3434F29664355474443DE9
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kRYrMqZrnMnLWz5ONjoI0aIiVzU.roa
Signing time:             Thu 01 Jan 2026 12:17:39 +0000
ROA not before:           Thu 01 Jan 2026 12:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212667
IP address blocks:        89.36.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:00:07:cc:34:34:f2:96:64:35:54:74:44:3d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 12:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91162b32a66b9cc9cb5b3e4e363a08d1a2225735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:28:0c:1c:a2:b0:97:3d:07:95:9c:a5:bc:90:
                    39:98:29:7c:af:c0:1a:6b:35:31:be:02:1d:b3:fb:
                    ed:53:70:c0:a3:15:0e:9f:16:b6:cb:33:37:f5:09:
                    6a:6b:2b:31:d7:b6:78:52:af:08:1d:d6:78:52:da:
                    60:65:59:3d:17:f3:05:94:3b:a7:d7:37:38:a2:90:
                    9a:ed:bb:8e:75:dd:5f:57:2e:f4:48:e0:9b:9e:01:
                    21:5c:b9:fd:4f:d3:4f:aa:a1:32:b4:0d:76:40:05:
                    a9:c9:a7:08:36:03:5e:d2:08:be:85:43:6e:70:54:
                    9d:09:b6:7e:91:ed:65:13:b2:dc:8e:28:d7:2f:9d:
                    74:c6:1a:b0:fd:f3:c5:11:a1:1f:77:8a:c1:c8:a0:
                    48:13:d1:7d:53:52:78:80:8a:d7:ee:8b:41:5c:9e:
                    42:c8:fc:80:58:49:76:64:c5:37:44:d8:59:dc:68:
                    93:28:10:2b:0a:e9:81:44:53:d0:df:96:a6:1f:22:
                    e6:a0:32:82:58:a3:74:51:84:b9:38:b0:ec:e0:2b:
                    0c:00:25:53:74:15:9c:6f:c4:75:d0:b0:3b:48:21:
                    53:6f:f3:f8:7d:f3:e4:af:f1:18:c5:59:a0:7a:10:
                    e5:6b:27:79:1d:50:ab:7d:cc:32:34:ad:be:54:1f:
                    4e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:16:2B:32:A6:6B:9C:C9:CB:5B:3E:4E:36:3A:08:D1:A2:22:57:35
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kRYrMqZrnMnLWz5ONjoI0aIiVzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:97:06:de:2f:f0:92:61:c9:5d:d4:be:27:41:9b:05:8c:fd:
         cf:6c:39:67:22:93:08:56:74:84:d4:b2:7b:01:79:3f:62:7e:
         1f:29:f3:29:c0:ee:a0:a8:93:5f:5b:b0:df:a8:2f:9c:1d:b0:
         14:2b:d6:f3:76:5e:a6:9b:0f:39:18:ff:c8:4d:f9:48:b6:73:
         98:11:62:e5:b5:3b:d6:f3:78:6b:53:10:0f:0c:c9:85:9e:c2:
         bd:c2:37:bf:0e:e9:5a:0a:e2:87:c0:17:61:aa:60:6a:86:8a:
         b4:f4:88:ce:78:44:2c:94:74:3e:29:63:8a:7b:f9:66:1f:d5:
         14:48:dc:d5:20:b9:a6:da:c4:8f:b5:c6:a7:dc:bc:12:e0:4a:
         4d:b1:84:1f:00:3c:dd:3f:8f:56:32:77:5f:b6:e2:4c:6e:00:
         a5:5b:ec:63:56:c8:03:7c:6c:40:9d:74:57:b1:7c:62:0c:cc:
         eb:04:9e:6a:f6:4f:ec:94:8c:0e:34:ee:cf:07:8d:1e:81:2b:
         a0:88:40:73:b3:79:22:11:64:1c:4c:6c:39:b1:94:5f:75:4b:
         6a:ad:85:d7:25:66:d9:45:bf:7b:cf:d1:fa:e6:72:91:ae:a4:
         fa:39:c4:c5:5e:ea:2f:6b:2b:7d:64:9e:db:46:c3:8e:cc:f7:
         7d:ff:4c:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgAHzDQ08pZkNVR0RD3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMTAxMTIxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE2MmIzMmE2NmI5Y2M5Y2I1YjNlNGUzNjNhMDhkMWEyMjI1NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwygMHKKwlz0HlZylvJA5mCl8r8Aa
azUxvgIds/vtU3DAoxUOnxa2yzM39Qlqaysx17Z4Uq8IHdZ4UtpgZVk9F/MFlDun
1zc4opCa7buOdd1fVy70SOCbngEhXLn9T9NPqqEytA12QAWpyacINgNe0gi+hUNu
cFSdCbZ+ke1lE7LcjijXL510xhqw/fPFEaEfd4rByKBIE9F9U1J4gIrX7otBXJ5C
yPyAWEl2ZMU3RNhZ3GiTKBArCumBRFPQ35amHyLmoDKCWKN0UYS5OLDs4CsMACVT
dBWcb8R10LA7SCFTb/P4ffPkr/EYxVmgehDlayd5HVCrfcwyNK2+VB9OcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEWKzKma5zJy1s+TjY6CNGiIlc1MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEva1JZck1xWnJuTW5MV3o1T05qb0kwYUlpVnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSSMMA0G
CSqGSIb3DQEBCwUAA4IBAQCVlwbeL/CSYcld1L4nQZsFjP3PbDlnIpMIVnSE1LJ7
AXk/Yn4fKfMpwO6gqJNfW7DfqC+cHbAUK9bzdl6mmw85GP/ITflItnOYEWLltTvW
83hrUxAPDMmFnsK9wje/DulaCuKHwBdhqmBqhoq09IjOeEQslHQ+KWOKe/lmH9UU
SNzVILmm2sSPtcan3LwS4EpNsYQfADzdP49WMndftuJMbgClW+xjVsgDfGxAnXRX
sXxiDMzrBJ5q9k/slIwONO7PB40egSugiEBzs3kiEWQcTGw5sZRfdUtqrYXXJWbZ
Rb97z9H65nKRrqT6OcTFXuovayt9ZJ7bRsOOzPd9/0y7
-----END CERTIFICATE-----