This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/kBBxzrqCjihjVPRdqtt-ghTTtDQ.roa
File:                     kBBxzrqCjihjVPRdqtt-ghTTtDQ.roa (raw, json)
Hash identifier:          /K8Q0KztGPNhef1TiXb1IJjhOesSn9UrFKZ/ivhz5Xg=
Subject key identifier:   90:10:71:CE:BA:82:8E:28:63:54:F4:5D:AA:DB:7E:82:14:D3:B4:34
Certificate issuer:       /CN=6460129c221f7a47812885a64838b12ee6b15ed5
Certificate serial:       019B7FF25483A6103EDF1FBFDD5362CD6E79
Authority key identifier: 64:60:12:9C:22:1F:7A:47:81:28:85:A6:48:38:B1:2E:E6:B1:5E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGASnCIfekeBKIWmSDixLuaxXtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/kBBxzrqCjihjVPRdqtt-ghTTtDQ.roa
Signing time:             Fri 02 Jan 2026 18:22:26 +0000
ROA not before:           Fri 02 Jan 2026 18:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199942
IP address blocks:        185.41.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/ZGASnCIfekeBKIWmSDixLuaxXtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/ZGASnCIfekeBKIWmSDixLuaxXtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZGASnCIfekeBKIWmSDixLuaxXtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:54:83:a6:10:3e:df:1f:bf:dd:53:62:cd:6e:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6460129c221f7a47812885a64838b12ee6b15ed5
        Validity
            Not Before: Jan  2 18:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=901071ceba828e286354f45daadb7e8214d3b434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:32:33:bd:39:ef:76:a2:bd:64:24:77:63:be:
                    11:19:80:a2:9b:10:41:32:82:bd:0b:7e:bc:9d:51:
                    49:55:80:a8:bd:0d:fb:03:98:a8:53:fa:d2:c4:77:
                    ec:93:3d:04:1b:db:4f:33:d2:8c:50:aa:3b:60:3c:
                    81:35:ea:64:0d:90:e6:6d:82:db:33:fc:a1:f0:7e:
                    dd:0c:77:23:33:c7:fe:19:de:98:55:59:83:a4:f2:
                    c4:27:99:9a:93:b2:45:48:47:bd:a5:ec:2e:97:7d:
                    b1:7a:17:d1:0f:93:36:ba:7c:cc:cf:1e:62:12:3c:
                    52:5b:d5:9d:0e:32:df:8d:df:89:09:c0:3c:fd:8e:
                    d4:ba:2f:c0:78:e1:fa:72:64:f6:ec:98:34:f4:d7:
                    f8:55:37:fa:b3:4b:83:bd:5c:25:09:0e:04:2d:bc:
                    ee:a6:17:44:af:37:52:1d:22:ee:e6:4b:39:f5:53:
                    57:8a:56:be:06:6e:d9:09:93:9d:75:85:fb:ef:78:
                    9f:e7:c9:b1:90:e3:36:16:97:99:46:f7:24:13:74:
                    ff:26:b8:ed:4d:8c:28:b2:d0:8e:56:f0:c7:a1:81:
                    e4:e9:23:da:7d:12:17:5f:95:68:9e:ad:25:0c:20:
                    1e:e0:4b:70:f2:ea:45:3a:a2:f1:80:77:dc:e8:3d:
                    89:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:10:71:CE:BA:82:8E:28:63:54:F4:5D:AA:DB:7E:82:14:D3:B4:34
            X509v3 Authority Key Identifier:
                keyid:64:60:12:9C:22:1F:7A:47:81:28:85:A6:48:38:B1:2E:E6:B1:5E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGASnCIfekeBKIWmSDixLuaxXtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/kBBxzrqCjihjVPRdqtt-ghTTtDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/a646af-e61d-48b6-89d2-eba988a548e7/1/ZGASnCIfekeBKIWmSDixLuaxXtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:b9:1c:2f:77:03:b2:70:3c:2b:fa:ec:9d:49:b9:16:f9:e9:
         32:51:e9:f6:6d:90:c0:cd:01:8f:ca:05:bf:3c:b1:1b:f8:10:
         74:ef:b3:d3:16:d9:ae:b3:3e:d2:9c:84:f2:af:f2:53:d6:e1:
         3e:45:d7:09:f8:d3:f1:bf:01:53:e4:57:c8:4e:a8:24:32:92:
         97:ca:c1:81:8c:cb:b2:6e:5a:fb:ae:a9:ad:d6:a6:68:8b:29:
         f5:78:f0:a5:b8:1c:6a:29:6d:b5:70:b7:fc:2f:9e:cf:a7:6f:
         75:ba:cb:ae:cb:d2:59:b2:3e:a9:20:70:1e:13:12:18:7e:7c:
         8f:c0:8b:74:3d:49:be:7f:39:c6:f7:60:d4:34:5e:94:ed:b8:
         93:70:83:a9:c2:af:77:80:e1:bd:2e:58:67:1a:94:df:09:8a:
         6e:e4:5d:b5:62:8f:e8:68:8e:b2:92:00:6e:5f:aa:7b:62:71:
         de:a0:4c:b5:69:0b:87:e9:ed:54:60:9b:7c:87:55:8f:8a:2e:
         1f:84:48:7a:49:93:c2:05:e8:88:34:b5:83:b0:ce:c2:18:24:
         ad:8d:1b:7b:bb:73:68:15:79:87:9c:7d:cd:8c:73:88:ee:18:
         63:d4:f3:e0:14:99:7f:d8:82:ae:68:ea:f9:b4:56:ef:cf:dd:
         8a:e5:85:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8lSDphA+3x+/3VNizW55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NjAxMjljMjIxZjdhNDc4MTI4ODVhNjQ4MzhiMTJlZTZi
MTVlZDUwHhcNMjYwMTAyMTgyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDEwNzFjZWJhODI4ZTI4NjM1NGY0NWRhYWRiN2U4MjE0ZDNiNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+jIzvTnvdqK9ZCR3Y74RGYCimxBB
MoK9C368nVFJVYCovQ37A5ioU/rSxHfskz0EG9tPM9KMUKo7YDyBNepkDZDmbYLb
M/yh8H7dDHcjM8f+Gd6YVVmDpPLEJ5mak7JFSEe9pewul32xehfRD5M2unzMzx5i
EjxSW9WdDjLfjd+JCcA8/Y7Uui/AeOH6cmT27Jg09Nf4VTf6s0uDvVwlCQ4ELbzu
phdErzdSHSLu5ks59VNXila+Bm7ZCZOddYX773if58mxkOM2FpeZRvckE3T/Jrjt
TYwostCOVvDHoYHk6SPafRIXX5Vonq0lDCAe4Etw8upFOqLxgHfc6D2JnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAQcc66go4oY1T0XarbfoIU07Q0MB8GA1UdIwQY
MBaAFGRgEpwiH3pHgSiFpkg4sS7msV7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkdBU25DSWZla2VCS0lXbVNEaXhMdWF4WHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hNjQ2YWYtZTYxZC00OGI2LTg5ZDIt
ZWJhOTg4YTU0OGU3LzEva0JCeHpycUNqaWhqVlBSZHF0dC1naFRUdERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hNjQ2YWYtZTYxZC00OGI2LTg5ZDItZWJhOTg4YTU0OGU3
LzEvWkdBU25DSWZla2VCS0lXbVNEaXhMdWF4WHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSnsMA0G
CSqGSIb3DQEBCwUAA4IBAQCVuRwvdwOycDwr+uydSbkW+ekyUen2bZDAzQGPygW/
PLEb+BB077PTFtmusz7SnITyr/JT1uE+RdcJ+NPxvwFT5FfITqgkMpKXysGBjMuy
blr7rqmt1qZoiyn1ePCluBxqKW21cLf8L57Pp291usuuy9JZsj6pIHAeExIYfnyP
wIt0PUm+fznG92DUNF6U7biTcIOpwq93gOG9LlhnGpTfCYpu5F21Yo/oaI6ykgBu
X6p7YnHeoEy1aQuH6e1UYJt8h1WPii4fhEh6SZPCBeiINLWDsM7CGCStjRt7u3No
FXmHnH3NjHOI7hhj1PPgFJl/2IKuaOr5tFbvz92K5YXU
-----END CERTIFICATE-----