This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/KumaOhSQ1_mncFf0ZkCQhvDH-Lo.roa
File:                     KumaOhSQ1_mncFf0ZkCQhvDH-Lo.roa (raw, json)
Hash identifier:          0SuemogzHjG4lYfHbDePATRRaFFo9hyJ2zL/inmV6J0=
Subject key identifier:   2A:E9:9A:3A:14:90:D7:F9:A7:70:57:F4:66:40:90:86:F0:C7:F8:BA
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       019AB60C10821B4A358597F5E41908B55A3F
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/KumaOhSQ1_mncFf0ZkCQhvDH-Lo.roa
Signing time:             Mon 24 Nov 2025 13:27:15 +0000
ROA not before:           Mon 24 Nov 2025 13:27:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        37.202.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:0c:10:82:1b:4a:35:85:97:f5:e4:19:08:b5:5a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Nov 24 13:27:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ae99a3a1490d7f9a77057f466409086f0c7f8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:dc:e0:98:a2:87:b7:49:70:fd:70:62:86:a1:
                    a5:94:51:af:c8:1d:34:2a:17:53:53:3b:b7:75:d5:
                    ae:7d:62:09:c3:88:b2:ce:9b:3e:61:f0:4b:7a:7e:
                    d8:6c:fe:1e:b2:68:f2:d6:ba:cc:40:f7:4c:88:aa:
                    6d:40:40:cc:74:00:0c:2b:60:ad:95:6b:82:03:82:
                    43:c4:10:0a:78:df:44:53:d5:d0:55:83:16:8a:00:
                    bd:6c:64:03:ea:f0:3a:d6:6e:6a:67:ca:19:e6:96:
                    8b:89:cd:e0:c6:99:93:01:9f:17:97:3d:84:f3:cb:
                    6e:69:9b:37:1e:8f:09:b1:72:35:27:f2:ca:0e:5f:
                    ae:7a:c5:ee:ce:73:c6:9c:7d:d5:ec:80:68:6c:7c:
                    49:23:9d:dc:39:d4:2d:b0:ee:84:26:32:52:75:16:
                    74:38:74:d8:a5:78:35:0b:94:79:e6:3d:42:30:ae:
                    fb:a9:b3:dc:46:5e:d2:ef:dd:df:4c:56:d6:8d:1a:
                    ef:d0:1b:5e:5c:47:49:4a:2b:60:3e:6f:5a:83:41:
                    2c:fd:4a:6d:3a:43:16:31:7e:2e:eb:e0:49:e4:84:
                    96:4c:cf:68:95:e3:09:4e:60:c4:70:d9:ba:ca:08:
                    01:d1:7f:84:20:5b:74:29:3b:94:5e:b5:dd:20:f9:
                    8f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E9:9A:3A:14:90:D7:F9:A7:70:57:F4:66:40:90:86:F0:C7:F8:BA
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/KumaOhSQ1_mncFf0ZkCQhvDH-Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:30:1e:19:7c:dd:bf:c3:5c:cc:f5:af:df:cb:d9:e2:fd:
         ab:97:41:5e:36:71:65:b0:51:7d:62:36:b2:1a:d0:e3:75:5f:
         5b:4d:6d:64:08:6f:03:80:32:0d:58:f2:35:3a:68:d9:d4:cb:
         e6:a8:41:d6:28:00:b5:b5:08:b2:b8:13:7c:ad:09:8e:20:8c:
         a8:0e:93:06:ae:96:d8:ad:e3:2e:19:c3:2b:ee:d6:8a:be:41:
         71:84:c5:32:4e:5c:68:fb:6b:4f:6f:b9:00:5e:4f:f4:81:5e:
         63:1a:23:90:93:8f:fe:fe:61:47:98:1b:03:2c:99:76:8e:b3:
         07:a1:f7:1c:bf:9e:95:16:98:c8:da:19:a3:08:30:29:ac:16:
         1a:49:f2:81:e4:61:c6:4e:d2:2b:e2:a6:80:e5:d8:53:da:dc:
         0d:cd:72:17:29:4f:d6:cb:c2:04:57:06:4e:7c:69:cb:39:c2:
         cf:a9:ec:f3:b5:6c:fc:26:94:d2:d3:4e:12:d4:59:ed:6b:03:
         57:e3:b0:98:ce:d1:e2:55:69:41:fa:f9:58:a2:d3:53:47:5c:
         2e:20:4a:2a:e4:c2:42:cd:ec:3d:71:8b:92:a0:c3:ff:8e:a1:
         b0:72:91:3a:04:9d:a8:28:d3:de:63:a5:e1:7f:d4:fa:ed:29:
         0f:54:af:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2DBCCG0o1hZf15BkItVo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUxMTI0MTMyNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU5OWEzYTE0OTBkN2Y5YTc3MDU3ZjQ2NjQwOTA4NmYwYzdmOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9zgmKKHt0lw/XBihqGllFGvyB00
KhdTUzu3ddWufWIJw4iyzps+YfBLen7YbP4esmjy1rrMQPdMiKptQEDMdAAMK2Ct
lWuCA4JDxBAKeN9EU9XQVYMWigC9bGQD6vA61m5qZ8oZ5paLic3gxpmTAZ8Xlz2E
88tuaZs3Ho8JsXI1J/LKDl+uesXuznPGnH3V7IBobHxJI53cOdQtsO6EJjJSdRZ0
OHTYpXg1C5R55j1CMK77qbPcRl7S793fTFbWjRrv0BteXEdJSitgPm9ag0Es/Upt
OkMWMX4u6+BJ5ISWTM9oleMJTmDEcNm6yggB0X+EIFt0KTuUXrXdIPmPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrpmjoUkNf5p3BX9GZAkIbwx/i6MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvS3VtYU9oU1ExX21uY0ZmMFprQ1FodkRILUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJcr8MA0G
CSqGSIb3DQEBCwUAA4IBAQANlTAeGXzdv8NczPWv38vZ4v2rl0FeNnFlsFF9Yjay
GtDjdV9bTW1kCG8DgDINWPI1OmjZ1MvmqEHWKAC1tQiyuBN8rQmOIIyoDpMGrpbY
reMuGcMr7taKvkFxhMUyTlxo+2tPb7kAXk/0gV5jGiOQk4/+/mFHmBsDLJl2jrMH
ofccv56VFpjI2hmjCDAprBYaSfKB5GHGTtIr4qaA5dhT2twNzXIXKU/Wy8IEVwZO
fGnLOcLPqezztWz8JpTS004S1FntawNX47CYztHiVWlB+vlYotNTR1wuIEoq5MJC
zew9cYuSoMP/jqGwcpE6BJ2oKNPeY6Xhf9T67SkPVK9F
-----END CERTIFICATE-----