This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/KbhQ6u1VdqVgoC_w__veaIi-7zs.roa
File:                     KbhQ6u1VdqVgoC_w__veaIi-7zs.roa (raw, json)
Hash identifier:          usnYtgKElxMHtJ3gMNxaW5mRcQvldV2GcoR0WqVjLH0=
Subject key identifier:   29:B8:50:EA:ED:55:76:A5:60:A0:2F:F0:FF:FB:DE:68:88:BE:EF:3B
Certificate issuer:       /CN=a590ef23b456c9db20d30742932b017fc5724e56
Certificate serial:       019B77C6B4EA8AE280E4D6B13D39F59C8119
Authority key identifier: A5:90:EF:23:B4:56:C9:DB:20:D3:07:42:93:2B:01:7F:C5:72:4E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZDvI7RWydsg0wdCkysBf8VyTlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/KbhQ6u1VdqVgoC_w__veaIi-7zs.roa
Signing time:             Thu 01 Jan 2026 04:17:49 +0000
ROA not before:           Thu 01 Jan 2026 04:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43804
IP address blocks:        193.200.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/pZDvI7RWydsg0wdCkysBf8VyTlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/pZDvI7RWydsg0wdCkysBf8VyTlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZDvI7RWydsg0wdCkysBf8VyTlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:b4:ea:8a:e2:80:e4:d6:b1:3d:39:f5:9c:81:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a590ef23b456c9db20d30742932b017fc5724e56
        Validity
            Not Before: Jan  1 04:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29b850eaed5576a560a02ff0fffbde6888beef3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:13:99:da:cb:31:94:20:56:ac:08:e4:0a:ad:
                    7c:07:f7:a8:25:e4:28:19:c7:68:01:29:c7:d3:b4:
                    91:01:ab:92:38:32:e3:82:49:b7:06:cd:42:8e:35:
                    30:05:4e:ee:f4:76:40:cb:e3:55:be:b4:bf:10:43:
                    16:7a:c1:b9:e8:bc:f8:23:9b:d5:f4:0b:a1:55:e3:
                    06:38:53:d9:14:30:8e:f6:67:9d:71:ec:e6:b9:bd:
                    c8:6a:19:46:ed:71:a9:9b:7c:fb:36:ed:7c:8c:08:
                    09:20:8a:33:28:6b:36:ed:eb:e1:13:34:cf:74:54:
                    d3:a0:82:bb:2c:71:7c:7a:78:df:68:ae:9e:5d:f6:
                    36:d8:67:e2:e7:73:00:4e:3c:c3:a7:13:ca:b9:71:
                    80:84:89:9a:4f:53:b8:44:41:9e:38:12:27:35:6a:
                    7b:d3:ee:e0:1c:19:68:77:d2:dc:e9:37:e3:09:87:
                    c6:59:77:27:84:b4:17:3c:4d:3e:1d:77:2c:a5:6e:
                    68:5f:46:77:b0:42:b9:4e:82:19:53:59:86:68:50:
                    66:47:5c:4b:26:d5:b0:6f:a2:8a:5b:60:e4:bb:33:
                    56:24:22:23:f8:f9:3d:ad:93:8b:48:da:07:6a:f5:
                    d7:c5:50:a4:c1:53:4e:fc:bf:51:eb:30:2a:a0:e3:
                    b6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B8:50:EA:ED:55:76:A5:60:A0:2F:F0:FF:FB:DE:68:88:BE:EF:3B
            X509v3 Authority Key Identifier:
                keyid:A5:90:EF:23:B4:56:C9:DB:20:D3:07:42:93:2B:01:7F:C5:72:4E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZDvI7RWydsg0wdCkysBf8VyTlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/KbhQ6u1VdqVgoC_w__veaIi-7zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3185c4-d724-435d-8277-152d204ebfa3/1/pZDvI7RWydsg0wdCkysBf8VyTlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e9:16:ba:b5:f3:e8:e3:a8:81:c6:7d:5b:ab:57:70:56:0c:
         9c:51:07:d1:ad:c6:e2:f2:45:7d:fa:7c:5f:d7:a4:51:40:42:
         3c:42:8d:ad:1a:94:ca:14:18:34:c9:1b:0a:9d:ff:c1:f9:ad:
         27:bf:b4:77:cb:0e:30:77:7b:c6:88:92:09:7e:ae:14:28:31:
         17:3e:17:94:51:8e:81:bd:94:06:06:1d:ff:2f:7f:8a:61:53:
         3e:3c:63:1f:21:5f:44:8f:c5:23:f6:91:b1:0a:af:7e:f7:49:
         1d:d1:03:27:74:8c:69:0a:07:0a:97:4b:07:ad:ce:b6:e8:30:
         89:1e:cb:7b:1b:4e:ab:ac:9b:fc:d7:20:30:0f:2c:e5:02:21:
         bd:c1:85:47:4b:2a:d9:33:42:fc:10:7b:16:d4:0e:a5:32:eb:
         54:0a:11:4d:d5:1c:34:8e:5f:b2:1f:c0:3b:78:30:53:93:f5:
         34:0a:cf:98:1e:56:e4:a6:3f:95:27:e5:a0:27:46:ab:db:ae:
         ea:3e:55:52:83:c1:7b:f7:fc:4e:a0:bc:c9:c9:1f:4a:44:c3:
         cb:6a:7a:6d:21:1e:0b:ee:69:73:b7:77:99:fa:88:95:85:01:
         a1:39:ff:7a:ae:1e:f3:40:06:20:b8:19:e4:2d:d0:ce:e3:8a:
         e3:0a:0f:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xrTqiuKA5NaxPTn1nIEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OTBlZjIzYjQ1NmM5ZGIyMGQzMDc0MjkzMmIwMTdmYzU3
MjRlNTYwHhcNMjYwMTAxMDQxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI4NTBlYWVkNTU3NmE1NjBhMDJmZjBmZmZiZGU2ODg4YmVlZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxOZ2ssxlCBWrAjkCq18B/eoJeQo
GcdoASnH07SRAauSODLjgkm3Bs1CjjUwBU7u9HZAy+NVvrS/EEMWesG56Lz4I5vV
9AuhVeMGOFPZFDCO9medcezmub3IahlG7XGpm3z7Nu18jAgJIIozKGs27evhEzTP
dFTToIK7LHF8enjfaK6eXfY22Gfi53MATjzDpxPKuXGAhImaT1O4REGeOBInNWp7
0+7gHBlod9Lc6TfjCYfGWXcnhLQXPE0+HXcspW5oX0Z3sEK5ToIZU1mGaFBmR1xL
JtWwb6KKW2DkuzNWJCIj+Pk9rZOLSNoHavXXxVCkwVNO/L9R6zAqoOO2pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm4UOrtVXalYKAv8P/73miIvu87MB8GA1UdIwQY
MBaAFKWQ7yO0VsnbINMHQpMrAX/Fck5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFpEdkk3Uld5ZHNnMHdkQ2t5c0JmOFZ5VGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zMTg1YzQtZDcyNC00MzVkLTgyNzct
MTUyZDIwNGViZmEzLzEvS2JoUTZ1MVZkcVZnb0Nfd19fdmVhSWktN3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zMTg1YzQtZDcyNC00MzVkLTgyNzctMTUyZDIwNGViZmEz
LzEvcFpEdkk3Uld5ZHNnMHdkQ2t5c0JmOFZ5VGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjLMA0G
CSqGSIb3DQEBCwUAA4IBAQAD6Ra6tfPo46iBxn1bq1dwVgycUQfRrcbi8kV9+nxf
16RRQEI8Qo2tGpTKFBg0yRsKnf/B+a0nv7R3yw4wd3vGiJIJfq4UKDEXPheUUY6B
vZQGBh3/L3+KYVM+PGMfIV9Ej8Uj9pGxCq9+90kd0QMndIxpCgcKl0sHrc626DCJ
Hst7G06rrJv81yAwDyzlAiG9wYVHSyrZM0L8EHsW1A6lMutUChFN1Rw0jl+yH8A7
eDBTk/U0Cs+YHlbkpj+VJ+WgJ0ar267qPlVSg8F79/xOoLzJyR9KRMPLanptIR4L
7mlzt3eZ+oiVhQGhOf96rh7zQAYguBnkLdDO44rjCg8Y
-----END CERTIFICATE-----