This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/kWTQcrgSZmOTsMHh7K_EG0H2IuE.roa
File:                     kWTQcrgSZmOTsMHh7K_EG0H2IuE.roa (raw, json)
Hash identifier:          Hf4S7R+wJUfntE+MhCot7Q15rmGM0xxlIUdL/asz+MU=
Subject key identifier:   91:64:D0:72:B8:12:66:63:93:B0:C1:E1:EC:AF:C4:1B:41:F6:22:E1
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       019B7DCB115C7E2B6AC1ED68DFD869F6644D
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/kWTQcrgSZmOTsMHh7K_EG0H2IuE.roa
Signing time:             Fri 02 Jan 2026 08:20:18 +0000
ROA not before:           Fri 02 Jan 2026 08:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44547
IP address blocks:        80.208.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:11:5c:7e:2b:6a:c1:ed:68:df:d8:69:f6:64:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jan  2 08:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9164d072b812666393b0c1e1ecafc41b41f622e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f4:77:b0:03:47:08:ba:48:8e:96:09:72:74:
                    d8:bb:aa:58:95:04:d2:ca:a1:54:ec:a5:12:5c:2e:
                    b9:6c:e4:48:4c:1c:a1:96:da:cc:16:f5:7b:09:40:
                    28:6d:9e:28:c9:c2:72:d4:b6:8a:d0:cc:bf:84:82:
                    dd:37:e5:c2:36:1a:74:4c:a7:8d:a4:ba:a6:b1:60:
                    28:6c:ad:82:2e:03:09:f6:51:c7:8c:5e:34:60:6d:
                    84:d8:d3:c7:75:89:6c:9d:9e:bc:b6:f0:ee:3c:07:
                    81:10:98:49:7c:15:01:84:12:88:59:26:6c:4b:66:
                    04:a2:78:ee:df:a3:1b:b6:53:33:fd:6b:32:ca:05:
                    6a:5d:27:c0:eb:98:7b:18:cb:9a:83:63:ea:b0:dc:
                    3b:47:cf:57:05:c6:e5:46:c9:6e:00:81:b2:d9:87:
                    f2:43:cd:df:07:0b:38:59:bb:8e:42:9f:6f:3b:da:
                    a9:8a:3f:0b:22:10:ef:f5:ab:23:48:9f:18:75:8d:
                    fd:e0:13:c7:de:e1:1f:61:40:2b:f4:07:0a:e7:27:
                    7b:8b:43:84:b0:90:91:f3:90:a6:82:2f:19:e3:f1:
                    42:b1:49:34:15:6c:6c:fb:d1:87:ff:ce:10:1f:77:
                    8e:06:26:f2:f5:fc:58:6c:13:af:e6:53:f7:3f:5e:
                    28:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:64:D0:72:B8:12:66:63:93:B0:C1:E1:EC:AF:C4:1B:41:F6:22:E1
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/kWTQcrgSZmOTsMHh7K_EG0H2IuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:44:8f:b0:ce:0f:3b:a3:db:34:92:00:39:6a:0e:8c:03:e6:
         74:ff:1c:11:23:89:4a:05:56:06:a8:4d:55:a1:ef:de:eb:25:
         e2:91:e6:30:63:d3:5d:6a:35:a0:85:46:dc:71:c5:98:22:98:
         d5:1c:5c:16:5a:ef:e5:07:07:68:7a:2d:9f:ab:d9:ff:32:54:
         e4:c4:db:8c:22:7e:c0:71:96:4c:61:e5:2d:57:2b:b0:b4:bc:
         fa:82:15:0c:34:ba:28:70:9a:f2:69:3b:45:ce:81:61:59:3f:
         48:1d:17:d8:a1:6c:c7:d7:08:92:75:29:ea:3b:56:83:0d:10:
         a2:88:bb:a9:19:04:4b:e5:78:a0:4d:a1:e0:82:d5:48:9d:23:
         e4:e8:27:4e:0a:8f:42:ce:00:80:69:9a:f3:ea:69:26:91:9d:
         34:30:0d:63:4e:3e:c2:e7:fa:23:b2:03:3c:7b:37:a8:eb:e0:
         c2:60:7a:07:f8:78:e5:f4:62:24:45:95:7c:81:d9:7d:93:31:
         77:14:8c:c1:84:ff:ea:4a:91:cf:f6:84:ac:34:8b:7d:a4:cb:
         e5:0c:c7:40:16:17:37:af:55:d4:45:95:4f:92:1d:b3:7a:e8:
         57:af:3e:a2:b3:ac:67:2f:1d:d8:60:72:91:86:a1:ee:59:8d:
         a8:b6:54:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yxFcfitqwe1o39hp9mRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjYwMTAyMDgyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTY0ZDA3MmI4MTI2NjYzOTNiMGMxZTFlY2FmYzQxYjQxZjYyMmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvR3sANHCLpIjpYJcnTYu6pYlQTS
yqFU7KUSXC65bORITByhltrMFvV7CUAobZ4oycJy1LaK0My/hILdN+XCNhp0TKeN
pLqmsWAobK2CLgMJ9lHHjF40YG2E2NPHdYlsnZ68tvDuPAeBEJhJfBUBhBKIWSZs
S2YEonju36MbtlMz/WsyygVqXSfA65h7GMuag2PqsNw7R89XBcblRsluAIGy2Yfy
Q83fBws4WbuOQp9vO9qpij8LIhDv9asjSJ8YdY394BPH3uEfYUAr9AcK5yd7i0OE
sJCR85Cmgi8Z4/FCsUk0FWxs+9GH/84QH3eOBiby9fxYbBOv5lP3P14oeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFk0HK4EmZjk7DB4eyvxBtB9iLhMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEva1dUUWNyZ1NabU9Uc01IaDdLX0VHMEgySXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUNDdMA0G
CSqGSIb3DQEBCwUAA4IBAQBgRI+wzg87o9s0kgA5ag6MA+Z0/xwRI4lKBVYGqE1V
oe/e6yXikeYwY9NdajWghUbcccWYIpjVHFwWWu/lBwdoei2fq9n/MlTkxNuMIn7A
cZZMYeUtVyuwtLz6ghUMNLoocJryaTtFzoFhWT9IHRfYoWzH1wiSdSnqO1aDDRCi
iLupGQRL5XigTaHggtVInSPk6CdOCo9CzgCAaZrz6mkmkZ00MA1jTj7C5/ojsgM8
ezeo6+DCYHoH+Hjl9GIkRZV8gdl9kzF3FIzBhP/qSpHP9oSsNIt9pMvlDMdAFhc3
r1XURZVPkh2zeuhXrz6is6xnLx3YYHKRhqHuWY2otlQv
-----END CERTIFICATE-----