This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/kmh_Ra1IgfFWjLP7TM3jmp_Cn3w.roa
File:                     kmh_Ra1IgfFWjLP7TM3jmp_Cn3w.roa (raw, json)
Hash identifier:          QHu8yh0Y3kXquJoPEQjGqt3qu3+kAFvXU8lxglUm7PM=
Subject key identifier:   92:68:7F:45:AD:48:81:F1:56:8C:B3:FB:4C:CD:E3:9A:9F:C2:9F:7C
Certificate issuer:       /CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
Certificate serial:       019B7B36E53BCE0177A19E5BF07CD6458190
Authority key identifier: 4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/kmh_Ra1IgfFWjLP7TM3jmp_Cn3w.roa
Signing time:             Thu 01 Jan 2026 20:19:13 +0000
ROA not before:           Thu 01 Jan 2026 20:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48924
IP address blocks:        2a07:ddc0:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:e5:3b:ce:01:77:a1:9e:5b:f0:7c:d6:45:81:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
        Validity
            Not Before: Jan  1 20:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92687f45ad4881f1568cb3fb4ccde39a9fc29f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:75:45:c8:67:4f:c6:2e:21:3a:29:4f:0e:b7:
                    c2:c6:60:63:18:06:78:1b:de:a5:68:ea:54:6c:db:
                    39:9f:c8:a6:21:89:c8:26:01:45:64:10:7e:67:9a:
                    ba:8d:9c:bc:e2:da:f5:a8:ba:26:7b:4d:dd:29:7b:
                    51:f4:d7:e8:2b:c1:22:f2:7d:ee:54:64:7f:6c:4f:
                    58:d9:27:f7:41:26:8a:ea:86:7b:94:f8:0b:c4:00:
                    ed:f4:90:1a:f1:83:46:0f:60:e1:e5:1a:9f:22:9f:
                    04:3f:76:93:1a:f3:21:84:57:12:ea:0c:66:69:9d:
                    7b:1b:41:59:df:73:85:6e:b0:75:d9:52:c9:d0:d4:
                    c7:7e:c3:19:3f:4d:d4:08:0a:24:9c:af:b9:59:60:
                    40:27:9b:12:83:ef:85:00:0f:f4:be:30:b0:31:35:
                    13:81:92:2f:94:f8:ec:51:dc:43:3c:8b:69:c8:a9:
                    42:37:31:3c:bc:2b:a3:38:e9:88:64:8e:4b:5c:ad:
                    4a:1a:5c:d4:35:15:d5:b9:84:75:9b:3f:2c:56:01:
                    c1:8b:f6:24:da:a6:86:30:3b:34:29:7f:32:81:a2:
                    88:a3:9b:33:b2:97:7c:43:f0:51:a4:92:47:05:32:
                    9e:97:70:50:34:45:8c:43:b3:f7:6b:eb:27:38:a6:
                    cd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:68:7F:45:AD:48:81:F1:56:8C:B3:FB:4C:CD:E3:9A:9F:C2:9F:7C
            X509v3 Authority Key Identifier:
                keyid:4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/kmh_Ra1IgfFWjLP7TM3jmp_Cn3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ddc0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:10:5e:ae:ce:10:0f:a9:4d:b9:28:1b:81:3e:b4:ef:44:b3:
         38:bf:93:85:91:43:ea:da:7f:84:d0:70:97:8c:9f:24:c0:20:
         a0:11:2f:61:1b:29:04:99:89:33:2f:af:4e:cd:6e:81:16:6e:
         09:25:52:bb:fb:c6:58:23:8d:23:81:39:ae:65:d3:8f:a0:d3:
         11:0a:81:12:08:9c:52:a5:2d:73:f3:2b:77:0d:a9:64:e7:d2:
         5b:b1:55:4d:65:79:fe:f0:15:d5:cb:71:26:f9:e7:8f:7d:b9:
         12:78:63:58:6d:f6:5c:62:24:1e:9f:9c:e0:d4:d8:f0:5e:e6:
         31:cc:7c:03:85:fa:20:ab:5e:90:2c:26:86:20:a4:db:58:08:
         9b:79:ec:f4:1f:4c:99:6d:4c:ec:62:97:1f:3b:96:c0:8c:4d:
         37:f2:03:4d:20:e6:3a:a3:c0:8c:30:6a:5f:ec:bc:96:62:27:
         77:e3:86:cd:1d:d3:1a:2d:da:50:77:6a:08:04:63:61:ad:1e:
         b3:e6:56:5d:8b:22:b0:79:50:fd:27:31:b1:62:8e:f9:79:89:
         03:24:ab:57:dc:89:e0:48:9d:37:3a:93:c1:48:90:c8:a9:6f:
         6f:7b:cd:f2:18:46:55:e2:5a:69:e5:8f:20:63:4a:5b:7a:b6:
         e4:21:96:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7NuU7zgF3oZ5b8HzWRYGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Q3NWE1MTA5ZTJjMTA2ZTExOTNkNTdlZTJiOTk5ZmVj
MjdmZTAwHhcNMjYwMTAxMjAxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY4N2Y0NWFkNDg4MWYxNTY4Y2IzZmI0Y2NkZTM5YTlmYzI5ZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHVFyGdPxi4hOilPDrfCxmBjGAZ4
G96laOpUbNs5n8imIYnIJgFFZBB+Z5q6jZy84tr1qLome03dKXtR9NfoK8Ei8n3u
VGR/bE9Y2Sf3QSaK6oZ7lPgLxADt9JAa8YNGD2Dh5RqfIp8EP3aTGvMhhFcS6gxm
aZ17G0FZ33OFbrB12VLJ0NTHfsMZP03UCAoknK+5WWBAJ5sSg++FAA/0vjCwMTUT
gZIvlPjsUdxDPItpyKlCNzE8vCujOOmIZI5LXK1KGlzUNRXVuYR1mz8sVgHBi/Yk
2qaGMDs0KX8ygaKIo5szspd8Q/BRpJJHBTKel3BQNEWMQ7P3a+snOKbNTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJJof0WtSIHxVoyz+0zN45qfwp98MB8GA1UdIwQY
MBaAFE7NdaUQniwQbhGT1X7iuZn+wn/gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYt
NDA3MjU1N2M0N2ZhLzEva21oX1JhMUlnZkZXakxQN1RNM2ptcF9DbjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYtNDA3MjU1N2M0N2Zh
LzEvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfdwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQCNEF6uzhAPqU25KBuBPrTvRLM4v5OFkUPq2n+E
0HCXjJ8kwCCgES9hGykEmYkzL69OzW6BFm4JJVK7+8ZYI40jgTmuZdOPoNMRCoES
CJxSpS1z8yt3Dalk59JbsVVNZXn+8BXVy3Em+eePfbkSeGNYbfZcYiQen5zg1Njw
XuYxzHwDhfogq16QLCaGIKTbWAibeez0H0yZbUzsYpcfO5bAjE038gNNIOY6o8CM
MGpf7LyWYid344bNHdMaLdpQd2oIBGNhrR6z5lZdiyKweVD9JzGxYo75eYkDJKtX
3IngSJ03OpPBSJDIqW9ve83yGEZV4lpp5Y8gY0pberbkIZaB
-----END CERTIFICATE-----