This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/KGmYiJ-zlEnNNzdDNarfgYgM-gQ.roa
File:                     KGmYiJ-zlEnNNzdDNarfgYgM-gQ.roa (raw, json)
Hash identifier:          5CrXncwOr6GSoYA5NiBxQGFFbAQMg120/goPf2+wIKE=
Subject key identifier:   28:69:98:88:9F:B3:94:49:CD:37:37:43:35:AA:DF:81:88:0C:FA:04
Certificate issuer:       /CN=201fe6981ebcbc923c8e49f48452441d080e66f0
Certificate serial:       019B79ECE585DE00F9691CDC611BCF924D80
Authority key identifier: 20:1F:E6:98:1E:BC:BC:92:3C:8E:49:F4:84:52:44:1D:08:0E:66:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/KGmYiJ-zlEnNNzdDNarfgYgM-gQ.roa
Signing time:             Thu 01 Jan 2026 14:18:46 +0000
ROA not before:           Thu 01 Jan 2026 14:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197796
IP address blocks:        91.227.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:e5:85:de:00:f9:69:1c:dc:61:1b:cf:92:4d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe6981ebcbc923c8e49f48452441d080e66f0
        Validity
            Not Before: Jan  1 14:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=286998889fb39449cd37374335aadf81880cfa04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2b:99:19:c6:8e:f7:0f:64:22:3e:1e:45:95:
                    92:0e:65:29:d0:77:a0:88:99:92:ff:23:33:0b:e0:
                    14:5c:b1:e4:ea:af:b4:28:07:cd:a8:0d:21:8f:df:
                    2a:a6:83:73:6f:b1:75:92:28:75:b4:98:b1:d9:7c:
                    98:7b:aa:8f:63:04:cc:17:ea:0f:03:8b:b4:59:d8:
                    7c:9b:71:50:17:4d:d2:ba:44:8f:8f:7e:77:bd:a8:
                    0a:c6:80:ae:c5:b2:6d:e6:c1:14:cb:8a:b1:5f:81:
                    1e:aa:cb:17:7b:40:44:c7:01:da:62:f6:79:7a:fd:
                    8b:e4:9f:db:03:73:55:ef:b2:6e:e6:3d:ac:30:6b:
                    0e:70:5e:87:8e:e9:c3:fa:53:18:fb:96:5d:7c:b1:
                    05:55:32:ea:36:43:3f:00:e8:d8:88:a6:4a:44:5b:
                    a2:1b:f7:68:d6:58:35:60:3c:01:07:22:d2:6b:2d:
                    0a:0c:a2:f9:f3:4d:5f:0c:ad:dd:99:61:6e:59:35:
                    dd:77:6d:af:e7:c6:ae:b7:9c:87:24:c3:51:1a:d5:
                    56:c5:e0:d9:96:f7:cc:54:d7:25:a5:43:b5:fc:7c:
                    dc:ee:35:03:37:eb:9e:ec:0c:c2:63:bc:9b:f1:f0:
                    78:03:44:f7:65:cb:bc:a9:2b:50:1a:6a:45:11:d3:
                    fe:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:69:98:88:9F:B3:94:49:CD:37:37:43:35:AA:DF:81:88:0C:FA:04
            X509v3 Authority Key Identifier:
                keyid:20:1F:E6:98:1E:BC:BC:92:3C:8E:49:F4:84:52:44:1D:08:0E:66:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/KGmYiJ-zlEnNNzdDNarfgYgM-gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:ca:e2:38:33:44:ca:a8:0a:62:71:e6:35:3b:bb:d0:43:74:
         9a:05:7d:fb:7f:63:b2:06:27:6f:83:3a:31:69:c0:ac:1e:76:
         29:64:a3:82:0e:df:4c:d9:cb:b2:9c:a8:81:9e:24:08:1e:ab:
         84:c4:a3:91:31:2f:54:3a:4f:1b:ac:a4:d1:eb:47:9e:df:8e:
         23:96:26:d2:3f:62:73:00:c3:a5:a7:1f:6f:13:ab:8b:1f:23:
         66:e4:39:eb:10:7e:74:bc:53:83:85:53:03:f4:5f:d3:9e:04:
         24:83:73:84:6a:37:15:44:ac:38:79:21:0e:35:56:6e:14:2c:
         37:b0:c1:11:60:7d:ad:8f:97:d4:79:5a:ef:25:4e:6a:fb:f9:
         bb:9e:54:17:fa:90:e5:ff:e0:50:00:e0:04:65:04:9c:b3:b4:
         e4:7b:a8:92:b6:ec:58:23:96:be:de:98:80:3e:71:01:2b:69:
         09:83:31:5e:10:45:e3:94:a5:d6:ac:fe:bc:9f:9f:09:08:fd:
         51:7c:f3:ba:a6:d6:b0:63:c8:3c:05:59:04:3c:a2:7a:18:79:
         76:87:36:b7:e1:f8:2c:c0:fd:83:a1:e2:e1:87:82:26:79:25:
         6c:4a:aa:af:3d:db:f0:9a:ff:1c:33:e0:a8:d1:63:53:e6:b5:
         d8:d5:93:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57OWF3gD5aRzcYRvPkk2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlNjk4MWViY2JjOTIzYzhlNDlmNDg0NTI0NDFkMDgw
ZTY2ZjAwHhcNMjYwMTAxMTQxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODY5OTg4ODlmYjM5NDQ5Y2QzNzM3NDMzNWFhZGY4MTg4MGNmYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCuZGcaO9w9kIj4eRZWSDmUp0Heg
iJmS/yMzC+AUXLHk6q+0KAfNqA0hj98qpoNzb7F1kih1tJix2XyYe6qPYwTMF+oP
A4u0Wdh8m3FQF03SukSPj353vagKxoCuxbJt5sEUy4qxX4EeqssXe0BExwHaYvZ5
ev2L5J/bA3NV77Ju5j2sMGsOcF6HjunD+lMY+5ZdfLEFVTLqNkM/AOjYiKZKRFui
G/do1lg1YDwBByLSay0KDKL5801fDK3dmWFuWTXdd22v58aut5yHJMNRGtVWxeDZ
lvfMVNclpUO1/Hzc7jUDN+ue7AzCY7yb8fB4A0T3Zcu8qStQGmpFEdP+YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChpmIifs5RJzTc3QzWq34GIDPoEMB8GA1UdIwQY
MBaAFCAf5pgevLySPI5J9IRSRB0IDmbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfbW1CNjh2Skk4amtuMGhGSkVIUWdPWnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80NGIyYjItYjQ1YS00MDUzLWJlMjkt
MjcyNGY5MmJkNTZlLzEvS0dtWWlKLXpsRW5OTnpkRE5hcmZnWWdNLWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80NGIyYjItYjQ1YS00MDUzLWJlMjktMjcyNGY5MmJkNTZl
LzEvSUJfbW1CNjh2Skk4amtuMGhGSkVIUWdPWnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MrMA0G
CSqGSIb3DQEBCwUAA4IBAQB9yuI4M0TKqApiceY1O7vQQ3SaBX37f2OyBidvgzox
acCsHnYpZKOCDt9M2cuynKiBniQIHquExKORMS9UOk8brKTR60ee344jlibSP2Jz
AMOlpx9vE6uLHyNm5DnrEH50vFODhVMD9F/TngQkg3OEajcVRKw4eSEONVZuFCw3
sMERYH2tj5fUeVrvJU5q+/m7nlQX+pDl/+BQAOAEZQScs7Tke6iStuxYI5a+3piA
PnEBK2kJgzFeEEXjlKXWrP68n58JCP1RfPO6ptawY8g8BVkEPKJ6GHl2hza34fgs
wP2DoeLhh4ImeSVsSqqvPdvwmv8cM+Co0WNT5rXY1ZNQ
-----END CERTIFICATE-----