This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/KelGy5FqE-jDU-pEPXMpLcf7VOM.roa
File:                     KelGy5FqE-jDU-pEPXMpLcf7VOM.roa (raw, json)
Hash identifier:          NXCD8cFHqcP6cTa5T44AKZobSHdu2jZzVhofvoBvDgo=
Subject key identifier:   29:E9:46:CB:91:6A:13:E8:C3:53:EA:44:3D:73:29:2D:C7:FB:54:E3
Certificate issuer:       /CN=e08aadc069555a1abe031fd0a028069c8fb89b2b
Certificate serial:       019B7CECD052B0CE28A6D0B1B600DE3CCCB1
Authority key identifier: E0:8A:AD:C0:69:55:5A:1A:BE:03:1F:D0:A0:28:06:9C:8F:B8:9B:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4IqtwGlVWhq-Ax_QoCgGnI-4mys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/KelGy5FqE-jDU-pEPXMpLcf7VOM.roa
Signing time:             Fri 02 Jan 2026 04:17:33 +0000
ROA not before:           Fri 02 Jan 2026 04:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.46.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/4IqtwGlVWhq-Ax_QoCgGnI-4mys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/4IqtwGlVWhq-Ax_QoCgGnI-4mys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4IqtwGlVWhq-Ax_QoCgGnI-4mys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:d0:52:b0:ce:28:a6:d0:b1:b6:00:de:3c:cc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e08aadc069555a1abe031fd0a028069c8fb89b2b
        Validity
            Not Before: Jan  2 04:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29e946cb916a13e8c353ea443d73292dc7fb54e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9d:52:bd:73:58:b7:72:42:6d:8a:9f:e1:1e:
                    40:10:d1:97:2a:5e:92:41:3b:36:2d:98:70:7b:83:
                    12:6e:93:ff:27:ac:61:27:f1:85:a6:6a:bc:91:8c:
                    c5:ac:21:f4:c4:ef:99:bb:3d:be:30:5e:df:14:c0:
                    93:ab:cc:bd:80:87:7b:35:15:5b:87:f7:e6:a3:18:
                    03:69:c2:b4:9a:88:89:9a:36:cb:fc:ea:95:38:74:
                    8c:72:e0:a6:a5:7e:c3:12:82:35:a3:fa:ac:48:38:
                    ee:55:55:4c:2b:7b:cb:1a:9a:ec:ea:38:8b:97:29:
                    56:f9:18:a2:31:d6:cf:b3:fb:9e:f9:8e:6c:4b:ff:
                    84:f1:50:0d:30:20:95:ab:a9:5a:53:49:6c:f7:fe:
                    9b:5a:e0:54:cd:24:75:15:4e:bb:4a:a1:b1:d3:c4:
                    6d:40:48:68:5d:d6:41:dc:aa:1d:ec:14:50:f9:2f:
                    28:64:fa:aa:8f:89:36:5d:07:81:9b:d2:78:26:01:
                    27:31:9f:00:53:09:e2:7e:ef:55:83:24:17:1e:f8:
                    d8:00:3c:81:c6:bd:af:a7:be:ea:17:9b:c2:a4:c9:
                    56:a6:5d:40:6c:28:ac:1a:ee:58:fe:4f:24:4b:62:
                    97:0e:4e:29:4a:46:68:fc:2f:8e:37:92:69:31:9b:
                    df:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E9:46:CB:91:6A:13:E8:C3:53:EA:44:3D:73:29:2D:C7:FB:54:E3
            X509v3 Authority Key Identifier:
                keyid:E0:8A:AD:C0:69:55:5A:1A:BE:03:1F:D0:A0:28:06:9C:8F:B8:9B:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4IqtwGlVWhq-Ax_QoCgGnI-4mys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/KelGy5FqE-jDU-pEPXMpLcf7VOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/852221-d616-4e12-8fa4-9a72d9903eb8/1/4IqtwGlVWhq-Ax_QoCgGnI-4mys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.46.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         77:85:e5:f1:db:2f:ec:68:9b:6a:eb:c8:78:b8:8e:12:a7:86:
         df:e6:a0:b0:e4:9a:f3:bb:6e:e7:8d:f5:df:4f:84:48:21:bc:
         a6:39:6d:99:f0:53:dc:f3:14:59:45:00:c8:4b:6a:51:29:01:
         86:42:0c:fb:13:eb:88:49:8c:60:89:d2:9f:6f:34:28:f6:cc:
         b3:47:e7:0b:15:6e:01:00:bd:be:26:b1:17:e9:85:7b:39:3d:
         ad:77:8f:a6:64:a1:c9:17:02:c4:57:5b:ee:29:85:1c:bb:e8:
         0b:cf:14:57:f4:c6:f7:69:7d:e4:12:a5:41:ef:22:dc:d6:c4:
         88:bc:ee:7e:95:e8:0b:1d:f2:fc:52:3c:1f:64:0d:b1:a0:8e:
         f2:7f:24:8b:a7:0b:ff:84:bc:84:95:92:9f:4c:73:dd:27:29:
         7e:d2:06:a9:8c:93:fe:84:c5:d7:5b:c9:02:40:16:f9:3c:cd:
         58:50:63:36:b0:b7:1d:a9:28:e1:5f:98:d0:b3:a3:9a:c0:44:
         a1:e6:9d:96:b3:f4:70:c6:73:1b:95:49:d4:ac:3b:52:a3:76:
         2b:81:93:5b:4a:6d:bd:9c:75:ec:50:95:f1:64:74:1c:20:23:
         ec:5f:ed:ac:7f:45:a2:2c:71:e2:98:ee:07:a0:61:af:e6:a4:
         fd:ed:9b:57
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt87NBSsM4optCxtgDePMyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwOGFhZGMwNjk1NTVhMWFiZTAzMWZkMGEwMjgwNjljOGZi
ODliMmIwHhcNMjYwMTAyMDQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWU5NDZjYjkxNmExM2U4YzM1M2VhNDQzZDczMjkyZGM3ZmI1NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2J1SvXNYt3JCbYqf4R5AENGXKl6S
QTs2LZhwe4MSbpP/J6xhJ/GFpmq8kYzFrCH0xO+Zuz2+MF7fFMCTq8y9gId7NRVb
h/fmoxgDacK0moiJmjbL/OqVOHSMcuCmpX7DEoI1o/qsSDjuVVVMK3vLGprs6jiL
lylW+RiiMdbPs/ue+Y5sS/+E8VANMCCVq6laU0ls9/6bWuBUzSR1FU67SqGx08Rt
QEhoXdZB3Kod7BRQ+S8oZPqqj4k2XQeBm9J4JgEnMZ8AUwnifu9VgyQXHvjYADyB
xr2vp77qF5vCpMlWpl1AbCisGu5Y/k8kS2KXDk4pSkZo/C+ON5JpMZvfAQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCnpRsuRahPow1PqRD1zKS3H+1TjMB8GA1UdIwQY
MBaAFOCKrcBpVVoavgMf0KAoBpyPuJsrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNElxdHdHbFZXaHEtQXhfUW9DZ0duSS00bXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny84NTIyMjEtZDYxNi00ZTEyLThmYTQt
OWE3MmQ5OTAzZWI4LzEvS2VsR3k1RnFFLWpEVS1wRVBYTXBMY2Y3Vk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny84NTIyMjEtZDYxNi00ZTEyLThmYTQtOWE3MmQ5OTAzZWI4
LzEvNElxdHdHbFZXaHEtQXhfUW9DZ0duSS00bXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjS4wDQYJ
KoZIhvcNAQELBQADggEBAHeF5fHbL+xom2rryHi4jhKnht/moLDkmvO7bueN9d9P
hEghvKY5bZnwU9zzFFlFAMhLalEpAYZCDPsT64hJjGCJ0p9vNCj2zLNH5wsVbgEA
vb4msRfphXs5Pa13j6ZkockXAsRXW+4phRy76AvPFFf0xvdpfeQSpUHvItzWxIi8
7n6V6Asd8vxSPB9kDbGgjvJ/JIunC/+EvISVkp9Mc90nKX7SBqmMk/6ExddbyQJA
Fvk8zVhQYzawtx2pKOFfmNCzo5rARKHmnZaz9HDGcxuVSdSsO1KjdiuBk1tKbb2c
dexQlfFkdBwgI+xf7ax/RaIsceKY7gegYa/mpP3tm1c=
-----END CERTIFICATE-----