This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/KSqwo9S6GeFD2Ql4Sfck8r97txM.roa
File:                     KSqwo9S6GeFD2Ql4Sfck8r97txM.roa (raw, json)
Hash identifier:          3pucYZVIvYlLfAtBYm6XXIdeR53B8iQcCe0JSNaoycQ=
Subject key identifier:   29:2A:B0:A3:D4:BA:19:E1:43:D9:09:78:49:F7:24:F2:BF:7B:B7:13
Certificate issuer:       /CN=adee89c13d6de73a894404bf7eaf9ee5e40dea33
Certificate serial:       019B77C6DF305FF7743BAFABF6090A3B16EF
Authority key identifier: AD:EE:89:C1:3D:6D:E7:3A:89:44:04:BF:7E:AF:9E:E5:E4:0D:EA:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/KSqwo9S6GeFD2Ql4Sfck8r97txM.roa
Signing time:             Thu 01 Jan 2026 04:18:00 +0000
ROA not before:           Thu 01 Jan 2026 04:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200254
IP address blocks:        45.131.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:df:30:5f:f7:74:3b:af:ab:f6:09:0a:3b:16:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adee89c13d6de73a894404bf7eaf9ee5e40dea33
        Validity
            Not Before: Jan  1 04:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=292ab0a3d4ba19e143d9097849f724f2bf7bb713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c1:9d:52:0f:a3:04:5f:de:f9:b0:f2:81:36:
                    27:c8:c4:00:20:c8:52:84:cc:3f:f6:d2:d5:97:a9:
                    3c:54:5c:ed:e2:fa:7f:ac:66:3c:40:ed:81:63:6e:
                    ca:ff:32:e7:19:f1:ec:5c:99:17:db:ad:06:81:48:
                    91:a8:77:1d:53:8e:f6:82:0d:53:8c:c8:72:bb:82:
                    e5:8e:a9:48:57:06:ae:06:ba:7a:4a:7e:c0:e8:85:
                    8a:bb:64:d7:3f:16:64:16:3c:ef:84:7e:89:44:2a:
                    2c:1a:ef:74:74:a8:64:54:6c:df:6a:74:4f:f1:74:
                    42:1b:99:c1:ca:73:15:1d:04:b4:71:bb:24:ab:97:
                    e4:71:2d:4d:8a:d9:44:c3:11:61:4a:1d:db:b8:7a:
                    d2:13:27:10:d7:33:70:0b:89:02:14:38:82:31:31:
                    d5:c3:fe:67:19:57:be:ba:91:fd:e3:80:3a:86:15:
                    bc:eb:ed:5d:fe:d3:72:08:d9:1f:75:b5:fc:68:bf:
                    e1:a1:c2:45:92:91:13:ce:2f:83:6f:36:1d:a7:cd:
                    b9:e3:4e:1c:4e:be:9a:56:8e:6a:d7:51:f5:a1:a9:
                    54:e8:10:61:6f:f9:66:44:1e:2d:64:75:f8:af:a3:
                    7f:a1:c0:b2:8e:4c:c1:3f:fd:14:27:ff:6a:ef:db:
                    bb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2A:B0:A3:D4:BA:19:E1:43:D9:09:78:49:F7:24:F2:BF:7B:B7:13
            X509v3 Authority Key Identifier:
                keyid:AD:EE:89:C1:3D:6D:E7:3A:89:44:04:BF:7E:AF:9E:E5:E4:0D:EA:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/KSqwo9S6GeFD2Ql4Sfck8r97txM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:3e:96:c7:d1:ad:22:d1:59:44:0e:f8:98:5c:76:76:ed:65:
         f0:1b:6e:44:e4:4e:a1:08:c5:25:81:0d:6a:37:05:a9:96:5a:
         2c:65:eb:9e:26:28:6c:d4:32:51:8c:8d:17:11:99:24:c1:4f:
         9d:e7:a7:a3:5a:9b:8e:d9:5e:48:db:96:6c:47:b7:bc:c7:dd:
         48:41:26:d5:dd:6e:da:26:8f:68:0e:4b:10:6c:84:cc:ec:a6:
         b8:fc:4f:3c:59:12:86:d5:fa:0d:ef:d7:6b:97:b8:ac:f9:4b:
         c9:79:dd:d9:5e:6c:94:e0:85:fd:ee:01:fe:83:9e:a1:d8:b2:
         3b:96:7a:4a:c9:f1:ee:02:80:68:62:33:dd:d1:76:d3:79:dc:
         23:4b:7f:8e:c8:59:72:bb:49:f8:b6:f6:e7:dd:b1:e7:3c:31:
         ec:42:d4:f5:ed:ac:86:ac:fa:ab:73:f9:4a:f1:67:f4:ea:a8:
         58:b4:75:0f:47:38:ea:dc:54:e0:42:43:41:e7:2e:e8:29:75:
         cb:a0:8a:90:5c:d7:fd:3b:9e:84:78:48:f0:56:b9:c5:c0:f6:
         b7:ca:c7:a0:dd:26:4b:eb:42:5f:4e:7d:dd:63:10:91:24:7a:
         af:3d:fb:67:bf:93:f6:e8:e5:ba:fc:78:3d:86:1e:5a:c1:a9:
         45:37:5c:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xt8wX/d0O6+r9gkKOxbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZWU4OWMxM2Q2ZGU3M2E4OTQ0MDRiZjdlYWY5ZWU1ZTQw
ZGVhMzMwHhcNMjYwMTAxMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJhYjBhM2Q0YmExOWUxNDNkOTA5Nzg0OWY3MjRmMmJmN2JiNzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08GdUg+jBF/e+bDygTYnyMQAIMhS
hMw/9tLVl6k8VFzt4vp/rGY8QO2BY27K/zLnGfHsXJkX260GgUiRqHcdU472gg1T
jMhyu4LljqlIVwauBrp6Sn7A6IWKu2TXPxZkFjzvhH6JRCosGu90dKhkVGzfanRP
8XRCG5nBynMVHQS0cbskq5fkcS1NitlEwxFhSh3buHrSEycQ1zNwC4kCFDiCMTHV
w/5nGVe+upH944A6hhW86+1d/tNyCNkfdbX8aL/hocJFkpETzi+DbzYdp825404c
Tr6aVo5q11H1oalU6BBhb/lmRB4tZHX4r6N/ocCyjkzBP/0UJ/9q79u7cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkqsKPUuhnhQ9kJeEn3JPK/e7cTMB8GA1UdIwQY
MBaAFK3uicE9bec6iUQEv36vnuXkDeozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmU2SndUMXQ1enFKUkFTX2ZxLWU1ZVFONmpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iMjlkOTYtZGE5ZS00N2EwLTlmYjEt
MTI0M2I0Njc5NWY4LzEvS1Nxd285UzZHZUZEMlFsNFNmY2s4cjk3dHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iMjlkOTYtZGE5ZS00N2EwLTlmYjEtMTI0M2I0Njc5NWY4
LzEvcmU2SndUMXQ1enFKUkFTX2ZxLWU1ZVFONmpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYMIMA0G
CSqGSIb3DQEBCwUAA4IBAQCNPpbH0a0i0VlEDviYXHZ27WXwG25E5E6hCMUlgQ1q
NwWpllosZeueJihs1DJRjI0XEZkkwU+d56ejWpuO2V5I25ZsR7e8x91IQSbV3W7a
Jo9oDksQbITM7Ka4/E88WRKG1foN79drl7is+UvJed3ZXmyU4IX97gH+g56h2LI7
lnpKyfHuAoBoYjPd0XbTedwjS3+OyFlyu0n4tvbn3bHnPDHsQtT17ayGrPqrc/lK
8Wf06qhYtHUPRzjq3FTgQkNB5y7oKXXLoIqQXNf9O56EeEjwVrnFwPa3yseg3SZL
60JfTn3dYxCRJHqvPftnv5P26OW6/Hg9hh5awalFN1wy
-----END CERTIFICATE-----