This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/KfBeDjFGvaemxsL-OXSAmp64JIU.roa
File:                     KfBeDjFGvaemxsL-OXSAmp64JIU.roa (raw, json)
Hash identifier:          +JRw6nvzUL3I5VXB7r4ITNVUkpaFJgBx0JFgyS8FrvU=
Subject key identifier:   29:F0:5E:0E:31:46:BD:A7:A6:C6:C2:FE:39:74:80:9A:9E:B8:24:85
Certificate issuer:       /CN=18f003fba37b00d5f9ce7ec84a3e0668bcd02824
Certificate serial:       019B78A362F6E110FEB22594807A3BBF2E0A
Authority key identifier: 18:F0:03:FB:A3:7B:00:D5:F9:CE:7E:C8:4A:3E:06:68:BC:D0:28:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/KfBeDjFGvaemxsL-OXSAmp64JIU.roa
Signing time:             Thu 01 Jan 2026 08:18:52 +0000
ROA not before:           Thu 01 Jan 2026 08:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48685
IP address blocks:        94.250.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:62:f6:e1:10:fe:b2:25:94:80:7a:3b:bf:2e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f003fba37b00d5f9ce7ec84a3e0668bcd02824
        Validity
            Not Before: Jan  1 08:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29f05e0e3146bda7a6c6c2fe3974809a9eb82485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ae:9d:82:59:ba:8b:9a:34:04:28:7b:e1:65:
                    c1:96:3d:ae:5f:e7:94:1c:75:9d:65:c1:02:1a:9a:
                    8f:39:3d:12:6f:55:49:08:f9:ec:53:b3:7a:f8:3d:
                    b4:8f:e5:57:ee:9f:c8:2a:09:cf:c7:4c:7a:b1:73:
                    8f:b7:0c:02:21:d1:9e:9b:05:8d:e2:1e:a3:4f:b1:
                    07:0e:2b:ea:87:b7:76:26:82:67:3d:17:0e:12:5d:
                    91:17:26:97:68:0a:1d:a6:81:4a:94:71:7f:e5:85:
                    17:75:da:d1:dc:e8:48:10:59:49:11:2f:e8:05:4b:
                    b6:7c:88:a6:22:44:8f:1e:d8:19:ef:b4:5b:3d:e7:
                    be:3a:2e:0b:d8:1c:ec:e1:24:d8:0d:dc:1f:bf:c6:
                    aa:c2:e6:c2:e3:c7:e5:90:f2:33:be:7a:53:d1:19:
                    06:89:66:b0:53:ec:22:c1:3f:34:e7:8e:69:bd:c0:
                    69:24:a3:ce:9d:8d:e0:a3:1a:84:55:5e:4f:ed:4f:
                    90:4e:c2:02:27:80:0d:e7:cd:7c:51:43:a9:46:18:
                    45:65:0b:0c:19:33:1d:e2:56:4d:64:26:2b:ab:9c:
                    ad:3e:fb:0a:5c:60:96:98:ec:e0:5c:22:9e:28:05:
                    80:25:6d:98:6c:c7:b1:20:56:78:f5:a4:07:e7:3e:
                    d3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F0:5E:0E:31:46:BD:A7:A6:C6:C2:FE:39:74:80:9A:9E:B8:24:85
            X509v3 Authority Key Identifier:
                keyid:18:F0:03:FB:A3:7B:00:D5:F9:CE:7E:C8:4A:3E:06:68:BC:D0:28:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/KfBeDjFGvaemxsL-OXSAmp64JIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d20fd2-072e-4752-afa4-0334ee1ef3ff/1/GPAD-6N7ANX5zn7ISj4GaLzQKCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.250.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:63:de:c2:b1:4a:92:78:0f:81:f6:d9:0e:f8:76:05:a5:7d:
         2f:6e:2a:4d:cb:56:1b:ce:8d:09:d9:01:a5:7d:d6:f6:87:9a:
         87:de:89:68:78:6d:ee:ff:85:0b:8d:e5:54:5c:c8:2e:61:8a:
         c3:e2:24:5c:b6:07:45:90:24:c9:db:ea:ad:a9:2a:be:a1:9b:
         92:7e:ad:32:90:13:34:c8:34:c5:eb:62:da:45:6d:5c:a6:4c:
         b6:f7:3c:ed:ab:c5:a1:2f:ef:10:64:20:b2:98:59:55:bb:51:
         81:de:74:dd:60:3c:f6:27:1f:6c:31:6b:42:3c:62:1d:17:dc:
         70:5b:e8:bb:f6:74:f5:4b:14:3e:a4:7a:80:9e:02:64:ef:68:
         83:97:1c:8e:cf:af:92:50:d9:e5:b4:ec:34:3c:2a:d1:89:84:
         00:cc:f6:e0:9c:61:b5:d9:1f:0f:03:04:06:cb:cf:b3:a9:14:
         0c:3e:6c:b0:ed:a8:23:e1:8e:aa:24:ad:9b:b9:df:ce:15:b8:
         34:a8:17:4f:b3:3c:83:a8:85:ec:47:53:b0:6b:78:12:57:d3:
         f6:bb:e1:ed:b0:ed:50:7a:8c:e9:85:e2:22:76:0e:6a:7b:f0:
         44:51:48:93:c3:bd:3e:25:79:68:16:91:52:99:61:93:cc:2a:
         60:cd:e0:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2L24RD+siWUgHo7vy4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjAwM2ZiYTM3YjAwZDVmOWNlN2VjODRhM2UwNjY4YmNk
MDI4MjQwHhcNMjYwMTAxMDgxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYwNWUwZTMxNDZiZGE3YTZjNmMyZmUzOTc0ODA5YTllYjgyNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6q6dglm6i5o0BCh74WXBlj2uX+eU
HHWdZcECGpqPOT0Sb1VJCPnsU7N6+D20j+VX7p/IKgnPx0x6sXOPtwwCIdGemwWN
4h6jT7EHDivqh7d2JoJnPRcOEl2RFyaXaAodpoFKlHF/5YUXddrR3OhIEFlJES/o
BUu2fIimIkSPHtgZ77RbPee+Oi4L2Bzs4STYDdwfv8aqwubC48flkPIzvnpT0RkG
iWawU+wiwT80545pvcBpJKPOnY3goxqEVV5P7U+QTsICJ4AN5818UUOpRhhFZQsM
GTMd4lZNZCYrq5ytPvsKXGCWmOzgXCKeKAWAJW2YbMexIFZ49aQH5z7T3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnwXg4xRr2npsbC/jl0gJqeuCSFMB8GA1UdIwQY
MBaAFBjwA/ujewDV+c5+yEo+Bmi80CgkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BBRC02TjdBTlg1em43SVNqNEdhTHpRS0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9kMjBmZDItMDcyZS00NzUyLWFmYTQt
MDMzNGVlMWVmM2ZmLzEvS2ZCZURqRkd2YWVteHNMLU9YU0FtcDY0SklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9kMjBmZDItMDcyZS00NzUyLWFmYTQtMDMzNGVlMWVmM2Zm
LzEvR1BBRC02TjdBTlg1em43SVNqNEdhTHpRS0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvr0MA0G
CSqGSIb3DQEBCwUAA4IBAQCEY97CsUqSeA+B9tkO+HYFpX0vbipNy1Ybzo0J2QGl
fdb2h5qH3oloeG3u/4ULjeVUXMguYYrD4iRctgdFkCTJ2+qtqSq+oZuSfq0ykBM0
yDTF62LaRW1cpky29zztq8WhL+8QZCCymFlVu1GB3nTdYDz2Jx9sMWtCPGIdF9xw
W+i79nT1SxQ+pHqAngJk72iDlxyOz6+SUNnltOw0PCrRiYQAzPbgnGG12R8PAwQG
y8+zqRQMPmyw7agj4Y6qJK2bud/OFbg0qBdPszyDqIXsR1Owa3gSV9P2u+HtsO1Q
eozpheIidg5qe/BEUUiTw70+JXloFpFSmWGTzCpgzeBQ
-----END CERTIFICATE-----