This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/KZ246ZM4TpkjNlW1jH1Gvd_aRck.roa
File:                     KZ246ZM4TpkjNlW1jH1Gvd_aRck.roa (raw, json)
Hash identifier:          SCVY46sknkNKtjEqJN+rf89SIN9wT9b6kM3hOwgGZpU=
Subject key identifier:   29:9D:B8:E9:93:38:4E:99:23:36:55:B5:8C:7D:46:BD:DF:DA:45:C9
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019B7BA54DC9536CAC59FBDA78F93D447399
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/KZ246ZM4TpkjNlW1jH1Gvd_aRck.roa
Signing time:             Thu 01 Jan 2026 22:19:49 +0000
ROA not before:           Thu 01 Jan 2026 22:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44103
IP address blocks:        45.139.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:4d:c9:53:6c:ac:59:fb:da:78:f9:3d:44:73:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  1 22:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=299db8e993384e99233655b58c7d46bddfda45c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:41:43:a9:53:53:11:f2:cc:1c:4a:3f:3e:0f:
                    a1:27:d7:93:f3:23:8f:eb:a7:e3:ab:9d:ee:94:56:
                    bc:3b:94:c0:a0:7f:ef:4a:23:fe:7a:b5:6c:08:76:
                    d1:77:c2:23:e2:08:44:27:cb:cd:e1:44:84:78:d0:
                    62:1a:d5:9f:a8:30:01:7a:40:c3:87:fb:c3:25:07:
                    fb:d2:f8:0d:c4:b5:08:c7:88:28:02:ab:49:82:59:
                    88:82:d9:7a:34:0a:47:8e:93:a3:6b:32:16:e7:93:
                    ab:c1:55:72:83:9b:c4:7f:72:b4:1e:3a:2e:c2:45:
                    a8:11:21:34:c2:a9:15:dc:2c:b4:f3:9a:cd:b2:e7:
                    1d:cd:ec:5f:3e:22:03:e0:3b:37:13:ed:74:50:70:
                    ed:e8:69:8e:b6:27:88:9f:98:85:ca:64:ee:76:78:
                    6c:ff:02:24:79:92:a0:cd:85:d1:f3:71:71:b0:bd:
                    ef:7e:41:76:2f:d6:98:49:7a:8e:73:9e:44:13:df:
                    e4:ed:9b:8c:05:01:bf:e7:f2:d1:b6:e2:11:c8:96:
                    2a:cb:05:20:ee:1a:22:d4:c1:fd:6e:cf:ab:80:1e:
                    db:4e:f5:61:f2:78:32:e7:c2:65:ec:db:86:2f:d3:
                    f8:f0:c4:e1:3e:37:e1:80:f3:08:06:55:bd:f3:ae:
                    cf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9D:B8:E9:93:38:4E:99:23:36:55:B5:8C:7D:46:BD:DF:DA:45:C9
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/KZ246ZM4TpkjNlW1jH1Gvd_aRck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:03:03:b4:f9:0a:62:45:86:30:5c:10:ec:13:1e:98:eb:85:
         6c:f5:c4:42:71:99:92:29:98:81:85:5f:57:41:62:57:c3:e7:
         40:f6:7b:cc:ba:b7:e8:0e:35:09:16:62:08:c1:f0:9f:0c:34:
         af:f5:f4:33:a8:95:45:d4:73:fb:fe:8b:cb:20:c0:85:87:6c:
         98:89:eb:93:62:bf:9e:10:c7:88:39:4d:1b:ef:bf:4c:b5:07:
         d8:11:84:4f:37:8e:fc:2e:5f:47:d7:80:b9:c5:2c:1f:80:bd:
         fb:d5:32:e8:e6:cb:b3:36:53:d1:3e:13:a8:84:5a:d1:d6:bc:
         d4:04:1b:07:e2:9a:d5:66:b8:85:80:f7:89:54:cc:f3:6c:dc:
         e5:b9:af:e1:ec:ae:42:91:db:ea:f4:00:68:b4:d4:41:f1:e9:
         ee:3a:45:c1:c3:f3:ea:cc:fe:7e:bd:f7:27:0a:8d:59:80:d0:
         a1:ed:4e:2a:f8:04:00:80:e6:d8:80:96:8a:db:a5:a2:4f:bf:
         15:26:e6:3b:86:6f:58:4a:59:dc:f0:b5:26:09:3c:34:46:2b:
         5a:3d:a6:d9:ca:03:16:bf:77:49:c5:46:a2:94:2b:78:48:af:
         b0:7e:f3:0e:db:6e:52:e9:24:29:a2:c8:f3:5b:29:19:02:c2:
         e4:6f:a2:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pU3JU2ysWfvaePk9RHOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjYwMTAxMjIxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlkYjhlOTkzMzg0ZTk5MjMzNjU1YjU4YzdkNDZiZGRmZGE0NWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkFDqVNTEfLMHEo/Pg+hJ9eT8yOP
66fjq53ulFa8O5TAoH/vSiP+erVsCHbRd8Ij4ghEJ8vN4USEeNBiGtWfqDABekDD
h/vDJQf70vgNxLUIx4goAqtJglmIgtl6NApHjpOjazIW55OrwVVyg5vEf3K0Hjou
wkWoESE0wqkV3Cy085rNsucdzexfPiID4Ds3E+10UHDt6GmOtieIn5iFymTudnhs
/wIkeZKgzYXR83FxsL3vfkF2L9aYSXqOc55EE9/k7ZuMBQG/5/LRtuIRyJYqywUg
7hoi1MH9bs+rgB7bTvVh8ngy58Jl7NuGL9P48MThPjfhgPMIBlW9867PNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmduOmTOE6ZIzZVtYx9Rr3f2kXJMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvS1oyNDZaTTRUcGtqTmxXMWpIMUd2ZF9hUmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYujMA0G
CSqGSIb3DQEBCwUAA4IBAQBUAwO0+QpiRYYwXBDsEx6Y64Vs9cRCcZmSKZiBhV9X
QWJXw+dA9nvMurfoDjUJFmIIwfCfDDSv9fQzqJVF1HP7/ovLIMCFh2yYieuTYr+e
EMeIOU0b779MtQfYEYRPN478Ll9H14C5xSwfgL371TLo5suzNlPRPhOohFrR1rzU
BBsH4prVZriFgPeJVMzzbNzlua/h7K5Ckdvq9ABotNRB8enuOkXBw/PqzP5+vfcn
Co1ZgNCh7U4q+AQAgObYgJaK26WiT78VJuY7hm9YSlnc8LUmCTw0RitaPabZygMW
v3dJxUailCt4SK+wfvMO225S6SQposjzWykZAsLkb6Kt
-----END CERTIFICATE-----