This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KnRc_VMCR5tzgj3_XzZc21HvgRs.roa
File:                     KnRc_VMCR5tzgj3_XzZc21HvgRs.roa (raw, json)
Hash identifier:          aFCLRyo9ZlWGal7jGwZY+Bb+MXwfBr9j67nygUj1XZQ=
Subject key identifier:   2A:74:5C:FD:53:02:47:9B:73:82:3D:FF:5F:36:5C:DB:51:EF:81:1B
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019B7F811161257075F5380F458BF387924C
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KnRc_VMCR5tzgj3_XzZc21HvgRs.roa
Signing time:             Fri 02 Jan 2026 16:18:43 +0000
ROA not before:           Fri 02 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        45.91.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:11:61:25:70:75:f5:38:0f:45:8b:f3:87:92:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  2 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a745cfd5302479b73823dff5f365cdb51ef811b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:96:53:57:0a:24:15:65:d3:2c:44:69:bd:39:
                    f4:b0:d2:35:3d:f7:58:63:33:80:2e:fb:96:7c:31:
                    e0:01:15:e5:6a:bf:bb:d3:52:b1:80:27:45:c4:00:
                    a5:c1:a8:7d:f7:a4:b9:59:3b:30:0e:a8:16:c8:8e:
                    bb:6c:a0:69:17:3f:d8:f3:54:25:96:f2:5a:0e:98:
                    ac:d2:e9:00:22:7a:79:f8:44:2f:aa:01:3e:6b:f7:
                    b5:22:0f:bd:98:78:24:6e:21:23:d4:25:5b:e7:ea:
                    ab:41:94:73:c6:14:a4:2d:d6:86:b9:82:06:02:05:
                    02:74:8f:ab:b4:65:7d:de:5d:11:76:28:55:c1:b4:
                    2e:ec:41:15:4c:33:81:a6:c9:57:18:a6:e0:d6:4e:
                    b2:fa:cc:0b:d1:36:79:1d:a7:6d:46:20:a2:80:fa:
                    b3:bd:7c:6c:93:08:8e:68:82:ae:23:6d:e9:b2:a2:
                    30:be:5a:c5:32:ee:16:d5:dc:b1:67:f7:65:f0:17:
                    1e:53:2f:b9:98:f7:3c:9a:94:38:ce:99:33:88:a5:
                    66:ec:a5:15:bb:50:3e:b3:4f:38:fa:66:71:8f:49:
                    dc:bb:7a:a5:62:ce:e3:06:33:bf:34:7a:d8:43:4d:
                    46:59:ef:e3:bc:f6:40:3a:35:d9:3e:96:8a:f1:e9:
                    0c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:74:5C:FD:53:02:47:9B:73:82:3D:FF:5F:36:5C:DB:51:EF:81:1B
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KnRc_VMCR5tzgj3_XzZc21HvgRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a4:8a:73:30:53:9d:8b:7f:5f:61:dd:16:98:b3:35:36:76:
         4c:7a:a2:d8:8d:03:e3:93:63:17:29:8f:d7:04:13:e9:da:7e:
         af:d0:32:99:d1:6e:ad:13:dd:41:a8:c5:56:53:27:1f:8e:71:
         c3:23:8a:f4:d9:f0:b9:23:52:0c:08:0b:4d:5d:3d:f5:8c:5c:
         ab:21:c5:1b:53:fc:b2:62:76:27:d8:de:22:a8:44:f9:aa:6c:
         41:5c:02:47:e5:35:2a:29:6a:14:88:1d:b6:8a:ff:60:4d:06:
         85:33:3c:84:0f:97:ab:51:ff:81:8d:98:2e:6e:a8:37:bf:3c:
         69:35:ab:f8:54:1c:7c:67:de:9f:53:e1:dc:22:8b:47:90:80:
         b7:b2:7d:05:20:e6:da:9a:1f:c6:6d:65:d0:46:7e:1b:58:d1:
         f6:86:bb:a5:d9:48:8b:75:a9:c6:91:3a:4d:fe:2b:13:b3:91:
         12:06:db:1a:90:cb:74:a5:49:f2:50:34:c0:0a:7c:e5:93:6e:
         95:21:b4:7c:85:3b:d8:61:09:ed:97:aa:8b:12:98:74:cb:9f:
         b3:dd:7e:53:c0:8d:e4:71:e5:40:97:61:bd:b8:93:44:9b:33:
         d3:d6:23:14:fb:2d:36:56:a5:a5:74:04:9e:86:fc:4c:80:6c:
         af:8f:dc:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gRFhJXB19TgPRYvzh5JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjYwMTAyMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc0NWNmZDUzMDI0NzliNzM4MjNkZmY1ZjM2NWNkYjUxZWY4MTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpZTVwokFWXTLERpvTn0sNI1PfdY
YzOALvuWfDHgARXlar+701KxgCdFxAClwah996S5WTswDqgWyI67bKBpFz/Y81Ql
lvJaDpis0ukAInp5+EQvqgE+a/e1Ig+9mHgkbiEj1CVb5+qrQZRzxhSkLdaGuYIG
AgUCdI+rtGV93l0RdihVwbQu7EEVTDOBpslXGKbg1k6y+swL0TZ5HadtRiCigPqz
vXxskwiOaIKuI23psqIwvlrFMu4W1dyxZ/dl8BceUy+5mPc8mpQ4zpkziKVm7KUV
u1A+s084+mZxj0ncu3qlYs7jBjO/NHrYQ01GWe/jvPZAOjXZPpaK8ekMHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp0XP1TAkebc4I9/182XNtR74EbMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvS25SY19WTUNSNXR6Z2ozX1h6WmMyMUh2Z1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsEMA0G
CSqGSIb3DQEBCwUAA4IBAQBrpIpzMFOdi39fYd0WmLM1NnZMeqLYjQPjk2MXKY/X
BBPp2n6v0DKZ0W6tE91BqMVWUycfjnHDI4r02fC5I1IMCAtNXT31jFyrIcUbU/yy
YnYn2N4iqET5qmxBXAJH5TUqKWoUiB22iv9gTQaFMzyED5erUf+BjZgubqg3vzxp
Nav4VBx8Z96fU+HcIotHkIC3sn0FIObamh/GbWXQRn4bWNH2hrul2UiLdanGkTpN
/isTs5ESBtsakMt0pUnyUDTACnzlk26VIbR8hTvYYQntl6qLEph0y5+z3X5TwI3k
ceVAl2G9uJNEmzPT1iMU+y02VqWldASehvxMgGyvj9yv
-----END CERTIFICATE-----