This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/kHZ-UWX7_UaxBA0IU_xEYz-p5Sk.roa
File:                     kHZ-UWX7_UaxBA0IU_xEYz-p5Sk.roa (raw, json)
Hash identifier:          N91Qx4D9AlpPbh++QoO69IFb0EqcjavWrfaybY665cg=
Subject key identifier:   90:76:7E:51:65:FB:FD:46:B1:04:0D:08:53:FC:44:63:3F:A9:E5:29
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019B7D5B059D70F62544067840FEC8BAA5C3
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/kHZ-UWX7_UaxBA0IU_xEYz-p5Sk.roa
Signing time:             Fri 02 Jan 2026 06:17:55 +0000
ROA not before:           Fri 02 Jan 2026 06:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204221
IP address blocks:        185.101.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:05:9d:70:f6:25:44:06:78:40:fe:c8:ba:a5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  2 06:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90767e5165fbfd46b1040d0853fc44633fa9e529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:4d:5b:5d:67:ab:c7:34:f3:02:68:6d:ea:
                    a4:35:1f:98:6f:47:4a:de:a7:8d:8d:a4:5e:60:26:
                    8a:c7:a0:27:8e:59:64:b3:f7:a7:16:b6:6d:cf:60:
                    de:c4:4d:0a:b3:02:25:61:9c:bd:f3:19:4a:b6:50:
                    52:af:e7:dc:ed:9e:d1:3d:7e:09:23:aa:3a:4e:2c:
                    8c:83:35:24:3d:54:29:3e:7d:30:2e:55:cc:22:ba:
                    00:b6:17:7b:71:0d:aa:ce:84:ee:33:99:5c:00:02:
                    e8:5e:34:df:22:2a:15:60:b4:b3:f7:d1:9f:57:f3:
                    25:cd:4c:69:3d:3b:b4:dc:f1:aa:52:ae:ad:40:8e:
                    f3:48:10:84:3d:e6:75:6e:53:59:f3:d2:d9:13:19:
                    27:da:0d:66:65:55:48:32:8d:76:02:0d:24:22:82:
                    ff:c4:f4:07:aa:3a:a1:a3:bd:ba:5a:45:e8:28:3c:
                    a3:bc:28:9c:fe:c5:2b:22:96:0e:fc:a1:4b:a2:21:
                    22:68:77:07:fa:d1:4c:ae:0a:3b:25:2e:6e:56:f1:
                    52:29:34:06:66:77:43:15:70:0c:e1:32:71:b6:45:
                    67:9c:22:a0:c7:15:8f:3d:3a:1e:f4:c6:c4:32:fa:
                    6f:8c:da:ac:1d:fe:28:18:c0:ad:cb:0c:43:d0:d8:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:76:7E:51:65:FB:FD:46:B1:04:0D:08:53:FC:44:63:3F:A9:E5:29
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/kHZ-UWX7_UaxBA0IU_xEYz-p5Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:60:ce:03:e8:ec:3e:f0:66:b2:2c:85:ad:d8:6d:94:b1:16:
         d4:66:a9:93:70:01:b7:85:52:ae:bb:a5:76:fa:17:15:36:d1:
         9a:3d:ae:71:68:2c:d5:69:c3:02:41:02:21:cd:ef:72:af:0a:
         86:6e:5a:66:26:d2:d4:11:c1:c1:b0:ef:41:a1:72:60:9f:eb:
         42:79:40:26:1e:1b:77:2b:2c:a5:69:eb:43:30:48:d0:ba:d0:
         47:11:d6:c3:de:6c:8c:bc:62:50:25:71:8c:b0:9f:f0:1d:a6:
         89:47:ed:d7:a1:cc:0b:58:ae:b0:4e:c1:ee:6d:b2:92:f1:92:
         c9:09:d9:40:ca:8f:b1:ca:95:90:5a:ad:ff:ff:56:80:b0:f0:
         cb:12:7a:c0:a0:5d:3c:a4:0d:7c:56:52:14:4e:33:0c:1b:90:
         03:85:94:28:8c:b5:e8:e2:a5:eb:ac:ca:14:42:d0:b7:30:e3:
         fa:f8:72:f3:b5:f4:1c:2d:9f:aa:80:d1:c9:df:af:f0:eb:57:
         2c:4e:06:1e:47:d4:c5:3e:d2:d6:e8:0e:40:ad:f2:f5:b9:96:
         94:e8:0e:90:54:23:a7:08:a3:32:22:e0:c9:82:b8:d3:72:65:
         87:9d:58:05:12:76:ec:14:ab:d2:71:5f:53:51:47:73:0f:d0:
         9b:55:bd:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WwWdcPYlRAZ4QP7IuqXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMTAyMDYxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDc2N2U1MTY1ZmJmZDQ2YjEwNDBkMDg1M2ZjNDQ2MzNmYTllNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8tNW11nq8c08wJobeqkNR+Yb0dK
3qeNjaReYCaKx6Anjllks/enFrZtz2DexE0KswIlYZy98xlKtlBSr+fc7Z7RPX4J
I6o6TiyMgzUkPVQpPn0wLlXMIroAthd7cQ2qzoTuM5lcAALoXjTfIioVYLSz99Gf
V/MlzUxpPTu03PGqUq6tQI7zSBCEPeZ1blNZ89LZExkn2g1mZVVIMo12Ag0kIoL/
xPQHqjqho726WkXoKDyjvCic/sUrIpYO/KFLoiEiaHcH+tFMrgo7JS5uVvFSKTQG
ZndDFXAM4TJxtkVnnCKgxxWPPToe9MbEMvpvjNqsHf4oGMCtywxD0NibxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJB2flFl+/1GsQQNCFP8RGM/qeUpMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEva0haLVVXWDdfVWF4QkEwSVVfeEVZei1wNVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWVqMA0G
CSqGSIb3DQEBCwUAA4IBAQCAYM4D6Ow+8GayLIWt2G2UsRbUZqmTcAG3hVKuu6V2
+hcVNtGaPa5xaCzVacMCQQIhze9yrwqGblpmJtLUEcHBsO9BoXJgn+tCeUAmHht3
KyylaetDMEjQutBHEdbD3myMvGJQJXGMsJ/wHaaJR+3XocwLWK6wTsHubbKS8ZLJ
CdlAyo+xypWQWq3//1aAsPDLEnrAoF08pA18VlIUTjMMG5ADhZQojLXo4qXrrMoU
QtC3MOP6+HLztfQcLZ+qgNHJ36/w61csTgYeR9TFPtLW6A5ArfL1uZaU6A6QVCOn
CKMyIuDJgrjTcmWHnVgFEnbsFKvScV9TUUdzD9CbVb19
-----END CERTIFICATE-----
Generated at Mon Jan 19 19:59:25 2026 by rpki-client