This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ki8GPq17sVC06th9_mWHlOPVnhM.roa
File:                     ki8GPq17sVC06th9_mWHlOPVnhM.roa (raw, json)
Hash identifier:          mLfYwBW3seLyrtKiueTE/FSLEWY9qyYwtJ3CUwZGU1M=
Subject key identifier:   92:2F:06:3E:AD:7B:B1:50:B4:EA:D8:7D:FE:65:87:94:E3:D5:9E:13
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA550E63B80B1B92991F61827D4CDC5
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ki8GPq17sVC06th9_mWHlOPVnhM.roa
Signing time:             Thu 01 Jan 2026 22:19:50 +0000
ROA not before:           Thu 01 Jan 2026 22:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210754
IP address blocks:        62.176.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:50:e6:3b:80:b1:b9:29:91:f6:18:27:d4:cd:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=922f063ead7bb150b4ead87dfe658794e3d59e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:48:ba:54:cd:9b:26:e5:9e:c3:b8:b0:1a:74:
                    f4:19:08:28:e9:d0:48:de:3e:51:c9:c0:35:16:5b:
                    0e:98:77:47:db:fc:d5:0a:cf:8c:f9:95:71:04:e5:
                    cb:24:1d:5a:3f:47:90:0d:a7:a5:7b:44:2c:85:41:
                    32:10:ee:70:a6:40:57:13:a8:b0:60:91:95:a4:0b:
                    1c:5b:b7:c8:30:14:84:66:64:11:2f:c2:69:6a:73:
                    61:18:92:1e:74:e1:5b:3f:d1:1e:9c:53:84:15:06:
                    80:e9:89:fc:29:b7:8a:a1:3c:64:4c:14:a8:0a:3d:
                    ba:fb:9f:28:dd:bb:c9:79:57:bd:74:cd:c3:fd:2b:
                    e7:66:11:3e:77:c3:79:22:73:87:2e:90:6f:5e:e4:
                    ae:90:85:b6:87:cf:b5:b6:c5:54:6b:2d:df:b6:27:
                    dd:66:33:17:be:63:25:8e:72:0f:ba:5a:6f:b5:48:
                    e0:10:6d:47:5c:a0:f5:18:d6:9d:22:9a:44:3d:d4:
                    77:c3:61:ce:1f:4f:e5:11:e5:2c:80:76:b5:58:10:
                    1b:1b:1f:74:70:6f:ec:1b:3d:00:85:ed:0b:a8:06:
                    bf:e7:4c:f8:88:45:db:2b:e4:d8:62:38:c0:a5:fe:
                    31:67:5e:58:25:41:87:cb:f9:f8:8c:02:e0:16:ff:
                    0c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:2F:06:3E:AD:7B:B1:50:B4:EA:D8:7D:FE:65:87:94:E3:D5:9E:13
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ki8GPq17sVC06th9_mWHlOPVnhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:9e:01:bd:5f:ab:53:14:c0:13:0a:e9:79:c7:97:5a:dd:25:
         52:45:8a:fc:c7:77:8d:0e:a0:e2:03:23:62:36:f5:b1:a4:06:
         79:e0:34:a2:ec:80:4e:6e:bd:b8:3b:cc:ac:0a:8e:14:ac:58:
         31:86:05:23:97:55:97:3e:42:4c:7a:4e:0d:25:50:b2:db:fd:
         ff:fd:65:2f:a7:e7:fd:88:e6:37:be:d0:17:9d:d3:f0:79:a9:
         a8:24:f2:bc:03:89:f2:ed:e8:e4:c6:31:18:26:12:c6:06:f9:
         3c:59:2e:f9:05:ae:38:b7:b8:52:5f:6f:9b:04:ab:9c:8c:f4:
         f1:8f:14:26:9e:59:8f:ad:ee:f3:80:8f:69:6a:b1:4c:2d:70:
         d3:d8:be:8e:94:e3:18:55:0c:86:06:41:4b:c8:3f:06:37:b9:
         36:db:a1:ce:79:70:8d:bb:4c:27:30:99:8c:ba:26:a4:87:23:
         0e:40:b3:de:15:23:ec:5c:54:36:d2:2a:8e:09:5b:43:6b:51:
         da:f2:48:b6:94:3b:c7:a4:d6:97:f9:28:ea:8a:d2:82:a6:87:
         2f:dd:f8:c4:12:ab:3d:87:9e:47:75:ce:9a:38:93:c4:37:99:
         61:9b:eb:cf:4e:5a:bf:12:c9:c4:e3:af:11:82:bb:21:3c:fb:
         5d:8d:04:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pVDmO4CxuSmR9hgn1M3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjJmMDYzZWFkN2JiMTUwYjRlYWQ4N2RmZTY1ODc5NGUzZDU5ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEi6VM2bJuWew7iwGnT0GQgo6dBI
3j5RycA1FlsOmHdH2/zVCs+M+ZVxBOXLJB1aP0eQDaele0QshUEyEO5wpkBXE6iw
YJGVpAscW7fIMBSEZmQRL8JpanNhGJIedOFbP9EenFOEFQaA6Yn8KbeKoTxkTBSo
Cj26+58o3bvJeVe9dM3D/SvnZhE+d8N5InOHLpBvXuSukIW2h8+1tsVUay3ftifd
ZjMXvmMljnIPulpvtUjgEG1HXKD1GNadIppEPdR3w2HOH0/lEeUsgHa1WBAbGx90
cG/sGz0Ahe0LqAa/50z4iEXbK+TYYjjApf4xZ15YJUGHy/n4jALgFv8MGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIvBj6te7FQtOrYff5lh5Tj1Z4TMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEva2k4R1BxMTdzVkMwNnRoOV9tV0hsT1BWbmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPrBiMA0G
CSqGSIb3DQEBCwUAA4IBAQCdngG9X6tTFMATCul5x5da3SVSRYr8x3eNDqDiAyNi
NvWxpAZ54DSi7IBObr24O8ysCo4UrFgxhgUjl1WXPkJMek4NJVCy2/3//WUvp+f9
iOY3vtAXndPweamoJPK8A4ny7ejkxjEYJhLGBvk8WS75Ba44t7hSX2+bBKucjPTx
jxQmnlmPre7zgI9parFMLXDT2L6OlOMYVQyGBkFLyD8GN7k226HOeXCNu0wnMJmM
uiakhyMOQLPeFSPsXFQ20iqOCVtDa1Ha8ki2lDvHpNaX+SjqitKCpocv3fjEEqs9
h55Hdc6aOJPEN5lhm+vPTlq/EsnE468RgrshPPtdjQQi
-----END CERTIFICATE-----