This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/KTwCVnJtS4ppS1PODRoiqNQzz14.roa
File:                     KTwCVnJtS4ppS1PODRoiqNQzz14.roa (raw, json)
Hash identifier:          BLHy0NZ+RNC5mxx+n19LrqL3IVytQTHApoTSuzDCU7c=
Subject key identifier:   29:3C:02:56:72:6D:4B:8A:69:4B:53:CE:0D:1A:22:A8:D4:33:CF:5E
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EABA59C75BE86268DF9B120516748A
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/KTwCVnJtS4ppS1PODRoiqNQzz14.roa
Signing time:             Thu 01 Jan 2026 00:17:33 +0000
ROA not before:           Thu 01 Jan 2026 00:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        45.8.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ba:59:c7:5b:e8:62:68:df:9b:12:05:16:74:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=293c0256726d4b8a694b53ce0d1a22a8d433cf5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5e:74:22:47:60:f2:48:5c:20:6c:31:b0:9b:
                    16:34:c4:1e:a3:b8:2b:31:a8:fc:a7:00:58:4c:d9:
                    e2:96:2c:2b:0c:4d:83:24:f4:de:50:be:18:3c:f9:
                    28:88:49:c8:3d:ac:8f:a0:20:15:58:d1:a4:b0:c7:
                    23:93:08:e8:00:7c:26:d1:be:ee:15:93:08:00:43:
                    41:d2:6b:ac:dd:93:24:39:0e:0e:96:d0:8b:53:50:
                    69:5c:16:75:69:49:c2:46:37:37:b6:4c:a1:2e:4f:
                    58:9d:81:19:8b:d5:5c:57:0d:af:55:c2:2d:51:6f:
                    51:ef:28:80:36:6b:85:0f:5f:2f:13:fb:e7:d2:0f:
                    b5:43:f9:c9:4d:d4:7d:09:95:e8:50:2f:1d:98:67:
                    f5:c0:f4:0c:c8:d9:0f:3b:1a:c9:b4:3f:38:1c:5b:
                    b5:e4:1a:5a:ee:56:d6:09:48:af:4b:42:9a:92:01:
                    b6:19:8f:ba:ff:17:15:b4:0b:9e:ca:cb:cb:e9:df:
                    61:48:64:1a:80:57:41:b5:f7:76:31:ca:1e:f3:4a:
                    d0:96:ad:d9:e1:53:e7:2a:00:99:24:27:4c:7a:74:
                    45:6c:89:28:5c:1f:05:bc:67:0c:af:cf:4b:77:fb:
                    58:ae:61:4b:84:68:0c:71:03:23:7e:af:95:1f:b5:
                    30:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3C:02:56:72:6D:4B:8A:69:4B:53:CE:0D:1A:22:A8:D4:33:CF:5E
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/KTwCVnJtS4ppS1PODRoiqNQzz14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:90:64:9a:df:be:a4:db:5b:09:95:a8:b4:c3:7d:81:af:13:
         c0:62:ec:80:0c:86:16:40:a0:6b:76:ba:a9:b2:af:26:f3:ec:
         2c:35:28:6c:8b:db:2f:ae:02:af:dd:af:92:97:92:ae:a3:b9:
         2d:79:43:87:55:43:e7:68:ca:e9:b5:fd:88:d3:59:a1:a2:0b:
         4e:3a:88:99:11:ea:20:ac:d2:61:8c:05:d5:52:e0:5b:94:ec:
         2f:a9:d2:ac:f0:61:51:43:92:d9:4f:40:4c:90:ea:ac:c1:8d:
         bd:4d:54:b1:57:22:48:06:7a:86:6d:bd:56:d5:48:c5:c6:2d:
         b6:59:d3:71:59:e2:73:11:03:a7:cb:bc:f3:d9:f1:ec:41:ff:
         11:a2:55:1d:c7:d1:1c:99:13:94:18:db:c0:25:26:40:c2:04:
         65:a0:6f:f4:3c:9f:18:95:dc:63:a3:0c:6f:ea:a6:db:91:bf:
         b5:de:1b:20:ad:c4:74:f8:0c:87:6e:34:07:f2:a3:d4:b7:03:
         e0:0f:fc:67:0d:e5:ea:c2:44:ca:00:44:e4:ef:0f:9f:4e:d0:
         ea:f3:e0:c3:9b:ae:0b:e1:3c:28:43:c9:b5:3d:08:8e:11:c3:
         01:0d:14:d0:8d:29:34:e6:ad:f5:e0:ef:8e:bf:87:05:cb:9e:
         e7:89:70:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26rpZx1voYmjfmxIFFnSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNjMDI1NjcyNmQ0YjhhNjk0YjUzY2UwZDFhMjJhOGQ0MzNjZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsV50Ikdg8khcIGwxsJsWNMQeo7gr
Maj8pwBYTNniliwrDE2DJPTeUL4YPPkoiEnIPayPoCAVWNGksMcjkwjoAHwm0b7u
FZMIAENB0mus3ZMkOQ4OltCLU1BpXBZ1aUnCRjc3tkyhLk9YnYEZi9VcVw2vVcIt
UW9R7yiANmuFD18vE/vn0g+1Q/nJTdR9CZXoUC8dmGf1wPQMyNkPOxrJtD84HFu1
5Bpa7lbWCUivS0KakgG2GY+6/xcVtAueysvL6d9hSGQagFdBtfd2Mcoe80rQlq3Z
4VPnKgCZJCdMenRFbIkoXB8FvGcMr89Ld/tYrmFLhGgMcQMjfq+VH7UwJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk8AlZybUuKaUtTzg0aIqjUM89eMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvS1R3Q1ZuSnRTNHBwUzFQT0RSb2lxTlF6ejE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi4MA0G
CSqGSIb3DQEBCwUAA4IBAQCOkGSa376k21sJlai0w32BrxPAYuyADIYWQKBrdrqp
sq8m8+wsNShsi9svrgKv3a+Sl5Kuo7kteUOHVUPnaMrptf2I01mhogtOOoiZEeog
rNJhjAXVUuBblOwvqdKs8GFRQ5LZT0BMkOqswY29TVSxVyJIBnqGbb1W1UjFxi22
WdNxWeJzEQOny7zz2fHsQf8RolUdx9EcmROUGNvAJSZAwgRloG/0PJ8Yldxjowxv
6qbbkb+13hsgrcR0+AyHbjQH8qPUtwPgD/xnDeXqwkTKAETk7w+fTtDq8+DDm64L
4TwoQ8m1PQiOEcMBDRTQjSk05q314O+Ov4cFy57niXC3
-----END CERTIFICATE-----