This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kpSiPpji_XM2PozIBQUWPh5cY4o.roa
File:                     kpSiPpji_XM2PozIBQUWPh5cY4o.roa (raw, json)
Hash identifier:          WnXefqGoi4GyRsRnd+q+/KXg1B0VOhqlPfpXLydjnDY=
Subject key identifier:   92:94:A2:3E:98:E2:FD:73:36:3E:8C:C8:05:05:16:3E:1E:5C:63:8A
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019B7FF2AE62FA9790EB2B4B59D37D956CD1
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kpSiPpji_XM2PozIBQUWPh5cY4o.roa
Signing time:             Fri 02 Jan 2026 18:22:49 +0000
ROA not before:           Fri 02 Jan 2026 18:22:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211415
IP address blocks:        194.26.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:ae:62:fa:97:90:eb:2b:4b:59:d3:7d:95:6c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 18:22:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9294a23e98e2fd73363e8cc80505163e1e5c638a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:32:37:57:89:8d:7b:06:90:4c:3c:86:f3:c0:
                    2c:78:97:f1:e8:c7:40:75:17:ad:4e:af:06:68:d9:
                    c5:f2:46:67:73:75:3a:ac:43:28:cb:8c:98:c4:0e:
                    51:f7:9c:f6:e2:f7:33:a0:81:a1:b7:ee:79:d5:e0:
                    8d:77:f9:33:bb:00:58:36:5e:ad:42:6e:f4:a8:8c:
                    41:a3:1d:2f:7e:16:fa:c3:06:3a:cf:fe:6b:3c:c4:
                    54:73:b9:53:71:63:f3:fe:1f:ad:e7:21:58:14:2c:
                    7e:3a:ba:d2:7b:d9:4b:69:c1:9b:2a:24:19:f4:f8:
                    c6:67:e2:2d:07:5d:fb:fe:55:88:0e:56:50:30:00:
                    93:4e:7f:36:d1:71:c8:9d:90:dd:f9:83:88:4e:93:
                    7c:cd:f4:df:ce:c8:2e:78:b1:df:99:e1:9b:07:f7:
                    28:60:88:d0:e3:6d:fc:9c:40:d1:0f:19:4e:26:72:
                    cb:04:16:99:78:93:86:22:79:df:34:ae:6b:8b:9f:
                    ce:c5:12:51:1c:33:54:50:72:f3:14:a2:11:5e:8d:
                    db:c1:f2:a0:49:38:fc:81:ec:0c:07:d6:ec:58:29:
                    e0:2f:da:24:2c:e6:a5:8b:ba:eb:b4:1f:10:95:bc:
                    f4:d7:17:99:cb:b5:15:cd:d0:25:bb:e4:b0:95:4f:
                    4d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:94:A2:3E:98:E2:FD:73:36:3E:8C:C8:05:05:16:3E:1E:5C:63:8A
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kpSiPpji_XM2PozIBQUWPh5cY4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:bc:f4:37:d4:78:ce:d7:3b:43:eb:1b:6e:dc:93:92:8b:f2:
         18:9d:65:c0:db:bc:30:64:f2:0c:55:0b:a6:c4:12:a9:34:91:
         e6:05:16:6d:41:b7:78:fe:bb:84:e8:c2:69:31:0f:b8:5b:83:
         4b:c0:52:8c:6a:2d:cc:ec:09:26:54:bf:98:bd:a6:e5:d2:5d:
         10:7d:c2:d5:3f:ff:dd:35:b4:f1:1f:03:20:37:5d:b3:70:ab:
         37:aa:ff:9f:04:45:28:28:fc:ee:d3:a5:31:23:79:ff:b1:cc:
         60:16:45:e3:09:1a:b0:c3:36:9c:7f:40:f4:49:9a:11:26:fe:
         25:06:84:d0:f4:81:4f:c0:8d:02:3d:dd:f4:26:5d:f7:71:ad:
         60:ae:bd:61:90:38:83:7d:b2:68:6a:51:42:b1:d8:41:f5:39:
         20:fd:32:4d:1b:fa:75:68:0b:f9:ff:fe:35:b2:8a:f7:1d:ad:
         66:8f:5c:dc:3b:fd:ea:9d:d0:a1:17:ab:3a:3a:a9:50:6e:64:
         0b:ce:8a:41:44:ac:0a:77:70:c9:20:b1:46:bf:4c:d5:83:af:
         3a:66:9a:10:8c:c0:21:9e:15:df:e9:01:5b:f3:38:04:aa:fe:
         14:ce:28:45:fe:16:04:e6:a4:fd:c1:f6:22:31:e8:55:eb:83:
         ab:ba:34:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8q5i+peQ6ytLWdN9lWzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMTAyMTgyMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk0YTIzZTk4ZTJmZDczMzYzZThjYzgwNTA1MTYzZTFlNWM2MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDI3V4mNewaQTDyG88AseJfx6MdA
dRetTq8GaNnF8kZnc3U6rEMoy4yYxA5R95z24vczoIGht+551eCNd/kzuwBYNl6t
Qm70qIxBox0vfhb6wwY6z/5rPMRUc7lTcWPz/h+t5yFYFCx+OrrSe9lLacGbKiQZ
9PjGZ+ItB137/lWIDlZQMACTTn820XHInZDd+YOITpN8zfTfzsgueLHfmeGbB/co
YIjQ4238nEDRDxlOJnLLBBaZeJOGInnfNK5ri5/OxRJRHDNUUHLzFKIRXo3bwfKg
STj8gewMB9bsWCngL9okLOali7rrtB8Qlbz01xeZy7UVzdAlu+SwlU9NmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKUoj6Y4v1zNj6MyAUFFj4eXGOKMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEva3BTaVBwamlfWE0yUG96SUJRVVdQaDVjWTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrrMA0G
CSqGSIb3DQEBCwUAA4IBAQCgvPQ31HjO1ztD6xtu3JOSi/IYnWXA27wwZPIMVQum
xBKpNJHmBRZtQbd4/ruE6MJpMQ+4W4NLwFKMai3M7AkmVL+Yvabl0l0QfcLVP//d
NbTxHwMgN12zcKs3qv+fBEUoKPzu06UxI3n/scxgFkXjCRqwwzacf0D0SZoRJv4l
BoTQ9IFPwI0CPd30Jl33ca1grr1hkDiDfbJoalFCsdhB9Tkg/TJNG/p1aAv5//41
sor3Ha1mj1zcO/3qndChF6s6OqlQbmQLzopBRKwKd3DJILFGv0zVg686ZpoQjMAh
nhXf6QFb8zgEqv4UzihF/hYE5qT9wfYiMehV64OrujR0
-----END CERTIFICATE-----