This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kv7x_Ylq24bcMnyoi64a4ul8DQI.roa
File:                     Kv7x_Ylq24bcMnyoi64a4ul8DQI.roa (raw, json)
Hash identifier:          z/SlNcRs3dJFk0x8MIn4WmtcY/3RK0nHx42kElE7cHM=
Subject key identifier:   2A:FE:F1:FD:89:6A:DB:86:DC:32:7C:A8:8B:AE:1A:E2:E9:7C:0D:02
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D2FEA51867CD9DCCDE196A02ED859
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kv7x_Ylq24bcMnyoi64a4ul8DQI.roa
Signing time:             Fri 02 Jan 2026 06:20:17 +0000
ROA not before:           Fri 02 Jan 2026 06:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        192.159.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:2f:ea:51:86:7c:d9:dc:cd:e1:96:a0:2e:d8:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2afef1fd896adb86dc327ca88bae1ae2e97c0d02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:25:4c:1c:34:4a:d2:7b:db:2b:5d:59:09:
                    3e:d8:cd:30:d3:e6:e3:d6:89:8f:ae:31:7c:08:a3:
                    08:4d:ee:bc:64:63:36:77:af:78:85:eb:81:20:59:
                    fc:a1:8f:42:18:20:49:40:57:8d:46:7c:14:9e:9e:
                    b6:ce:0f:80:54:50:5d:da:4f:c7:fd:40:4d:32:22:
                    2a:9c:46:f4:2d:ae:67:a1:80:35:66:c8:14:3f:2e:
                    ad:55:35:0d:da:9c:0c:98:88:a1:b2:ec:c6:a7:73:
                    16:9f:70:8d:8b:aa:7d:4b:ff:b8:e9:93:cf:83:89:
                    e7:b4:cf:71:ca:18:97:1b:e9:89:79:60:c3:39:c4:
                    c4:70:12:c8:38:65:98:0e:ff:29:a3:83:79:8b:8b:
                    56:7d:45:fa:23:b4:d9:03:b6:49:92:c1:b0:35:a1:
                    d1:e9:e2:78:a0:9d:a7:96:86:48:3d:b0:ed:c0:b3:
                    da:10:20:4a:f4:32:dc:0f:17:93:26:10:69:08:ba:
                    71:6b:56:4b:c3:58:e8:ae:65:b0:4c:57:5e:72:bd:
                    40:9f:08:51:76:bb:e3:06:fe:f6:26:ab:c3:87:63:
                    6c:73:45:e4:9b:df:dc:12:4a:0a:a7:c5:1a:0d:f7:
                    17:d7:0f:84:a8:c6:e4:8c:99:c0:cc:f1:7f:50:46:
                    e1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FE:F1:FD:89:6A:DB:86:DC:32:7C:A8:8B:AE:1A:E2:E9:7C:0D:02
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kv7x_Ylq24bcMnyoi64a4ul8DQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:49:ad:72:88:fc:c9:3b:65:68:d5:e7:c9:ba:71:cd:8e:1a:
         4e:b7:28:f4:eb:65:66:96:05:ed:61:83:c4:e2:89:3d:30:65:
         87:d0:92:5e:4d:37:19:9b:27:7f:df:f4:7a:4a:f2:43:a0:75:
         bb:f2:17:2b:45:b1:3f:30:59:f9:9c:46:cd:ae:5d:35:7d:a8:
         43:0a:bb:42:db:e0:5e:98:97:99:e2:3c:8a:52:59:83:8a:41:
         bb:b5:38:57:0d:67:c2:01:f5:a6:ed:d2:c2:48:24:d2:96:bb:
         ad:99:68:00:2d:e1:09:0f:ab:e3:86:2c:7e:7e:33:13:1a:df:
         70:23:c5:f6:95:e2:ae:f7:2e:e4:ff:e6:c0:2f:6b:61:23:b8:
         a7:17:c5:c7:b2:40:bf:63:69:ed:15:f8:38:31:20:0e:13:bb:
         46:81:95:52:b3:81:18:6e:ec:1c:b9:a2:64:2e:3e:57:eb:93:
         18:e3:f7:3b:e5:05:16:ed:49:cd:09:56:f9:8a:2f:a7:1a:85:
         9d:f2:a9:03:fd:6a:66:b2:47:48:e8:e5:68:ac:e2:a8:2a:cc:
         ca:c7:df:dc:1e:f1:e9:ce:32:4e:dc:ab:21:b9:e4:3b:57:0b:
         79:e7:43:c7:b5:d8:15:f9:70:75:5f:87:fa:85:e4:7e:1b:bb:
         b3:10:c0:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XS/qUYZ82dzN4ZagLthZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWZlZjFmZDg5NmFkYjg2ZGMzMjdjYTg4YmFlMWFlMmU5N2MwZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy0lTBw0StJ72ytdWQk+2M0w0+bj
1omPrjF8CKMITe68ZGM2d694heuBIFn8oY9CGCBJQFeNRnwUnp62zg+AVFBd2k/H
/UBNMiIqnEb0La5noYA1ZsgUPy6tVTUN2pwMmIihsuzGp3MWn3CNi6p9S/+46ZPP
g4nntM9xyhiXG+mJeWDDOcTEcBLIOGWYDv8po4N5i4tWfUX6I7TZA7ZJksGwNaHR
6eJ4oJ2nloZIPbDtwLPaECBK9DLcDxeTJhBpCLpxa1ZLw1jormWwTFdecr1AnwhR
drvjBv72JqvDh2Nsc0Xkm9/cEkoKp8UaDfcX1w+EqMbkjJnAzPF/UEbhxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr+8f2JatuG3DJ8qIuuGuLpfA0CMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS3Y3eF9ZbHEyNGJjTW55b2k2NGE0dWw4RFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJ9jMA0G
CSqGSIb3DQEBCwUAA4IBAQCBSa1yiPzJO2Vo1efJunHNjhpOtyj062VmlgXtYYPE
4ok9MGWH0JJeTTcZmyd/3/R6SvJDoHW78hcrRbE/MFn5nEbNrl01fahDCrtC2+Be
mJeZ4jyKUlmDikG7tThXDWfCAfWm7dLCSCTSlrutmWgALeEJD6vjhix+fjMTGt9w
I8X2leKu9y7k/+bAL2thI7inF8XHskC/Y2ntFfg4MSAOE7tGgZVSs4EYbuwcuaJk
Lj5X65MY4/c75QUW7UnNCVb5ii+nGoWd8qkD/WpmskdI6OVorOKoKszKx9/cHvHp
zjJO3KshueQ7Vwt550PHtdgV+XB1X4f6heR+G7uzEMBn
-----END CERTIFICATE-----