This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Klo0a9JE8apsNxCqHuH7qI84gn8.roa
File:                     Klo0a9JE8apsNxCqHuH7qI84gn8.roa (raw, json)
Hash identifier:          AKoDDGETE5AFJcPWXl/SXsKZmDzLHvb4I0+SXvxRh6E=
Subject key identifier:   2A:5A:34:6B:D2:44:F1:AA:6C:37:10:AA:1E:E1:FB:A8:8F:38:82:7F
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA4AAE99640A0C8F29F55EDE70349FC
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Klo0a9JE8apsNxCqHuH7qI84gn8.roa
Signing time:             Thu 01 Jan 2026 22:19:07 +0000
ROA not before:           Thu 01 Jan 2026 22:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395092
IP address blocks:        2.56.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:aa:e9:96:40:a0:c8:f2:9f:55:ed:e7:03:49:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a5a346bd244f1aa6c3710aa1ee1fba88f38827f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:1f:a4:d0:4f:8c:32:8b:7a:96:9e:f0:47:
                    ac:b2:c6:a3:87:59:99:23:86:9b:50:e8:e2:a0:c9:
                    86:5b:46:2d:b2:01:c6:a3:c8:79:d3:ef:e6:28:cd:
                    5f:8e:f2:a7:ed:03:f1:3a:48:11:e7:cb:55:b7:c5:
                    72:e2:59:50:e3:d1:46:38:47:d8:55:41:60:c4:dd:
                    77:2d:84:09:42:2b:3b:44:88:4a:e2:62:b3:8b:09:
                    64:d5:7a:54:6c:86:07:f1:6a:b4:43:33:0f:28:16:
                    7a:e5:b3:d0:4d:7b:db:67:aa:a5:a5:6b:6e:77:f2:
                    31:04:2e:54:06:be:e3:5e:a7:36:c0:3b:1b:84:ea:
                    57:b6:fa:3b:c3:df:4b:8a:34:4b:fc:5c:45:82:fb:
                    90:e2:ce:0d:e5:b3:7c:51:73:d2:38:77:bb:73:e4:
                    b2:51:e8:eb:55:62:c2:29:bb:fc:6d:55:f7:fc:5b:
                    7c:10:fc:56:27:c5:2e:bb:f6:7c:6d:bf:40:4d:fd:
                    f7:99:7d:83:17:53:f7:17:a0:a1:15:b2:4d:92:54:
                    67:9b:b6:44:c9:97:58:4a:79:e5:1c:8b:92:9a:4c:
                    31:4f:e7:eb:2d:91:67:7c:71:11:b7:91:50:e6:e1:
                    5c:06:cc:f5:f0:2f:cb:0c:92:f8:ca:a1:3c:d6:c8:
                    51:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5A:34:6B:D2:44:F1:AA:6C:37:10:AA:1E:E1:FB:A8:8F:38:82:7F
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/Klo0a9JE8apsNxCqHuH7qI84gn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:5b:92:59:20:10:8e:5c:79:b9:1f:01:7b:fa:ee:06:cf:51:
         20:5e:cf:9b:c9:72:fe:18:30:fd:72:a7:c3:f4:96:a2:07:6a:
         34:5b:0e:2f:57:8b:7a:e8:c9:74:a6:94:b8:33:42:30:e8:b8:
         32:20:ae:78:56:69:8f:24:40:a2:33:9c:57:fd:70:fc:e6:e9:
         21:f2:5f:8c:b0:fb:2b:e4:5b:25:a3:2e:9e:c0:e8:a6:64:ff:
         ad:ed:02:f6:76:ad:e2:76:07:5d:dd:ec:a4:e5:5d:f9:57:e4:
         11:07:ab:af:62:b8:c4:69:94:34:b0:1e:d4:71:0c:7d:06:f7:
         ed:ef:f2:19:33:83:6c:88:6b:1b:04:bd:1f:e5:40:f3:a8:1b:
         dd:bb:24:1f:5d:bf:47:f3:d3:34:37:ec:ba:77:20:78:55:11:
         d8:06:5a:a5:91:60:8f:e7:69:c2:7d:72:ce:24:fd:26:da:22:
         55:dd:43:0d:be:58:ad:15:de:68:f1:fd:4d:ba:2b:81:44:87:
         dc:da:fe:84:ff:50:32:18:e9:2a:4e:0b:6c:12:5f:a6:71:07:
         f0:81:c4:87:af:00:23:79:9a:8a:f1:be:bb:28:85:8b:d8:67:
         bf:f1:42:57:82:80:c9:3d:54:04:5f:f6:16:61:5d:04:cf:83:
         bf:5f:c8:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pKrplkCgyPKfVe3nA0n8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTVhMzQ2YmQyNDRmMWFhNmMzNzEwYWExZWUxZmJhODhmMzg4MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWofpNBPjDKLepae8Eesssajh1mZ
I4abUOjioMmGW0YtsgHGo8h50+/mKM1fjvKn7QPxOkgR58tVt8Vy4llQ49FGOEfY
VUFgxN13LYQJQis7RIhK4mKziwlk1XpUbIYH8Wq0QzMPKBZ65bPQTXvbZ6qlpWtu
d/IxBC5UBr7jXqc2wDsbhOpXtvo7w99LijRL/FxFgvuQ4s4N5bN8UXPSOHe7c+Sy
UejrVWLCKbv8bVX3/Ft8EPxWJ8Uuu/Z8bb9ATf33mX2DF1P3F6ChFbJNklRnm7ZE
yZdYSnnlHIuSmkwxT+frLZFnfHERt5FQ5uFcBsz18C/LDJL4yqE81shRvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpaNGvSRPGqbDcQqh7h+6iPOIJ/MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvS2xvMGE5SkU4YXBzTnhDcUh1SDdxSTg0Z244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjiLMA0G
CSqGSIb3DQEBCwUAA4IBAQBzW5JZIBCOXHm5HwF7+u4Gz1EgXs+byXL+GDD9cqfD
9JaiB2o0Ww4vV4t66Ml0ppS4M0Iw6LgyIK54VmmPJECiM5xX/XD85ukh8l+MsPsr
5Fsloy6ewOimZP+t7QL2dq3idgdd3eyk5V35V+QRB6uvYrjEaZQ0sB7UcQx9Bvft
7/IZM4NsiGsbBL0f5UDzqBvduyQfXb9H89M0N+y6dyB4VRHYBlqlkWCP52nCfXLO
JP0m2iJV3UMNvlitFd5o8f1NuiuBRIfc2v6E/1AyGOkqTgtsEl+mcQfwgcSHrwAj
eZqK8b67KIWL2Ge/8UJXgoDJPVQEX/YWYV0Ez4O/X8jm
-----END CERTIFICATE-----