This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/8KaJwIuZexyBoZjYRmZrjQf9lJQ.roa
File:                     8KaJwIuZexyBoZjYRmZrjQf9lJQ.roa (raw, json)
Hash identifier:          LrRg49gpH/+ELMxEyexBUIqT8W2t/5VIfE4dXyblhxM=
Subject key identifier:   F0:A6:89:C0:8B:99:7B:1C:81:A1:98:D8:46:66:6B:8D:07:FD:94:94
Certificate issuer:       /CN=29128d9d4f1a56e970f8746d6827ac1120f92667
Certificate serial:       019B7F153F15AA7E9D4D97932FE0B310E136
Authority key identifier: 29:12:8D:9D:4F:1A:56:E9:70:F8:74:6D:68:27:AC:11:20:F9:26:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/8KaJwIuZexyBoZjYRmZrjQf9lJQ.roa
Signing time:             Fri 02 Jan 2026 14:20:57 +0000
ROA not before:           Fri 02 Jan 2026 14:20:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        185.249.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:3f:15:aa:7e:9d:4d:97:93:2f:e0:b3:10:e1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29128d9d4f1a56e970f8746d6827ac1120f92667
        Validity
            Not Before: Jan  2 14:20:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0a689c08b997b1c81a198d846666b8d07fd9494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:00:18:8b:6b:1a:ba:32:27:26:46:d8:33:12:
                    fb:c9:82:c6:10:fc:fc:d2:4f:24:8d:6e:e7:47:7f:
                    45:47:d4:cd:08:06:21:29:bb:50:f1:e8:f2:ec:01:
                    fe:b8:e7:b6:59:fd:5e:62:db:e1:27:7d:16:32:cc:
                    9c:9f:15:f6:c9:af:d8:a2:4a:3b:58:b3:c6:40:74:
                    cb:a9:13:58:da:fb:a0:6b:c7:79:fb:31:cc:cf:f2:
                    f5:b6:32:1b:73:ac:3a:60:19:56:46:de:5b:07:9e:
                    63:1f:dc:e2:c1:62:1f:4a:cf:7a:d7:1b:80:79:bc:
                    21:c4:b9:fa:ee:84:f3:83:87:fc:4e:24:c0:88:e3:
                    0a:e4:73:90:a9:a2:cd:d1:79:54:c1:3a:03:90:c7:
                    0a:01:78:d9:72:23:5d:06:6a:f5:41:f4:c9:90:d6:
                    3a:f6:13:91:5d:32:1e:5f:b6:cd:9d:fd:91:2b:56:
                    8a:ec:1c:c9:18:f8:a8:be:00:3a:62:e3:3b:f4:9d:
                    0c:c6:c3:e5:5d:06:39:a2:aa:24:6b:0f:b1:4e:0b:
                    5f:f6:9f:4c:03:52:46:96:e6:f3:d1:b5:07:25:04:
                    18:16:79:eb:b6:29:4d:ea:ec:63:54:23:15:2f:de:
                    5c:db:94:f5:d3:df:f6:d4:88:ed:78:49:e1:d9:3e:
                    34:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A6:89:C0:8B:99:7B:1C:81:A1:98:D8:46:66:6B:8D:07:FD:94:94
            X509v3 Authority Key Identifier:
                keyid:29:12:8D:9D:4F:1A:56:E9:70:F8:74:6D:68:27:AC:11:20:F9:26:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/8KaJwIuZexyBoZjYRmZrjQf9lJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:45:29:0c:24:c5:40:a8:48:cb:09:23:a8:f9:51:7b:8f:d0:
         b0:bc:0a:f1:60:bd:86:12:62:fc:c3:17:f8:4a:fa:94:29:d5:
         74:15:6a:98:74:b7:84:83:2a:4f:b2:41:ab:5c:e9:08:ba:f1:
         a3:6e:97:0c:29:08:3d:86:da:b0:dd:05:dd:b7:36:a5:a4:0f:
         fb:88:34:c4:f5:fd:3c:50:09:bc:82:62:30:74:86:75:c1:ac:
         69:8a:58:2c:7f:30:29:47:18:80:f5:9d:a9:ad:49:aa:10:79:
         77:ca:ee:a8:d2:1d:97:f2:33:5d:f5:c7:05:03:93:b8:b1:b6:
         6f:36:a4:05:9a:9d:13:e7:d3:ce:8c:f4:b3:94:08:1e:49:5c:
         08:01:46:cc:d2:8a:49:19:fb:72:e1:b7:36:03:79:aa:cd:1f:
         44:fd:a1:47:ca:4a:db:d3:4e:01:c6:00:1e:19:2a:e4:aa:c5:
         a1:6c:51:68:9a:b6:ba:c5:b3:4e:93:31:7f:3f:be:d5:f5:6a:
         ab:5d:f3:ae:64:89:7d:f2:35:19:16:7c:88:3f:e1:ff:8c:d3:
         83:82:6c:2e:5e:07:09:20:df:34:97:63:db:50:51:73:e4:9c:
         c0:12:92:66:7a:ca:fa:55:30:b6:21:b4:30:17:15:48:10:eb:
         fb:49:b1:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FT8Vqn6dTZeTL+CzEOE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTI4ZDlkNGYxYTU2ZTk3MGY4NzQ2ZDY4MjdhYzExMjBm
OTI2NjcwHhcNMjYwMTAyMTQyMDU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGE2ODljMDhiOTk3YjFjODFhMTk4ZDg0NjY2NmI4ZDA3ZmQ5NDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgAYi2saujInJkbYMxL7yYLGEPz8
0k8kjW7nR39FR9TNCAYhKbtQ8ejy7AH+uOe2Wf1eYtvhJ30WMsycnxX2ya/Yoko7
WLPGQHTLqRNY2vuga8d5+zHMz/L1tjIbc6w6YBlWRt5bB55jH9ziwWIfSs961xuA
ebwhxLn67oTzg4f8TiTAiOMK5HOQqaLN0XlUwToDkMcKAXjZciNdBmr1QfTJkNY6
9hORXTIeX7bNnf2RK1aK7BzJGPiovgA6YuM79J0MxsPlXQY5oqokaw+xTgtf9p9M
A1JGlubz0bUHJQQYFnnrtilN6uxjVCMVL95c25T109/21IjteEnh2T40fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCmicCLmXscgaGY2EZma40H/ZSUMB8GA1UdIwQY
MBaAFCkSjZ1PGlbpcPh0bWgnrBEg+SZnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JLTm5VOGFWdWx3LUhSdGFDZXNFU0Q1Sm1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8xMTQ3N2MtODQ1Mi00YWJiLTkxNDct
ZjBiMDljMGM5MGM3LzEvOEthSndJdVpleHlCb1pqWVJtWnJqUWY5bEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8xMTQ3N2MtODQ1Mi00YWJiLTkxNDctZjBiMDljMGM5MGM3
LzEvS1JLTm5VOGFWdWx3LUhSdGFDZXNFU0Q1Sm1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufkJMA0G
CSqGSIb3DQEBCwUAA4IBAQChRSkMJMVAqEjLCSOo+VF7j9CwvArxYL2GEmL8wxf4
SvqUKdV0FWqYdLeEgypPskGrXOkIuvGjbpcMKQg9htqw3QXdtzalpA/7iDTE9f08
UAm8gmIwdIZ1waxpilgsfzApRxiA9Z2prUmqEHl3yu6o0h2X8jNd9ccFA5O4sbZv
NqQFmp0T59POjPSzlAgeSVwIAUbM0opJGfty4bc2A3mqzR9E/aFHykrb004BxgAe
GSrkqsWhbFFomra6xbNOkzF/P77V9WqrXfOuZIl98jUZFnyIP+H/jNODgmwuXgcJ
IN80l2PbUFFz5JzAEpJmesr6VTC2IbQwFxVIEOv7SbF3
-----END CERTIFICATE-----