This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KPOE-0V8KGpk7bbwt78alGBddnw.roa
File:                     KPOE-0V8KGpk7bbwt78alGBddnw.roa (raw, json)
Hash identifier:          eEU3RH8ax4eoin0UGMRTYrc8+OcIP+B6UcNd3rkqLqc=
Subject key identifier:   28:F3:84:FB:45:7C:28:6A:64:ED:B6:F0:B7:BF:1A:94:60:5D:76:7C
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019B78A2CFE11A475A0A9DAD4F4D00ADE893
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KPOE-0V8KGpk7bbwt78alGBddnw.roa
Signing time:             Thu 01 Jan 2026 08:18:14 +0000
ROA not before:           Thu 01 Jan 2026 08:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        109.72.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 19:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:cf:e1:1a:47:5a:0a:9d:ad:4f:4d:00:ad:e8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 08:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28f384fb457c286a64edb6f0b7bf1a94605d767c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:89:0d:b1:e0:a7:29:9b:fe:bc:58:c8:86:d8:
                    42:93:28:41:5e:20:2a:9c:97:ad:35:a3:b7:d0:2e:
                    47:95:84:8f:56:1f:d2:d3:de:79:65:5d:ce:b9:18:
                    23:95:39:91:42:9e:21:ee:d9:72:05:a1:13:e0:f4:
                    4d:c3:84:6e:8c:0c:ff:ab:84:42:65:69:99:76:e0:
                    47:98:1c:0a:6e:e1:f8:2c:07:3b:c2:d8:91:bd:d4:
                    22:11:cf:71:e2:51:b4:21:07:65:9d:73:d6:b2:d2:
                    16:62:41:19:40:27:ef:7e:8b:84:69:56:35:6f:17:
                    65:80:02:7d:1b:b2:54:42:ee:42:ee:d1:1d:1b:b4:
                    af:24:25:a3:e0:07:f5:b1:18:fe:fb:2b:b0:47:89:
                    0c:f7:87:37:8f:9b:84:86:5d:1f:ea:b9:a4:95:70:
                    0b:ac:55:0d:0f:84:88:5f:77:d6:61:46:ef:a4:2e:
                    7f:7f:80:88:41:88:e1:3c:39:82:99:eb:ec:b2:2e:
                    63:47:d9:6a:6a:98:07:42:09:52:61:96:7f:49:ab:
                    f6:91:6c:b4:5e:d1:5a:88:d6:69:a2:61:2c:35:42:
                    cc:86:62:80:7b:45:85:70:84:43:cb:a7:54:c8:f8:
                    02:46:80:2d:62:30:f3:e2:9e:bc:03:3b:eb:12:da:
                    a1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F3:84:FB:45:7C:28:6A:64:ED:B6:F0:B7:BF:1A:94:60:5D:76:7C
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KPOE-0V8KGpk7bbwt78alGBddnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:38:7a:35:df:a3:56:6d:5b:58:a3:93:84:6b:f7:d1:47:32:
         fa:92:5b:3a:b7:e0:7a:4a:d5:90:4b:67:37:73:73:cd:33:2d:
         8e:99:5c:90:4c:7a:2c:54:23:9a:2a:c0:11:48:dd:74:f2:13:
         b1:e9:c6:62:72:d0:2a:8f:c3:c0:c3:21:55:b6:16:fd:23:3b:
         5d:e7:3f:09:a7:c6:ae:f0:e9:3e:f8:df:52:46:b3:e4:a5:56:
         76:99:ec:df:be:29:29:ca:22:b2:0c:31:f9:b9:56:b2:ef:98:
         a5:a9:54:47:33:28:ef:df:15:7b:d0:09:97:f0:56:90:73:98:
         07:e0:db:ce:9d:8c:cd:d7:24:c6:0b:37:66:cf:cb:b3:f2:d2:
         8a:db:99:86:98:86:c0:c2:10:aa:66:8b:f5:97:5d:ec:6a:f5:
         42:ac:ee:51:51:0d:f6:43:1b:5f:6d:06:f0:24:7f:65:15:00:
         25:1d:7b:80:42:2e:56:fa:99:64:ee:ac:7f:e4:9a:9b:ba:7b:
         25:17:13:9b:28:95:5e:66:b4:c1:56:a0:db:b7:47:e4:a1:0c:
         de:2a:b4:4f:76:df:6b:df:87:f6:6a:1e:30:f2:67:e3:e9:d1:
         50:8e:21:d5:f6:50:87:23:72:2e:44:ac:43:54:1a:41:fc:d4:
         a8:6a:46:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4os/hGkdaCp2tT00AreiTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjYwMTAxMDgxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGYzODRmYjQ1N2MyODZhNjRlZGI2ZjBiN2JmMWE5NDYwNWQ3NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvokNseCnKZv+vFjIhthCkyhBXiAq
nJetNaO30C5HlYSPVh/S0955ZV3OuRgjlTmRQp4h7tlyBaET4PRNw4RujAz/q4RC
ZWmZduBHmBwKbuH4LAc7wtiRvdQiEc9x4lG0IQdlnXPWstIWYkEZQCfvfouEaVY1
bxdlgAJ9G7JUQu5C7tEdG7SvJCWj4Af1sRj++yuwR4kM94c3j5uEhl0f6rmklXAL
rFUND4SIX3fWYUbvpC5/f4CIQYjhPDmCmevssi5jR9lqapgHQglSYZZ/Sav2kWy0
XtFaiNZpomEsNULMhmKAe0WFcIRDy6dUyPgCRoAtYjDz4p68AzvrEtqhYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjzhPtFfChqZO228Le/GpRgXXZ8MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvS1BPRS0wVjhLR3BrN2Jid3Q3OGFsR0JkZG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh4MA0G
CSqGSIb3DQEBCwUAA4IBAQAcOHo136NWbVtYo5OEa/fRRzL6kls6t+B6StWQS2c3
c3PNMy2OmVyQTHosVCOaKsARSN108hOx6cZictAqj8PAwyFVthb9Iztd5z8Jp8au
8Ok++N9SRrPkpVZ2mezfvikpyiKyDDH5uVay75ilqVRHMyjv3xV70AmX8FaQc5gH
4NvOnYzN1yTGCzdmz8uz8tKK25mGmIbAwhCqZov1l13savVCrO5RUQ32QxtfbQbw
JH9lFQAlHXuAQi5W+plk7qx/5JqbunslFxObKJVeZrTBVqDbt0fkoQzeKrRPdt9r
34f2ah4w8mfj6dFQjiHV9lCHI3IuRKxDVBpB/NSoakby
-----END CERTIFICATE-----