This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KUGnX9Es_eSZLc-ruzZ34ns5OVs.roa
File:                     KUGnX9Es_eSZLc-ruzZ34ns5OVs.roa (raw, json)
Hash identifier:          S0mVp+o5zlVqPkKboHQ4CFO6M/AkbC+6yx6KAxj7pCk=
Subject key identifier:   29:41:A7:5F:D1:2C:FD:E4:99:2D:CF:AB:BB:36:77:E2:7B:39:39:5B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C139C5B77DC419928327B2C583275D6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KUGnX9Es_eSZLc-ruzZ34ns5OVs.roa
Signing time:             Fri 02 Jan 2026 00:20:18 +0000
ROA not before:           Fri 02 Jan 2026 00:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214024
IP address blocks:        185.206.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:9c:5b:77:dc:41:99:28:32:7b:2c:58:32:75:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2941a75fd12cfde4992dcfabbb3677e27b39395b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4b:a3:e4:41:d5:41:96:62:49:24:2e:ba:4d:
                    f5:c8:88:4c:98:c4:38:8f:90:28:a3:25:d7:cd:26:
                    c7:bc:b9:23:8f:19:86:5e:e3:c6:65:60:3b:38:a7:
                    06:38:b2:12:7f:84:54:69:77:31:9b:b2:31:72:0c:
                    9b:15:e7:a8:aa:e7:3a:ab:b7:70:e9:f1:95:ad:0c:
                    c3:50:4d:8b:35:45:e4:f2:41:65:19:d1:df:c5:86:
                    6b:e0:fa:78:ab:90:60:2b:b6:88:85:d0:d2:59:8d:
                    dd:e1:b4:f9:d7:28:b4:d6:38:40:62:7c:11:06:fa:
                    07:a0:75:1c:a6:74:78:a6:99:5c:bb:62:5a:ac:42:
                    31:88:7a:6b:0d:72:51:e1:f8:fb:aa:04:33:00:f7:
                    96:44:cf:0f:54:99:a4:7e:5a:7b:ab:f9:db:00:a2:
                    57:01:0d:e0:75:e3:ac:ff:5b:da:e5:d5:47:b1:be:
                    87:dd:3e:a1:9c:e3:c1:10:f7:bb:ff:4d:f8:29:55:
                    79:f0:47:66:ef:f3:60:3f:af:bd:b6:4a:c3:7c:f3:
                    17:5d:b3:99:54:00:72:13:70:db:fa:15:1b:b4:3a:
                    b6:26:f1:48:62:03:91:d4:b9:3c:cf:67:5a:97:ea:
                    72:df:dd:65:ad:f3:b6:80:de:60:1d:0b:5c:7f:9f:
                    c0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:41:A7:5F:D1:2C:FD:E4:99:2D:CF:AB:BB:36:77:E2:7B:39:39:5B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KUGnX9Es_eSZLc-ruzZ34ns5OVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:56:b1:1b:2a:ed:11:ef:7b:5c:e5:1c:28:13:73:f6:65:1b:
         d9:44:e2:50:a0:2c:01:7c:e5:10:18:ff:2c:6a:9c:85:80:3d:
         46:46:07:d5:77:8f:9d:75:ed:82:67:c8:ca:c4:96:49:84:ed:
         95:8e:39:dc:84:db:56:1f:3f:a9:20:54:3d:1d:bf:80:4c:ee:
         1e:a3:a8:90:ef:aa:e3:9d:05:c9:41:af:86:f5:93:73:34:2f:
         24:a1:8c:6e:82:ac:a5:27:58:a1:7b:03:11:a2:da:50:aa:97:
         ca:b3:bc:9a:27:a3:eb:05:41:4f:1a:dc:c6:5d:52:06:db:19:
         fb:7a:16:0b:58:18:d2:c4:5c:f0:8f:a1:a4:72:e7:cc:87:8e:
         02:87:32:13:87:24:fe:46:65:b0:37:b3:db:d2:9f:31:be:98:
         59:17:b3:b3:0d:92:db:54:7a:26:fa:6f:60:0e:09:34:2d:69:
         b1:fc:f2:57:9d:a5:0b:10:fc:15:83:3a:b0:08:67:99:15:56:
         1c:93:86:5d:43:74:17:03:0f:ac:e1:57:c5:11:de:85:ef:39:
         d8:ac:8e:7b:6f:3d:69:fb:f3:72:8b:8e:6c:f7:eb:67:37:79:
         1f:ec:dc:66:8c:58:f3:e2:59:f9:fc:f1:0d:fb:62:6a:71:62:
         ac:21:ed:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E5xbd9xBmSgyeyxYMnXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQxYTc1ZmQxMmNmZGU0OTkyZGNmYWJiYjM2NzdlMjdiMzkzOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0uj5EHVQZZiSSQuuk31yIhMmMQ4
j5AooyXXzSbHvLkjjxmGXuPGZWA7OKcGOLISf4RUaXcxm7IxcgybFeeoquc6q7dw
6fGVrQzDUE2LNUXk8kFlGdHfxYZr4Pp4q5BgK7aIhdDSWY3d4bT51yi01jhAYnwR
BvoHoHUcpnR4pplcu2JarEIxiHprDXJR4fj7qgQzAPeWRM8PVJmkflp7q/nbAKJX
AQ3gdeOs/1va5dVHsb6H3T6hnOPBEPe7/034KVV58Edm7/NgP6+9tkrDfPMXXbOZ
VAByE3Db+hUbtDq2JvFIYgOR1Lk8z2dal+py391lrfO2gN5gHQtcf5/AOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClBp1/RLP3kmS3Pq7s2d+J7OTlbMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS1VHblg5RXNfZVNaTGMtcnV6WjM0bnM1T1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc76MA0G
CSqGSIb3DQEBCwUAA4IBAQAoVrEbKu0R73tc5RwoE3P2ZRvZROJQoCwBfOUQGP8s
apyFgD1GRgfVd4+dde2CZ8jKxJZJhO2VjjnchNtWHz+pIFQ9Hb+ATO4eo6iQ76rj
nQXJQa+G9ZNzNC8koYxugqylJ1ihewMRotpQqpfKs7yaJ6PrBUFPGtzGXVIG2xn7
ehYLWBjSxFzwj6GkcufMh44ChzIThyT+RmWwN7Pb0p8xvphZF7OzDZLbVHom+m9g
Dgk0LWmx/PJXnaULEPwVgzqwCGeZFVYck4ZdQ3QXAw+s4VfFEd6F7znYrI57bz1p
+/Nyi45s9+tnN3kf7NxmjFjz4ln5/PEN+2JqcWKsIe0I
-----END CERTIFICATE-----