This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kfsJ64Izo6pWVWKhIb-DXhr1kGU.roa
File:                     kfsJ64Izo6pWVWKhIb-DXhr1kGU.roa (raw, json)
Hash identifier:          F1nXnfJnpQ/oPfAjKgXxoT7MWwATB0qKVEmKdIHjHBk=
Subject key identifier:   91:FB:09:EB:82:33:A3:AA:56:55:62:A1:21:BF:83:5E:1A:F5:90:65
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C1371D566177D1EB4D7ADDBC60897F4
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kfsJ64Izo6pWVWKhIb-DXhr1kGU.roa
Signing time:             Fri 02 Jan 2026 00:20:07 +0000
ROA not before:           Fri 02 Jan 2026 00:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50666
IP address blocks:        185.228.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:71:d5:66:17:7d:1e:b4:d7:ad:db:c6:08:97:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91fb09eb8233a3aa565562a121bf835e1af59065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:45:49:81:54:37:dd:ea:4e:8d:90:15:96:1e:
                    88:85:c0:a7:f8:a3:09:6a:6a:e3:df:8f:65:a2:c4:
                    25:84:0b:00:12:39:ba:3a:73:ad:26:8c:d0:2a:dd:
                    a3:44:a7:d9:e7:33:a7:2e:7a:49:39:32:7e:8e:9e:
                    33:a5:b7:b7:73:b0:14:81:f1:90:73:2b:7b:f5:60:
                    39:5e:69:34:20:40:65:bb:18:7b:fa:13:47:e4:e8:
                    dc:6c:e6:27:8a:af:06:04:80:fb:ad:c3:73:4f:9a:
                    4d:9c:16:7c:07:fe:80:29:84:c5:b7:31:23:85:bc:
                    86:bf:9f:ee:17:48:3e:81:c0:cc:87:f1:3e:48:45:
                    53:c1:43:db:7d:c9:5e:e8:5a:92:b0:df:8b:16:bd:
                    65:48:25:bd:4f:90:d1:06:29:f6:e5:f1:f6:6d:81:
                    d0:a5:35:8f:99:94:4a:03:90:5d:6b:cd:31:78:f0:
                    a2:fa:a7:6b:5e:27:5c:b3:81:95:21:d7:a2:d3:3d:
                    87:e3:f4:11:37:12:0a:ea:fe:9c:c8:5e:ec:48:29:
                    5d:94:c8:c2:92:66:d1:8c:a9:07:3f:b6:c0:5f:fc:
                    00:29:63:fa:44:6e:86:07:be:8c:77:39:bb:e0:c6:
                    9a:cf:99:d9:42:f3:da:ec:b8:f7:4b:b4:74:3c:a5:
                    8b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FB:09:EB:82:33:A3:AA:56:55:62:A1:21:BF:83:5E:1A:F5:90:65
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kfsJ64Izo6pWVWKhIb-DXhr1kGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:f9:ad:f9:28:cd:5d:32:3c:2f:36:d3:36:f8:1a:28:de:1b:
         79:c4:c2:54:3e:41:01:c4:af:6f:dd:78:72:9c:c3:37:d1:fd:
         36:69:18:79:ff:eb:b8:93:e4:64:ba:99:31:1c:d3:c8:0b:02:
         c2:42:4f:95:bb:1b:c4:f0:ad:35:07:7a:aa:c0:fd:c2:5f:aa:
         d3:89:14:7f:47:39:ee:15:0c:8b:e5:e0:f3:1c:fb:7e:14:2e:
         86:ae:53:a9:e3:ce:5c:97:24:b0:7d:c5:22:d2:d8:67:28:59:
         68:6d:eb:e6:1c:61:f7:d1:e8:57:8d:86:d9:3c:a1:8c:63:6d:
         f3:95:7b:f9:6a:50:b1:de:09:c0:04:4b:ea:bb:f5:98:ef:e8:
         1f:0e:15:0d:6f:ce:48:c6:6f:5a:47:b2:ed:51:f7:7d:ab:7c:
         7a:d2:93:43:ea:d0:4c:6e:90:c0:93:e7:57:f2:66:30:61:c3:
         88:94:77:b3:9a:37:11:3b:9b:75:cf:e7:1a:36:35:57:ef:6a:
         6b:82:7c:79:55:47:c7:b3:2d:36:20:d2:27:de:39:5b:f2:12:
         ad:67:19:66:c2:6b:68:4b:f6:04:ea:db:bb:cd:d8:f9:a5:c2:
         83:81:8b:31:f2:16:ab:36:cb:8d:0b:18:9a:4b:fc:3d:20:83:
         a4:8e:4e:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E3HVZhd9HrTXrdvGCJf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZiMDllYjgyMzNhM2FhNTY1NTYyYTEyMWJmODM1ZTFhZjU5MDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VJgVQ33epOjZAVlh6IhcCn+KMJ
amrj349losQlhAsAEjm6OnOtJozQKt2jRKfZ5zOnLnpJOTJ+jp4zpbe3c7AUgfGQ
cyt79WA5Xmk0IEBluxh7+hNH5OjcbOYniq8GBID7rcNzT5pNnBZ8B/6AKYTFtzEj
hbyGv5/uF0g+gcDMh/E+SEVTwUPbfcle6FqSsN+LFr1lSCW9T5DRBin25fH2bYHQ
pTWPmZRKA5Bda80xePCi+qdrXidcs4GVIdei0z2H4/QRNxIK6v6cyF7sSCldlMjC
kmbRjKkHP7bAX/wAKWP6RG6GB76Mdzm74Maaz5nZQvPa7Lj3S7R0PKWLyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH7CeuCM6OqVlVioSG/g14a9ZBlMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEva2ZzSjY0SXpvNnBXVldLaEliLURYaHIxa0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueSgMA0G
CSqGSIb3DQEBCwUAA4IBAQDA+a35KM1dMjwvNtM2+Boo3ht5xMJUPkEBxK9v3Xhy
nMM30f02aRh5/+u4k+RkupkxHNPICwLCQk+VuxvE8K01B3qqwP3CX6rTiRR/Rznu
FQyL5eDzHPt+FC6GrlOp485clySwfcUi0thnKFlobevmHGH30ehXjYbZPKGMY23z
lXv5alCx3gnABEvqu/WY7+gfDhUNb85Ixm9aR7LtUfd9q3x60pND6tBMbpDAk+dX
8mYwYcOIlHezmjcRO5t1z+caNjVX72prgnx5VUfHsy02INIn3jlb8hKtZxlmwmto
S/YE6tu7zdj5pcKDgYsx8harNsuNCxiaS/w9IIOkjk6q
-----END CERTIFICATE-----