This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/iKbr2LK5J82gYuXSxnRiW9ytVSU.roa
File:                     iKbr2LK5J82gYuXSxnRiW9ytVSU.roa (raw, json)
Hash identifier:          SB/v/t0GxNGoad1gEDHjAA4/1IulHpKzS+RYj669lVk=
Subject key identifier:   88:A6:EB:D8:B2:B9:27:CD:A0:62:E5:D2:C6:74:62:5B:DC:AD:55:25
Certificate issuer:       /CN=d4ddf733a5f6d735abf27e892ae0e500d5727df3
Certificate serial:       019BF962090B60F2DE43D291127EEEA851F2
Authority key identifier: D4:DD:F7:33:A5:F6:D7:35:AB:F2:7E:89:2A:E0:E5:00:D5:72:7D:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1N33M6X21zWr8n6JKuDlANVyffM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/iKbr2LK5J82gYuXSxnRiW9ytVSU.roa
Signing time:             Mon 26 Jan 2026 08:18:30 +0000
ROA not before:           Mon 26 Jan 2026 08:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34573
IP address blocks:        46.174.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/1N33M6X21zWr8n6JKuDlANVyffM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/1N33M6X21zWr8n6JKuDlANVyffM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1N33M6X21zWr8n6JKuDlANVyffM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:18:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:62:09:0b:60:f2:de:43:d2:91:12:7e:ee:a8:51:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ddf733a5f6d735abf27e892ae0e500d5727df3
        Validity
            Not Before: Jan 26 08:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88a6ebd8b2b927cda062e5d2c674625bdcad5525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:29:cc:cc:6a:ab:30:e8:e9:d2:57:b4:47:3a:
                    5e:14:a3:0e:6e:96:05:d1:96:d8:45:4c:30:7c:5f:
                    83:fc:fd:51:ea:09:92:a6:24:a5:54:8d:e5:ed:5c:
                    1d:eb:41:ac:68:a3:3c:7d:48:ed:a8:32:3c:b3:52:
                    46:39:d6:89:c8:0b:b0:90:9d:db:da:3d:45:b0:85:
                    0a:34:6d:cb:9c:a5:7a:eb:f4:04:72:9c:aa:d8:2a:
                    72:c6:17:af:b7:34:b5:b7:0e:1d:5e:f3:36:21:dc:
                    03:15:eb:3b:37:c5:46:ab:f2:f3:26:27:e9:6c:c7:
                    d1:41:c2:2e:7f:fe:16:98:d0:10:15:c1:d0:bf:9c:
                    f6:f6:96:f8:69:fc:fa:ca:a5:37:5f:03:31:7e:c0:
                    05:a0:24:2d:d8:4b:07:0f:8c:1d:91:b4:27:b4:36:
                    da:07:83:5b:70:07:db:4f:6a:3e:25:5f:e6:04:fe:
                    43:53:7e:36:13:7d:be:f8:0d:bd:63:70:53:11:00:
                    87:87:ff:7f:29:29:a5:54:b4:58:89:2b:3a:f5:bc:
                    04:da:83:1e:84:e7:89:7f:ea:31:bb:11:39:b0:4f:
                    04:8c:dd:dc:af:8d:b2:e5:20:a9:ff:c7:1c:18:85:
                    68:8c:e3:5f:e8:6d:9a:67:38:27:35:2c:cc:ce:93:
                    35:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A6:EB:D8:B2:B9:27:CD:A0:62:E5:D2:C6:74:62:5B:DC:AD:55:25
            X509v3 Authority Key Identifier:
                keyid:D4:DD:F7:33:A5:F6:D7:35:AB:F2:7E:89:2A:E0:E5:00:D5:72:7D:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1N33M6X21zWr8n6JKuDlANVyffM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/iKbr2LK5J82gYuXSxnRiW9ytVSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d8466e-24be-4a6d-b55f-efe599bf5d87/1/1N33M6X21zWr8n6JKuDlANVyffM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:6a:c3:08:df:ee:3e:08:14:05:a3:f2:f8:3e:d6:e8:55:73:
         6e:d3:37:f3:bf:4c:23:cd:68:db:5c:85:57:62:28:63:5a:65:
         2c:7f:15:25:4c:cb:bc:cb:df:93:57:30:e2:bd:e7:eb:25:fa:
         55:d6:69:90:4d:cb:19:0d:4e:6b:cf:e5:00:05:ca:67:e6:c8:
         fc:d7:9e:9a:c6:34:10:4e:c1:5b:c2:31:4d:20:5f:7f:28:d0:
         93:f6:e6:ab:6d:97:d7:18:fc:71:f0:73:bc:38:e8:a6:bc:50:
         2f:7d:0c:78:66:3e:13:04:6e:98:16:90:c2:5f:68:66:dc:e5:
         28:86:70:26:2a:b9:fa:cd:16:cf:8e:b7:67:b7:bd:04:bd:2f:
         0e:01:c3:91:82:07:59:7f:ea:18:e4:cc:4f:8a:6b:e3:b8:c3:
         86:11:1c:cb:cf:15:8e:34:6a:60:9f:db:bf:9d:c0:57:2c:00:
         d9:cb:2a:2d:59:1c:3e:08:40:ed:fe:b2:f6:63:1d:b0:28:7b:
         96:17:96:c2:5f:0c:bd:11:06:05:6a:6c:30:8c:75:88:bb:e4:
         5c:42:65:15:11:06:23:0d:ea:61:69:58:47:dc:ac:ba:33:db:
         fb:12:94:0d:ea:f5:14:3b:ac:b3:05:3f:57:a4:12:19:a6:3f:
         59:f3:a4:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5YgkLYPLeQ9KREn7uqFHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZGRmNzMzYTVmNmQ3MzVhYmYyN2U4OTJhZTBlNTAwZDU3
MjdkZjMwHhcNMjYwMTI2MDgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE2ZWJkOGIyYjkyN2NkYTA2MmU1ZDJjNjc0NjI1YmRjYWQ1NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCnMzGqrMOjp0le0RzpeFKMObpYF
0ZbYRUwwfF+D/P1R6gmSpiSlVI3l7Vwd60GsaKM8fUjtqDI8s1JGOdaJyAuwkJ3b
2j1FsIUKNG3LnKV66/QEcpyq2CpyxhevtzS1tw4dXvM2IdwDFes7N8VGq/LzJifp
bMfRQcIuf/4WmNAQFcHQv5z29pb4afz6yqU3XwMxfsAFoCQt2EsHD4wdkbQntDba
B4NbcAfbT2o+JV/mBP5DU342E32++A29Y3BTEQCHh/9/KSmlVLRYiSs69bwE2oMe
hOeJf+oxuxE5sE8EjN3cr42y5SCp/8ccGIVojONf6G2aZzgnNSzMzpM1mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIim69iyuSfNoGLl0sZ0YlvcrVUlMB8GA1UdIwQY
MBaAFNTd9zOl9tc1q/J+iSrg5QDVcn3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU4zM002WDIxeldyOG42Skt1RGxBTlZ5ZmZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9kODQ2NmUtMjRiZS00YTZkLWI1NWYt
ZWZlNTk5YmY1ZDg3LzEvaUticjJMSzVKODJnWXVYU3huUmlXOXl0VlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9kODQ2NmUtMjRiZS00YTZkLWI1NWYtZWZlNTk5YmY1ZDg3
LzEvMU4zM002WDIxeldyOG42Skt1RGxBTlZ5ZmZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq4oMA0G
CSqGSIb3DQEBCwUAA4IBAQCbasMI3+4+CBQFo/L4PtboVXNu0zfzv0wjzWjbXIVX
YihjWmUsfxUlTMu8y9+TVzDivefrJfpV1mmQTcsZDU5rz+UABcpn5sj8156axjQQ
TsFbwjFNIF9/KNCT9uarbZfXGPxx8HO8OOimvFAvfQx4Zj4TBG6YFpDCX2hm3OUo
hnAmKrn6zRbPjrdnt70EvS8OAcORggdZf+oY5MxPimvjuMOGERzLzxWONGpgn9u/
ncBXLADZyyotWRw+CEDt/rL2Yx2wKHuWF5bCXwy9EQYFamwwjHWIu+RcQmUVEQYj
DephaVhH3Ky6M9v7EpQN6vUUO6yzBT9XpBIZpj9Z86Rj
-----END CERTIFICATE-----