This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/KqM5XDgI_gIy9O3UmMKLUWUHXOQ.roa
File:                     KqM5XDgI_gIy9O3UmMKLUWUHXOQ.roa (raw, json)
Hash identifier:          uBBprn8iUpipBM/piZ68Yxmj007S30ZT/FkMsMlB4ls=
Subject key identifier:   2A:A3:39:5C:38:08:FE:02:32:F4:ED:D4:98:C2:8B:51:65:07:5C:E4
Certificate issuer:       /CN=b00d3d34f61e484688bfff9cc703755823775998
Certificate serial:       019A9DC13A4723AE53C7BC5EE70A21D5E840
Authority key identifier: B0:0D:3D:34:F6:1E:48:46:88:BF:FF:9C:C7:03:75:58:23:77:59:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sA09NPYeSEaIv_-cxwN1WCN3WZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/KqM5XDgI_gIy9O3UmMKLUWUHXOQ.roa
Signing time:             Wed 19 Nov 2025 20:14:37 +0000
ROA not before:           Wed 19 Nov 2025 20:14:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208799
IP address blocks:        45.84.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/sA09NPYeSEaIv_-cxwN1WCN3WZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/sA09NPYeSEaIv_-cxwN1WCN3WZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sA09NPYeSEaIv_-cxwN1WCN3WZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:c1:3a:47:23:ae:53:c7:bc:5e:e7:0a:21:d5:e8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b00d3d34f61e484688bfff9cc703755823775998
        Validity
            Not Before: Nov 19 20:14:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2aa3395c3808fe0232f4edd498c28b5165075ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:97:d6:d3:0b:4a:5d:f8:b0:96:3f:4b:c0:
                    f8:7b:b7:1e:71:88:ec:94:cd:08:19:cd:2c:3e:fa:
                    f2:47:af:53:c1:43:d9:63:14:16:aa:bd:62:47:f5:
                    bb:59:2d:db:fa:87:3f:4b:21:a8:4e:5c:7c:7b:20:
                    55:a3:b8:58:83:c4:ac:82:de:28:02:c4:3a:e5:40:
                    e9:57:9a:79:1e:37:72:f4:f5:8a:1d:25:e3:80:81:
                    2d:f7:21:48:99:04:d7:1f:07:3f:86:d1:88:e2:28:
                    33:5d:3f:0b:d3:16:33:c9:70:b6:19:54:4a:16:a4:
                    15:ec:90:ab:e7:0f:0c:a4:4c:b4:87:17:77:db:41:
                    29:05:1b:19:35:f2:af:e4:8d:ba:aa:bb:6e:92:29:
                    f1:04:59:38:42:9f:f2:74:2c:99:1e:0f:02:19:24:
                    f9:eb:7f:aa:3a:51:f6:de:cf:cf:67:d1:74:d2:70:
                    f6:d0:af:13:01:7b:eb:18:d6:a2:9f:ea:c8:ab:43:
                    f7:c8:2c:b7:58:a3:37:c4:d4:a2:59:73:d4:a3:0a:
                    b1:6e:77:af:9d:3f:71:79:0d:38:d3:30:b2:e3:00:
                    d0:cb:de:4a:40:db:47:5e:7f:8d:a6:73:50:05:e3:
                    93:f7:ba:08:36:99:da:ca:25:04:ba:dc:95:e0:3b:
                    b7:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A3:39:5C:38:08:FE:02:32:F4:ED:D4:98:C2:8B:51:65:07:5C:E4
            X509v3 Authority Key Identifier:
                keyid:B0:0D:3D:34:F6:1E:48:46:88:BF:FF:9C:C7:03:75:58:23:77:59:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sA09NPYeSEaIv_-cxwN1WCN3WZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/KqM5XDgI_gIy9O3UmMKLUWUHXOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3b25f5-a190-48ff-a3e1-171dc5a98474/1/sA09NPYeSEaIv_-cxwN1WCN3WZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:19:ef:e3:59:db:b6:fc:75:73:00:a9:ba:df:2a:40:50:db:
         ae:e1:93:31:86:e8:1f:a3:42:1e:f1:83:7d:d7:21:71:3d:50:
         5b:20:70:33:06:c9:c1:fd:dc:0a:47:4d:85:68:54:4c:b5:6f:
         5c:e0:d2:97:5d:59:59:ab:df:8f:ac:05:b5:95:5e:83:c2:da:
         0a:20:3d:88:f6:51:00:28:95:22:f3:76:ad:c7:32:96:93:a9:
         b9:81:94:3a:0f:e9:46:f1:09:a5:ab:fd:42:c0:7d:da:43:2d:
         8e:f7:12:4c:46:fc:32:5a:64:62:24:f8:c1:07:c6:18:d4:d3:
         4e:5d:e0:3c:01:27:ce:b4:6f:a1:14:cc:5d:a2:e6:c3:d3:c1:
         ec:30:5f:89:13:a6:89:53:16:aa:1c:12:50:dd:54:a1:e5:24:
         f4:36:ac:77:c2:37:02:ca:2f:a9:e7:c7:fa:b8:1b:8f:4e:f3:
         12:ac:50:46:5e:54:2c:8a:57:d4:90:9b:49:bb:91:67:ec:37:
         57:b3:3d:87:9d:db:02:17:e0:49:97:11:58:46:df:f7:fb:df:
         9b:86:c3:d6:f1:c1:ef:b2:ff:23:05:62:7d:6d:5a:db:cf:08:
         78:b3:c9:b1:76:77:96:ac:f9:42:e0:b5:33:5b:21:07:75:80:
         fb:6b:fe:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqdwTpHI65Tx7xe5woh1ehAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMGQzZDM0ZjYxZTQ4NDY4OGJmZmY5Y2M3MDM3NTU4MjM3
NzU5OTgwHhcNMjUxMTE5MjAxNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWEzMzk1YzM4MDhmZTAyMzJmNGVkZDQ5OGMyOGI1MTY1MDc1Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ2X1tMLSl34sJY/S8D4e7cecYjs
lM0IGc0sPvryR69TwUPZYxQWqr1iR/W7WS3b+oc/SyGoTlx8eyBVo7hYg8Ssgt4o
AsQ65UDpV5p5Hjdy9PWKHSXjgIEt9yFImQTXHwc/htGI4igzXT8L0xYzyXC2GVRK
FqQV7JCr5w8MpEy0hxd320EpBRsZNfKv5I26qrtukinxBFk4Qp/ydCyZHg8CGST5
63+qOlH23s/PZ9F00nD20K8TAXvrGNain+rIq0P3yCy3WKM3xNSiWXPUowqxbnev
nT9xeQ040zCy4wDQy95KQNtHXn+NpnNQBeOT97oINpnayiUEutyV4Du3OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqjOVw4CP4CMvTt1JjCi1FlB1zkMB8GA1UdIwQY
MBaAFLANPTT2HkhGiL//nMcDdVgjd1mYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0EwOU5QWWVTRWFJdl8tY3h3TjFXQ04zV1pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zYjI1ZjUtYTE5MC00OGZmLWEzZTEt
MTcxZGM1YTk4NDc0LzEvS3FNNVhEZ0lfZ0l5OU8zVW1NS0xVV1VIWE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zYjI1ZjUtYTE5MC00OGZmLWEzZTEtMTcxZGM1YTk4NDc0
LzEvc0EwOU5QWWVTRWFJdl8tY3h3TjFXQ04zV1pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVQQMA0G
CSqGSIb3DQEBCwUAA4IBAQBMGe/jWdu2/HVzAKm63ypAUNuu4ZMxhugfo0Ie8YN9
1yFxPVBbIHAzBsnB/dwKR02FaFRMtW9c4NKXXVlZq9+PrAW1lV6DwtoKID2I9lEA
KJUi83atxzKWk6m5gZQ6D+lG8Qmlq/1CwH3aQy2O9xJMRvwyWmRiJPjBB8YY1NNO
XeA8ASfOtG+hFMxdoubD08HsMF+JE6aJUxaqHBJQ3VSh5ST0Nqx3wjcCyi+p58f6
uBuPTvMSrFBGXlQsilfUkJtJu5Fn7DdXsz2HndsCF+BJlxFYRt/3+9+bhsPW8cHv
sv8jBWJ9bVrbzwh4s8mxdneWrPlC4LUzWyEHdYD7a/6q
-----END CERTIFICATE-----