This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/KPkdoY_KgRYfITsmBsTAiiNwJ1o.roa
File:                     KPkdoY_KgRYfITsmBsTAiiNwJ1o.roa (raw, json)
Hash identifier:          qNqRsYBUnp//vKxwQPAS8HfS3NzzNrMRwJJrGZ7LQGs=
Subject key identifier:   28:F9:1D:A1:8F:CA:81:16:1F:21:3B:26:06:C4:C0:8A:23:70:27:5A
Certificate issuer:       /CN=665e17c08acdc77e944b2839508f1fd711e8e97b
Certificate serial:       019B21C3F7481844C9C8B2E8CF895E59D6A9
Authority key identifier: 66:5E:17:C0:8A:CD:C7:7E:94:4B:28:39:50:8F:1F:D7:11:E8:E9:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/KPkdoY_KgRYfITsmBsTAiiNwJ1o.roa
Signing time:             Mon 15 Dec 2025 11:27:29 +0000
ROA not before:           Mon 15 Dec 2025 11:27:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        212.108.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 08:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:21:c3:f7:48:18:44:c9:c8:b2:e8:cf:89:5e:59:d6:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e17c08acdc77e944b2839508f1fd711e8e97b
        Validity
            Not Before: Dec 15 11:27:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28f91da18fca81161f213b2606c4c08a2370275a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:45:07:95:07:0b:05:c5:96:aa:af:89:f6:2a:
                    9f:39:48:df:54:f3:e8:4c:6c:65:19:b5:a7:e1:92:
                    bc:ad:a9:37:79:e1:cc:f1:d9:af:2b:e1:23:a2:26:
                    af:a5:20:00:13:a3:dc:79:3f:85:d6:06:01:dd:25:
                    e5:2d:fe:1f:d6:86:89:dc:18:e7:de:fe:64:00:fd:
                    e1:70:66:1b:a4:b4:34:3e:b7:4b:d7:12:1d:f3:f3:
                    b7:09:69:e3:72:21:66:be:bf:02:63:f5:fe:fa:99:
                    2c:e2:4e:3b:5b:7d:f6:ca:c3:b1:f3:21:2f:15:bf:
                    85:89:67:a8:f6:e0:fc:9c:b3:56:79:e5:89:8e:b0:
                    27:68:f3:07:c4:dc:33:7b:21:93:87:f9:e7:3a:7f:
                    e7:14:3d:6a:95:a1:0b:99:4c:a0:03:82:fb:b5:d3:
                    0e:4f:13:5a:16:8d:96:2d:61:80:0a:9a:f8:da:5d:
                    69:75:7a:55:b5:a1:de:42:59:66:8d:30:24:8d:b8:
                    d3:d5:14:a3:70:0b:c1:0e:2b:ae:fb:0d:9d:1a:5b:
                    c7:c6:24:cf:bf:a0:b2:64:39:5b:87:13:68:42:e4:
                    fe:9f:78:23:3e:45:8f:79:d0:4b:98:d8:d9:44:1b:
                    58:0a:8f:2e:19:99:7d:22:4b:f2:d2:e2:3d:4f:eb:
                    b1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F9:1D:A1:8F:CA:81:16:1F:21:3B:26:06:C4:C0:8A:23:70:27:5A
            X509v3 Authority Key Identifier:
                keyid:66:5E:17:C0:8A:CD:C7:7E:94:4B:28:39:50:8F:1F:D7:11:E8:E9:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/KPkdoY_KgRYfITsmBsTAiiNwJ1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:34:e1:89:b9:9e:64:66:01:dc:b9:fe:7e:d5:cc:0e:79:47:
         e2:1f:01:cc:1b:af:7b:2d:30:92:0d:0c:4b:a9:0f:0b:a1:96:
         e0:91:4b:25:b3:63:a3:7b:7e:a2:52:c3:c7:bf:99:4e:81:93:
         58:72:ea:68:89:21:eb:47:73:e0:c0:c3:17:9a:e0:41:ed:cd:
         7f:d0:91:df:0c:dc:2e:e2:f0:02:1a:a5:15:10:aa:49:0b:fb:
         f7:79:60:c1:71:42:05:84:b7:f6:15:e6:d0:0f:5a:52:63:9b:
         6c:9a:a6:c2:40:87:61:69:2b:27:ee:12:14:c4:b0:1b:5a:e3:
         a0:08:b5:a7:e8:58:aa:df:14:bd:4c:c8:aa:72:b7:96:31:7e:
         72:77:09:9b:5f:01:e4:be:05:41:6d:57:ac:d7:d5:6b:cc:5e:
         bb:16:bd:26:79:70:25:a8:89:77:57:1e:66:d0:d9:cb:7b:fb:
         4c:98:9a:7b:07:04:87:83:e7:ab:73:6f:92:d3:8a:5b:b9:37:
         2f:81:d0:19:da:68:4b:df:d4:4f:d6:66:6f:99:21:b0:bf:a7:
         c9:8b:9d:34:16:0e:2d:1e:c1:55:da:d8:47:60:80:5c:85:c9:
         87:e7:eb:5f:62:db:8a:fa:c4:5d:b7:e9:e9:6f:eb:63:82:bd:
         65:e4:9c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZshw/dIGETJyLLoz4leWdapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWUxN2MwOGFjZGM3N2U5NDRiMjgzOTUwOGYxZmQ3MTFl
OGU5N2IwHhcNMjUxMjE1MTEyNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGY5MWRhMThmY2E4MTE2MWYyMTNiMjYwNmM0YzA4YTIzNzAyNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80UHlQcLBcWWqq+J9iqfOUjfVPPo
TGxlGbWn4ZK8rak3eeHM8dmvK+EjoiavpSAAE6PceT+F1gYB3SXlLf4f1oaJ3Bjn
3v5kAP3hcGYbpLQ0PrdL1xId8/O3CWnjciFmvr8CY/X++pks4k47W332ysOx8yEv
Fb+FiWeo9uD8nLNWeeWJjrAnaPMHxNwzeyGTh/nnOn/nFD1qlaELmUygA4L7tdMO
TxNaFo2WLWGACpr42l1pdXpVtaHeQllmjTAkjbjT1RSjcAvBDiuu+w2dGlvHxiTP
v6CyZDlbhxNoQuT+n3gjPkWPedBLmNjZRBtYCo8uGZl9Ikvy0uI9T+uxlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCj5HaGPyoEWHyE7JgbEwIojcCdaMB8GA1UdIwQY
MBaAFGZeF8CKzcd+lEsoOVCPH9cR6Ol7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw0WHdJck54MzZVU3lnNVVJOGYxeEhvNlhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80MDY1OGUtYzFhNS00ODU4LTg5MTIt
MDBjZWViNmE0MTRmLzEvS1BrZG9ZX0tnUllmSVRzbUJzVEFpaU53SjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80MDY1OGUtYzFhNS00ODU4LTg5MTItMDBjZWViNmE0MTRm
LzEvWmw0WHdJck54MzZVU3lnNVVJOGYxeEhvNlhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxwMA0G
CSqGSIb3DQEBCwUAA4IBAQAuNOGJuZ5kZgHcuf5+1cwOeUfiHwHMG697LTCSDQxL
qQ8LoZbgkUsls2Oje36iUsPHv5lOgZNYcupoiSHrR3PgwMMXmuBB7c1/0JHfDNwu
4vACGqUVEKpJC/v3eWDBcUIFhLf2FebQD1pSY5tsmqbCQIdhaSsn7hIUxLAbWuOg
CLWn6Fiq3xS9TMiqcreWMX5ydwmbXwHkvgVBbVes19VrzF67Fr0meXAlqIl3Vx5m
0NnLe/tMmJp7BwSHg+erc2+S04pbuTcvgdAZ2mhL39RP1mZvmSGwv6fJi500Fg4t
HsFV2thHYIBchcmH5+tfYtuK+sRdt+npb+tjgr1l5JwL
-----END CERTIFICATE-----