This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/NtOmLk3Ecthj6nPCs4zxh7SF6Mg.roa
File:                     NtOmLk3Ecthj6nPCs4zxh7SF6Mg.roa (raw, json)
Hash identifier:          KP/kZ3LXZb2b6XuZM5JQejaPc2eczkoswDhOOh49koo=
Subject key identifier:   36:D3:A6:2E:4D:C4:72:D8:63:EA:73:C2:B3:8C:F1:87:B4:85:E8:C8
Certificate issuer:       /CN=f85d004446182d51fd38f7f75fe2a5c8608bc86d
Certificate serial:       019B7BA4440B6C876D49D064031034AF18C6
Authority key identifier: F8:5D:00:44:46:18:2D:51:FD:38:F7:F7:5F:E2:A5:C8:60:8B:C8:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/NtOmLk3Ecthj6nPCs4zxh7SF6Mg.roa
Signing time:             Thu 01 Jan 2026 22:18:41 +0000
ROA not before:           Thu 01 Jan 2026 22:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1764
IP address blocks:        185.57.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:44:0b:6c:87:6d:49:d0:64:03:10:34:af:18:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f85d004446182d51fd38f7f75fe2a5c8608bc86d
        Validity
            Not Before: Jan  1 22:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36d3a62e4dc472d863ea73c2b38cf187b485e8c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:88:ee:fc:56:57:25:0b:aa:1a:48:8a:d4:ab:
                    73:4b:12:8d:99:c1:55:87:86:9a:b9:21:2a:0d:6e:
                    09:05:f2:c1:b0:fa:cc:4c:82:b6:b9:da:45:84:71:
                    d1:79:4f:42:a4:eb:b8:2b:10:2d:f7:02:d8:ba:60:
                    51:2f:19:c4:c0:ed:40:cc:bb:b0:aa:d2:2c:f1:69:
                    ec:db:1f:29:3b:aa:c0:0a:b5:bd:5a:0f:03:fc:a2:
                    d5:24:27:86:4b:98:d5:a7:63:27:e9:b3:3c:95:f9:
                    72:3e:85:37:d6:a4:f0:fd:d2:5c:93:fb:89:dd:9b:
                    96:f0:a0:a2:02:a8:79:23:30:d8:a4:32:92:e9:50:
                    af:56:cd:f8:a9:12:85:8e:a3:09:b6:28:3a:71:43:
                    11:53:72:a1:d5:5c:c8:ca:f2:30:26:a4:84:76:0f:
                    b9:69:db:1d:f9:4b:45:52:9f:bc:79:4e:aa:a8:d7:
                    fc:00:dc:a2:5b:0b:99:2a:bb:bf:4c:7d:e1:51:51:
                    2b:ce:58:98:4d:9b:28:d4:cc:95:3f:a8:aa:e4:01:
                    da:17:99:59:76:43:cf:d9:d0:00:36:c5:be:0c:43:
                    40:a2:23:3b:6d:45:d3:5b:cc:e7:db:0b:6c:1e:15:
                    36:30:2f:72:e2:1d:a9:7a:b1:cc:15:c3:d6:60:b4:
                    22:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:D3:A6:2E:4D:C4:72:D8:63:EA:73:C2:B3:8C:F1:87:B4:85:E8:C8
            X509v3 Authority Key Identifier:
                keyid:F8:5D:00:44:46:18:2D:51:FD:38:F7:F7:5F:E2:A5:C8:60:8B:C8:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-F0AREYYLVH9OPf3X-KlyGCLyG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/NtOmLk3Ecthj6nPCs4zxh7SF6Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c9db52-ac91-406a-9f95-080ee0a97f6a/1/1-F0AREYYLVH9OPf3X-KlyGCLyG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:2d:40:70:fe:0b:de:35:d8:78:07:e9:77:57:d3:75:1a:89:
         c5:04:6f:96:81:45:37:20:bf:20:cd:6d:5b:e3:77:f4:94:1a:
         07:ad:df:57:e8:e5:4d:f7:86:8f:db:29:3f:87:ed:84:09:b2:
         6b:4b:ed:f8:bc:93:53:23:20:66:44:ff:dc:58:8c:ae:ce:5b:
         b8:c8:db:44:2d:13:d4:80:7b:4d:2f:36:d9:4b:84:ae:60:5a:
         05:b9:05:7d:7b:7f:a4:1d:2b:a1:af:f8:5a:0d:0c:83:81:a6:
         e4:a2:96:54:d1:e6:4e:3e:d4:6e:b1:7b:3a:80:4c:8c:1c:ab:
         69:2e:4c:94:02:7f:4f:1e:b5:22:ae:f9:d4:3f:8d:50:39:41:
         39:ea:62:58:28:b4:18:6e:81:35:3d:1f:3b:41:ea:af:a4:b8:
         35:49:d3:dd:08:43:7d:1b:21:be:33:6f:26:7b:60:b3:68:20:
         f7:62:62:db:11:b1:82:10:c7:11:01:98:be:5c:9e:ec:85:7c:
         b0:6b:55:5b:f2:17:05:a5:3e:5f:5c:b9:8a:10:8d:02:17:06:
         85:ea:69:18:1e:70:a7:12:c9:17:24:37:09:45:ca:a9:67:11:
         83:eb:8e:f2:aa:99:3d:6e:1b:2e:0f:36:59:7f:7e:e7:f7:25:
         1e:42:50:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7pEQLbIdtSdBkAxA0rxjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NWQwMDQ0NDYxODJkNTFmZDM4ZjdmNzVmZTJhNWM4NjA4
YmM4NmQwHhcNMjYwMTAxMjIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQzYTYyZTRkYzQ3MmQ4NjNlYTczYzJiMzhjZjE4N2I0ODVlOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIju/FZXJQuqGkiK1KtzSxKNmcFV
h4aauSEqDW4JBfLBsPrMTIK2udpFhHHReU9CpOu4KxAt9wLYumBRLxnEwO1AzLuw
qtIs8Wns2x8pO6rACrW9Wg8D/KLVJCeGS5jVp2Mn6bM8lflyPoU31qTw/dJck/uJ
3ZuW8KCiAqh5IzDYpDKS6VCvVs34qRKFjqMJtig6cUMRU3Kh1VzIyvIwJqSEdg+5
adsd+UtFUp+8eU6qqNf8ANyiWwuZKru/TH3hUVErzliYTZso1MyVP6iq5AHaF5lZ
dkPP2dAANsW+DENAoiM7bUXTW8zn2wtsHhU2MC9y4h2perHMFcPWYLQiYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDbTpi5NxHLYY+pzwrOM8Ye0hejIMB8GA1UdIwQY
MBaAFPhdAERGGC1R/Tj391/ipchgi8htMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1GMEFSRVlZTFZIOU9QZjNYLUtseUdDTHlHMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvYzlkYjUyLWFjOTEtNDA2YS05Zjk1
LTA4MGVlMGE5N2Y2YS8xL050T21MazNFY3RoajZuUENzNHp4aDdTRjZNZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvYzlkYjUyLWFjOTEtNDA2YS05Zjk1LTA4MGVlMGE5N2Y2
YS8xLzEtRjBBUkVZWUxWSDlPUGYzWC1LbHlHQ0x5RzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5OTMw
DQYJKoZIhvcNAQELBQADggEBACstQHD+C9412HgH6XdX03UaicUEb5aBRTcgvyDN
bVvjd/SUGget31fo5U33ho/bKT+H7YQJsmtL7fi8k1MjIGZE/9xYjK7OW7jI20Qt
E9SAe00vNtlLhK5gWgW5BX17f6QdK6Gv+FoNDIOBpuSillTR5k4+1G6xezqATIwc
q2kuTJQCf08etSKu+dQ/jVA5QTnqYlgotBhugTU9HztB6q+kuDVJ090IQ30bIb4z
byZ7YLNoIPdiYtsRsYIQxxEBmL5cnuyFfLBrVVvyFwWlPl9cuYoQjQIXBoXqaRge
cKcSyRckNwlFyqlnEYPrjvKqmT1uGy4PNll/fuf3JR5CUE4=
-----END CERTIFICATE-----