This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/nkfXYoc4Mcgj_WnSgw1MfRAkUv8.roa
File:                     nkfXYoc4Mcgj_WnSgw1MfRAkUv8.roa (raw, json)
Hash identifier:          uTw63Gl3rRgs6l5JsMFtSBnpBCOYFjYiM97n8RknJaU=
Subject key identifier:   9E:47:D7:62:87:38:31:C8:23:FD:69:D2:83:0D:4C:7D:10:24:52:FF
Certificate issuer:       /CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
Certificate serial:       019B7BA3EAE8D432C85395E95CA02A8C13AD
Authority key identifier: FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/nkfXYoc4Mcgj_WnSgw1MfRAkUv8.roa
Signing time:             Thu 01 Jan 2026 22:18:18 +0000
ROA not before:           Thu 01 Jan 2026 22:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30860
IP address blocks:        91.234.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:ea:e8:d4:32:c8:53:95:e9:5c:a0:2a:8c:13:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
        Validity
            Not Before: Jan  1 22:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e47d762873831c823fd69d2830d4c7d102452ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:83:0e:87:27:4e:4d:11:cc:a7:7f:40:a6:d7:
                    b9:21:54:9b:f1:16:8f:8e:7e:b3:bd:46:06:a3:e6:
                    a1:1a:13:04:13:63:61:43:40:95:88:06:5a:84:05:
                    26:7b:a2:1e:bf:2b:cb:b8:ec:1b:3c:4a:84:b7:3d:
                    15:ad:87:f4:fa:87:21:16:eb:22:6b:25:1c:5b:2c:
                    1c:c3:d7:da:ea:81:b8:f3:5c:aa:d0:19:68:91:84:
                    6e:4a:3f:b3:86:a1:28:d3:f8:5b:66:ed:34:a3:05:
                    86:f6:0e:23:e6:ee:aa:31:c5:81:64:eb:11:c4:b8:
                    99:d8:44:5b:0b:ed:46:db:cb:0b:a5:1a:9f:46:4c:
                    54:13:3e:d7:b8:d5:30:c1:4b:64:ae:02:20:89:c7:
                    c3:06:a6:e5:87:a1:63:58:12:16:f5:c5:0f:ad:7c:
                    f3:1d:8e:91:d0:fa:f7:25:a9:dd:de:8c:bf:86:b5:
                    2a:2c:7d:5b:80:0b:98:c4:55:77:b5:32:d0:ec:a9:
                    8f:38:4b:bf:55:9d:26:04:40:d6:5b:d2:74:bd:df:
                    05:21:67:c5:46:48:ae:8d:cb:a1:c6:0f:27:1f:38:
                    63:1e:53:75:19:48:83:4a:20:92:67:b1:30:dc:1f:
                    80:8c:15:e8:88:9a:88:cd:16:56:77:26:c3:f9:0c:
                    20:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:47:D7:62:87:38:31:C8:23:FD:69:D2:83:0D:4C:7D:10:24:52:FF
            X509v3 Authority Key Identifier:
                keyid:FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/nkfXYoc4Mcgj_WnSgw1MfRAkUv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:7f:5e:f9:b0:f6:53:dc:46:d1:7b:3f:bc:a2:bf:68:e7:03:
         c5:45:57:40:75:2d:c5:58:7d:a9:7b:7b:a9:ca:d7:83:3a:ca:
         fe:35:e7:53:9a:97:99:f0:19:61:28:0d:97:5a:b1:e6:87:92:
         ea:a2:e6:a6:ad:37:90:47:33:e7:17:8a:55:01:9d:92:2f:71:
         59:b2:c2:0d:35:77:6a:cb:05:55:2e:4c:50:cf:7b:9e:b8:5d:
         52:4e:b6:20:bb:91:8a:34:7c:8d:ce:96:ec:f6:04:19:5f:b2:
         7f:c5:4d:98:6b:9b:c9:1f:ec:85:ee:63:df:72:33:ed:7e:ad:
         20:cf:7c:a9:41:1f:30:b1:70:1c:44:16:75:04:da:c5:83:41:
         96:e9:a5:f9:5c:5b:e1:64:58:61:ea:06:80:5a:55:97:5f:a5:
         fb:40:d6:ad:69:4b:23:58:bf:df:e7:c7:23:5f:26:2b:ca:2d:
         5d:1a:8e:4b:28:c9:2c:b3:0d:eb:4e:e1:65:cd:56:bc:ff:f5:
         85:e7:8b:8f:1a:16:a2:3f:ec:bf:07:6e:3a:a0:86:87:16:95:
         05:d1:90:f5:e9:08:bb:dc:94:d3:e5:2c:e4:f1:2f:74:5a:9d:
         6d:11:a5:dd:f5:96:dd:0a:20:04:51:d2:3e:53:da:ea:90:94:
         36:4c:76:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o+ro1DLIU5XpXKAqjBOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmN2Q4YTc5YmFkNGY5ODNkMGM0OTg5NWFmNTBlYThhMDNl
YmM3MGQwHhcNMjYwMTAxMjIxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ3ZDc2Mjg3MzgzMWM4MjNmZDY5ZDI4MzBkNGM3ZDEwMjQ1MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYMOhydOTRHMp39Apte5IVSb8RaP
jn6zvUYGo+ahGhMEE2NhQ0CViAZahAUme6IevyvLuOwbPEqEtz0VrYf0+ochFusi
ayUcWywcw9fa6oG481yq0BlokYRuSj+zhqEo0/hbZu00owWG9g4j5u6qMcWBZOsR
xLiZ2ERbC+1G28sLpRqfRkxUEz7XuNUwwUtkrgIgicfDBqblh6FjWBIW9cUPrXzz
HY6R0Pr3Jand3oy/hrUqLH1bgAuYxFV3tTLQ7KmPOEu/VZ0mBEDWW9J0vd8FIWfF
Rkiujcuhxg8nHzhjHlN1GUiDSiCSZ7Ew3B+AjBXoiJqIzRZWdybD+QwgpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5H12KHODHII/1p0oMNTH0QJFL/MB8GA1UdIwQY
MBaAFP99inm61PmD0MSYla9Q6ooD68cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2Mt
MDg3M2UzOTk0ZDBlLzEvbmtmWFlvYzRNY2dqX1duU2d3MU1mUkFrVXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2MtMDg3M2UzOTk0ZDBl
LzEvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+oEMA0G
CSqGSIb3DQEBCwUAA4IBAQB4f175sPZT3EbRez+8or9o5wPFRVdAdS3FWH2pe3up
yteDOsr+NedTmpeZ8BlhKA2XWrHmh5LqouamrTeQRzPnF4pVAZ2SL3FZssINNXdq
ywVVLkxQz3ueuF1STrYgu5GKNHyNzpbs9gQZX7J/xU2Ya5vJH+yF7mPfcjPtfq0g
z3ypQR8wsXAcRBZ1BNrFg0GW6aX5XFvhZFhh6gaAWlWXX6X7QNataUsjWL/f58cj
XyYryi1dGo5LKMkssw3rTuFlzVa8//WF54uPGhaiP+y/B246oIaHFpUF0ZD16Qi7
3JTT5Szk8S90Wp1tEaXd9ZbdCiAEUdI+U9rqkJQ2THZC
-----END CERTIFICATE-----