This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/NdtOCJvzGmFZlmDg7mwNpBd1B_Q.roa
File:                     NdtOCJvzGmFZlmDg7mwNpBd1B_Q.roa (raw, json)
Hash identifier:          W9vZQt0X+AIDjmeyVAUiJ2h6aMzNBj5GBkBeIxqmyoM=
Subject key identifier:   35:DB:4E:08:9B:F3:1A:61:59:96:60:E0:EE:6C:0D:A4:17:75:07:F4
Certificate issuer:       /CN=ec05986897d024e48c7cd25e1891c4208ff3bbb2
Certificate serial:       019B7E3830C6FDF136B7F82A507DE6E74FEE
Authority key identifier: EC:05:98:68:97:D0:24:E4:8C:7C:D2:5E:18:91:C4:20:8F:F3:BB:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/NdtOCJvzGmFZlmDg7mwNpBd1B_Q.roa
Signing time:             Fri 02 Jan 2026 10:19:30 +0000
ROA not before:           Fri 02 Jan 2026 10:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12301
IP address blocks:        193.178.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:30:c6:fd:f1:36:b7:f8:2a:50:7d:e6:e7:4f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec05986897d024e48c7cd25e1891c4208ff3bbb2
        Validity
            Not Before: Jan  2 10:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35db4e089bf31a61599660e0ee6c0da4177507f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4f:34:fb:5d:a8:a8:f3:63:25:d3:e1:92:21:
                    63:8d:d2:16:7d:65:d6:e7:9c:5e:9f:be:da:0d:25:
                    bf:dd:6a:ca:41:2b:ea:02:a5:c4:4f:1b:30:23:39:
                    c6:4c:16:91:5c:a5:e6:6a:3e:8c:ce:e5:66:df:9d:
                    39:9a:f8:d7:28:66:c9:2d:20:9f:46:c0:5a:93:e6:
                    47:d0:bd:e7:44:e7:82:5f:4c:08:e6:41:01:27:b0:
                    55:70:3e:d3:d5:84:8c:d6:79:75:f5:50:b5:cd:23:
                    2f:ed:ce:08:2b:ec:c7:11:9f:b0:33:66:72:07:d9:
                    f9:50:d6:40:a1:09:8c:a4:ab:61:e0:77:4a:7a:d7:
                    df:d7:65:02:b9:56:9d:66:81:5e:08:84:08:22:bb:
                    b5:65:38:1c:9a:b0:05:74:73:9c:bc:42:a7:27:67:
                    e3:5e:a1:04:78:b2:82:2c:df:31:d4:15:5d:1f:63:
                    8d:47:58:e5:d9:a4:37:e3:c4:78:3d:f5:88:a6:03:
                    0f:42:e5:f5:a2:34:24:b5:ad:0f:d9:d5:72:5d:e2:
                    76:cb:3b:70:22:53:04:34:fe:64:56:a3:16:7b:91:
                    24:2d:50:6f:1a:87:d4:8e:f7:92:9a:0e:47:1c:10:
                    cb:eb:f8:06:31:1e:11:15:7f:e6:31:3c:48:7d:b4:
                    43:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DB:4E:08:9B:F3:1A:61:59:96:60:E0:EE:6C:0D:A4:17:75:07:F4
            X509v3 Authority Key Identifier:
                keyid:EC:05:98:68:97:D0:24:E4:8C:7C:D2:5E:18:91:C4:20:8F:F3:BB:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/NdtOCJvzGmFZlmDg7mwNpBd1B_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:66:4a:7d:93:c3:f2:80:07:1b:73:e1:32:26:1b:00:cd:1d:
         e8:54:2c:d9:6f:ff:f7:5a:82:0d:9a:38:f2:d7:ce:8d:48:12:
         fb:4f:79:92:5d:c0:cc:81:eb:a2:b3:a9:df:7f:de:ea:0e:9d:
         8e:96:ea:a5:47:d6:9a:33:74:25:05:7e:5d:09:e9:18:9a:f7:
         6c:45:dd:7e:5c:44:62:a0:62:2d:6f:b8:ed:ec:8c:9d:2e:8a:
         97:f8:0c:25:db:93:35:8f:db:1b:54:15:9a:2e:4e:fa:93:2a:
         39:97:0d:12:01:aa:88:e9:85:57:5c:b2:02:ef:c2:15:36:e0:
         eb:48:6f:35:38:66:8c:8e:25:06:0d:3b:31:6b:d5:e3:d6:3d:
         b0:2b:a6:ee:3c:e2:4c:9b:36:d3:0e:07:6d:30:5a:99:18:0d:
         32:05:6f:7b:3b:78:12:54:28:8b:ce:7c:81:e2:4d:3a:da:f6:
         b0:e3:8e:06:0a:58:e2:6b:69:48:7a:8b:1d:c4:3f:9d:10:b0:
         11:71:be:af:8d:5c:4e:45:e4:67:fe:65:13:fc:6d:67:9d:6f:
         fa:82:f5:7d:a9:cf:0b:ac:96:2d:c0:b2:9f:a6:c7:ca:72:56:
         c5:0b:a7:41:00:b7:d6:8f:80:92:00:29:6c:50:e1:fb:f1:56:
         cd:d4:78:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ODDG/fE2t/gqUH3m50/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMDU5ODY4OTdkMDI0ZTQ4YzdjZDI1ZTE4OTFjNDIwOGZm
M2JiYjIwHhcNMjYwMTAyMTAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWRiNGUwODliZjMxYTYxNTk5NjYwZTBlZTZjMGRhNDE3NzUwN2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2E80+12oqPNjJdPhkiFjjdIWfWXW
55xen77aDSW/3WrKQSvqAqXETxswIznGTBaRXKXmaj6MzuVm3505mvjXKGbJLSCf
RsBak+ZH0L3nROeCX0wI5kEBJ7BVcD7T1YSM1nl19VC1zSMv7c4IK+zHEZ+wM2Zy
B9n5UNZAoQmMpKth4HdKetff12UCuVadZoFeCIQIIru1ZTgcmrAFdHOcvEKnJ2fj
XqEEeLKCLN8x1BVdH2ONR1jl2aQ348R4PfWIpgMPQuX1ojQkta0P2dVyXeJ2yztw
IlMENP5kVqMWe5EkLVBvGofUjveSmg5HHBDL6/gGMR4RFX/mMTxIfbRDeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXbTgib8xphWZZg4O5sDaQXdQf0MB8GA1UdIwQY
MBaAFOwFmGiX0CTkjHzSXhiRxCCP87uyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0FXWWFKZlFKT1NNZk5KZUdKSEVJSV96dTdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hZDZhZjAtMDA1Zi00M2EzLWFhOWQt
NzY2ZDFmMzI0MzNjLzEvTmR0T0NKdnpHbUZabG1EZzdtd05wQmQxQl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hZDZhZjAtMDA1Zi00M2EzLWFhOWQtNzY2ZDFmMzI0MzNj
LzEvN0FXWWFKZlFKT1NNZk5KZUdKSEVJSV96dTdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKoMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Zkp9k8PygAcbc+EyJhsAzR3oVCzZb//3WoINmjjy
186NSBL7T3mSXcDMgeuis6nff97qDp2OluqlR9aaM3QlBX5dCekYmvdsRd1+XERi
oGItb7jt7IydLoqX+Awl25M1j9sbVBWaLk76kyo5lw0SAaqI6YVXXLIC78IVNuDr
SG81OGaMjiUGDTsxa9Xj1j2wK6buPOJMmzbTDgdtMFqZGA0yBW97O3gSVCiLznyB
4k062vaw444GCljia2lIeosdxD+dELARcb6vjVxOReRn/mUT/G1nnW/6gvV9qc8L
rJYtwLKfpsfKclbFC6dBALfWj4CSAClsUOH78VbN1HgX
-----END CERTIFICATE-----