This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NhG_kV-pKx6Lmu22QNrZIQ2v4hY.roa
File:                     NhG_kV-pKx6Lmu22QNrZIQ2v4hY.roa (raw, json)
Hash identifier:          mbHJqfw2wfGoiiXRO0jvUb9BIdUA0N75I32fbA6vwX4=
Subject key identifier:   36:11:BF:91:5F:A9:2B:1E:8B:9A:ED:B6:40:DA:D9:21:0D:AF:E2:16
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B775918FBBED43606D59F0AAD4D300D18
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NhG_kV-pKx6Lmu22QNrZIQ2v4hY.roa
Signing time:             Thu 01 Jan 2026 02:18:06 +0000
ROA not before:           Thu 01 Jan 2026 02:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213147
IP address blocks:        77.65.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:18:fb:be:d4:36:06:d5:9f:0a:ad:4d:30:0d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3611bf915fa92b1e8b9aedb640dad9210dafe216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:97:b5:be:67:16:22:f4:4d:8d:50:36:6f:cd:
                    d9:4f:cc:45:7f:7d:25:c7:7e:00:08:2d:85:e3:08:
                    35:bb:9a:9c:39:6f:76:1f:41:8e:69:8c:72:a5:0d:
                    50:54:85:23:1a:c6:c8:8d:b9:31:15:18:0c:e8:98:
                    97:b7:0d:ce:a3:97:db:05:74:4c:87:46:9e:4f:06:
                    69:25:e1:9e:ca:d6:26:45:68:b6:67:95:3b:5c:83:
                    7e:f8:72:41:10:33:78:b1:d2:a2:bf:81:9e:77:a8:
                    5a:ae:11:22:79:cd:96:84:76:27:ea:5b:d9:48:33:
                    81:76:78:c2:80:b4:3a:07:4b:83:82:34:13:67:f2:
                    d7:21:aa:94:da:ff:82:7f:fe:8b:49:6d:eb:ad:bb:
                    0b:a2:67:0d:b7:69:21:c9:51:6e:39:41:16:e2:a7:
                    e7:ed:ff:33:ba:47:25:50:fc:04:4e:3b:6c:12:ce:
                    bf:51:47:e3:c7:1b:f0:70:6c:04:d0:33:6b:31:b7:
                    8f:a8:9c:ea:e3:ea:ea:66:19:cc:a1:42:29:54:45:
                    8f:e3:b9:c0:b5:46:e4:69:17:e1:1b:bc:18:8a:f0:
                    7f:80:ef:80:44:f4:5f:81:c4:ba:ae:2d:f7:63:88:
                    36:bb:b7:a0:e6:7c:91:07:fa:19:9b:7d:7f:5a:60:
                    84:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:11:BF:91:5F:A9:2B:1E:8B:9A:ED:B6:40:DA:D9:21:0D:AF:E2:16
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NhG_kV-pKx6Lmu22QNrZIQ2v4hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:27:57:e0:43:1c:ad:d3:0b:1c:94:0d:c4:a8:9c:fa:e3:3f:
         47:a7:5d:dd:e2:9b:55:8e:81:77:6f:e9:82:88:97:24:fe:4a:
         93:97:9c:40:25:6b:85:9a:41:7b:03:02:3e:8c:54:51:86:7e:
         5d:32:2f:a9:a2:cf:ee:4a:80:91:98:8a:4c:24:b8:c4:4f:e0:
         a5:57:96:a5:47:94:ee:f3:59:7a:fc:f5:a8:65:7d:d7:ff:56:
         8b:20:59:34:c9:74:05:b4:94:8d:b3:84:2a:47:ea:b6:26:97:
         ac:9c:a8:a9:ea:7c:52:f4:a5:d0:df:c0:f8:ae:f1:0c:00:88:
         cf:43:1e:08:84:e7:9e:dd:57:56:20:39:ce:ee:18:ac:37:f9:
         7a:31:54:0c:62:24:a4:8f:00:b3:64:e2:00:9f:f8:b5:1c:0e:
         11:f2:23:2a:80:e4:e2:40:9b:a2:00:1f:8f:5e:8e:58:bd:ed:
         b5:c2:9a:56:c7:fa:b5:bd:ae:de:57:bc:5e:c1:94:19:e9:cd:
         b2:68:31:a1:93:7d:e1:30:8d:f7:6c:c3:83:b0:52:2a:1a:48:
         7f:08:ab:53:a5:67:3a:29:13:4e:f1:c9:72:27:bb:6a:0c:9b:
         25:9c:95:fc:49:fa:07:2c:3f:24:2c:92:bd:23:5d:e2:65:5a:
         14:90:46:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WRj7vtQ2BtWfCq1NMA0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjExYmY5MTVmYTkyYjFlOGI5YWVkYjY0MGRhZDkyMTBkYWZlMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45e1vmcWIvRNjVA2b83ZT8xFf30l
x34ACC2F4wg1u5qcOW92H0GOaYxypQ1QVIUjGsbIjbkxFRgM6JiXtw3Oo5fbBXRM
h0aeTwZpJeGeytYmRWi2Z5U7XIN++HJBEDN4sdKiv4Ged6harhEiec2WhHYn6lvZ
SDOBdnjCgLQ6B0uDgjQTZ/LXIaqU2v+Cf/6LSW3rrbsLomcNt2khyVFuOUEW4qfn
7f8zukclUPwETjtsEs6/UUfjxxvwcGwE0DNrMbePqJzq4+rqZhnMoUIpVEWP47nA
tUbkaRfhG7wYivB/gO+ARPRfgcS6ri33Y4g2u7eg5nyRB/oZm31/WmCEBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYRv5FfqSsei5rttkDa2SENr+IWMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTmhHX2tWLXBLeDZMbXUyMlFOclpJUTJ2NGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUGXMA0G
CSqGSIb3DQEBCwUAA4IBAQBHJ1fgQxyt0wsclA3EqJz64z9Hp13d4ptVjoF3b+mC
iJck/kqTl5xAJWuFmkF7AwI+jFRRhn5dMi+pos/uSoCRmIpMJLjET+ClV5alR5Tu
81l6/PWoZX3X/1aLIFk0yXQFtJSNs4QqR+q2JpesnKip6nxS9KXQ38D4rvEMAIjP
Qx4IhOee3VdWIDnO7hisN/l6MVQMYiSkjwCzZOIAn/i1HA4R8iMqgOTiQJuiAB+P
Xo5Yve21wppWx/q1va7eV7xewZQZ6c2yaDGhk33hMI33bMODsFIqGkh/CKtTpWc6
KRNO8clyJ7tqDJslnJX8SfoHLD8kLJK9I13iZVoUkEYM
-----END CERTIFICATE-----