This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/N7Z-KVIhy-3YXcEigFtIjfBgqyU.roa
File:                     N7Z-KVIhy-3YXcEigFtIjfBgqyU.roa (raw, json)
Hash identifier:          ua7m4lDdZT/nE5B7uMpIhoHMPNREsYJy7Na3JVYy+ho=
Subject key identifier:   37:B6:7E:29:52:21:CB:ED:D8:5D:C1:22:80:5B:48:8D:F0:60:AB:25
Certificate issuer:       /CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
Certificate serial:       019B76EB1DF63848926F087B795CF993BE98
Authority key identifier: A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/N7Z-KVIhy-3YXcEigFtIjfBgqyU.roa
Signing time:             Thu 01 Jan 2026 00:17:58 +0000
ROA not before:           Thu 01 Jan 2026 00:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134167
IP address blocks:        194.35.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:1d:f6:38:48:92:6f:08:7b:79:5c:f9:93:be:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
        Validity
            Not Before: Jan  1 00:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37b67e295221cbedd85dc122805b488df060ab25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:01:ea:a2:c9:f3:d2:59:cc:8d:e2:95:49:55:
                    19:35:a2:2c:16:0e:7f:a4:37:0b:e4:57:0a:97:91:
                    0a:94:37:22:3d:49:2c:6f:92:e1:a1:32:4d:dd:a5:
                    30:8a:34:25:7d:eb:8f:9c:0b:ce:1a:2d:34:05:02:
                    8f:ce:bf:fa:40:c6:51:d6:ea:37:d6:8d:a3:36:26:
                    27:15:7e:4b:ab:1d:de:f9:a6:6f:73:05:b3:e2:84:
                    c1:0f:7e:e8:ed:72:aa:3e:c4:0c:fb:14:fd:e4:aa:
                    f6:ff:3d:72:5f:51:29:d7:ef:44:ae:d7:51:9f:3c:
                    d1:2b:09:dc:fc:85:3e:0c:10:94:2e:0c:61:7c:32:
                    fb:79:e2:54:b5:c0:90:ae:e8:45:74:4b:29:a9:fd:
                    86:1d:57:ea:78:a3:53:17:ee:1e:ec:58:c4:87:6c:
                    e4:89:70:48:9a:38:9b:69:53:26:44:29:eb:69:93:
                    60:9c:9b:94:52:24:88:04:a7:51:cf:75:e2:68:d4:
                    94:af:12:9a:7e:41:b6:e8:6c:5d:90:de:be:8f:c4:
                    ea:02:07:ed:0e:70:08:92:84:04:74:2a:0d:02:9a:
                    a7:20:f7:b5:52:5e:97:15:d7:19:5b:16:7f:24:08:
                    4f:81:96:bc:96:41:40:36:c4:5e:ca:0f:78:9f:aa:
                    19:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B6:7E:29:52:21:CB:ED:D8:5D:C1:22:80:5B:48:8D:F0:60:AB:25
            X509v3 Authority Key Identifier:
                keyid:A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/N7Z-KVIhy-3YXcEigFtIjfBgqyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:47:b7:82:ad:75:b9:4a:c7:50:37:4f:c3:61:68:bf:66:f5:
         5c:a1:0d:00:09:cb:2b:c2:3f:f0:7c:4b:24:34:87:7d:51:c5:
         c5:93:af:83:6b:41:4e:bc:8b:5c:71:4b:16:90:14:70:fc:e2:
         99:53:b7:a9:49:20:0b:b5:d9:7c:55:47:33:6d:79:5b:88:eb:
         4e:03:71:02:e1:4b:54:23:82:ee:13:64:9b:8b:07:c1:2a:af:
         3a:65:98:f2:55:57:59:18:94:46:d2:d7:d9:c5:68:f7:59:dd:
         d2:4e:9d:f9:2b:8c:53:6a:87:68:2c:ba:d8:3c:22:de:66:b5:
         79:69:ad:c3:d9:38:21:3c:3d:4d:fd:cc:2b:80:ac:dd:4b:47:
         ef:85:97:7c:b3:e9:e7:8d:fb:04:e2:32:fe:8b:e4:ce:01:cc:
         2a:a9:06:b8:86:03:c4:8e:0a:b3:f3:ca:f5:a2:2b:a1:04:f7:
         d4:08:5e:c7:94:2f:e9:9d:3c:ce:f2:8a:27:6d:eb:76:dc:5d:
         29:95:91:da:47:f0:65:40:1a:25:ed:45:ba:70:08:4f:80:4d:
         31:84:36:06:1d:47:fb:00:b7:fb:78:ae:83:c5:7d:df:96:a7:
         ce:4a:b4:e7:bd:3f:7e:46:43:f5:79:eb:c0:ba:d0:8b:3f:a2:
         a7:7b:39:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26x32OEiSbwh7eVz5k76YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTA0NmQ4NWVjZjIwMWZiZWY1MWU4YmVhMWM0ZWQzM2Y5
NWIyNjgwHhcNMjYwMTAxMDAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I2N2UyOTUyMjFjYmVkZDg1ZGMxMjI4MDViNDg4ZGYwNjBhYjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QHqosnz0lnMjeKVSVUZNaIsFg5/
pDcL5FcKl5EKlDciPUksb5LhoTJN3aUwijQlfeuPnAvOGi00BQKPzr/6QMZR1uo3
1o2jNiYnFX5Lqx3e+aZvcwWz4oTBD37o7XKqPsQM+xT95Kr2/z1yX1Ep1+9ErtdR
nzzRKwnc/IU+DBCULgxhfDL7eeJUtcCQruhFdEspqf2GHVfqeKNTF+4e7FjEh2zk
iXBImjibaVMmRCnraZNgnJuUUiSIBKdRz3XiaNSUrxKafkG26GxdkN6+j8TqAgft
DnAIkoQEdCoNApqnIPe1Ul6XFdcZWxZ/JAhPgZa8lkFANsReyg94n6oZbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDe2filSIcvt2F3BIoBbSI3wYKslMB8GA1UdIwQY
MBaAFKZQRthezyAfvvUei+ocTtM/lbJoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUt
YmNjZDMyYWY5N2ZlLzEvTjdaLUtWSWh5LTNZWGNFaWdGdElqZkJncXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUtYmNjZDMyYWY5N2Zl
LzEvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiMKMA0G
CSqGSIb3DQEBCwUAA4IBAQCoR7eCrXW5SsdQN0/DYWi/ZvVcoQ0ACcsrwj/wfEsk
NId9UcXFk6+Da0FOvItccUsWkBRw/OKZU7epSSALtdl8VUczbXlbiOtOA3EC4UtU
I4LuE2SbiwfBKq86ZZjyVVdZGJRG0tfZxWj3Wd3STp35K4xTaodoLLrYPCLeZrV5
aa3D2TghPD1N/cwrgKzdS0fvhZd8s+nnjfsE4jL+i+TOAcwqqQa4hgPEjgqz88r1
oiuhBPfUCF7HlC/pnTzO8oonbet23F0plZHaR/BlQBol7UW6cAhPgE0xhDYGHUf7
ALf7eK6DxX3flqfOSrTnvT9+RkP1eevAutCLP6KneznV
-----END CERTIFICATE-----