This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NKH7yCbIsh9-jt449q6rrHzCU6M.roa
File:                     NKH7yCbIsh9-jt449q6rrHzCU6M.roa (raw, json)
Hash identifier:          6njK+ZMBwtIZFwUie1OjtmVYM5deFlR5yGo0lkXQVCs=
Subject key identifier:   34:A1:FB:C8:26:C8:B2:1F:7E:8E:DE:38:F6:AE:AB:AC:7C:C2:53:A3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84975DA452B3F366DA03A4CC92FAFB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NKH7yCbIsh9-jt449q6rrHzCU6M.roa
Signing time:             Fri 02 Jan 2026 16:22:34 +0000
ROA not before:           Fri 02 Jan 2026 16:22:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39667
IP address blocks:        93.170.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:97:5d:a4:52:b3:f3:66:da:03:a4:cc:92:fa:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34a1fbc826c8b21f7e8ede38f6aeabac7cc253a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:90:9a:48:cf:f4:1a:42:7d:1e:61:ca:e6:e7:
                    e5:1b:53:3f:a8:0d:2b:4a:cc:77:3c:18:39:5e:6b:
                    a8:25:52:8b:0e:8c:a9:4f:29:c5:18:d1:7e:5b:33:
                    c2:8d:72:a1:47:e3:60:0c:e3:90:28:5f:8c:88:06:
                    e7:27:b8:d6:da:3d:43:7d:a5:51:ac:e6:d9:40:fe:
                    88:92:a4:af:74:61:b4:27:b5:24:13:1d:eb:25:23:
                    9a:2f:4a:16:65:97:6c:d2:0f:df:ff:c7:b6:f5:eb:
                    39:fe:85:8e:85:9a:45:2e:d3:c2:ff:0d:7c:ae:41:
                    02:ae:34:ba:97:0b:09:5b:99:64:e2:8c:ff:fc:83:
                    36:17:93:6d:7a:16:75:77:24:15:e2:00:60:05:c0:
                    e6:a4:ea:8c:e3:31:b7:61:4f:b1:c3:8c:53:e0:fa:
                    c6:14:60:1d:3a:2d:20:3d:7e:a0:6c:65:d1:98:da:
                    f1:ba:c7:18:92:f5:ca:97:65:1b:20:07:79:50:61:
                    c6:fb:74:ee:58:ad:4b:07:61:47:57:33:03:f1:cf:
                    16:cb:a1:ad:08:15:c7:13:21:16:15:6e:65:56:ed:
                    31:b5:73:a8:36:04:56:5b:77:df:94:6a:23:c8:24:
                    e6:fc:ec:28:87:9e:25:79:30:ae:7b:69:29:6e:9e:
                    16:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A1:FB:C8:26:C8:B2:1F:7E:8E:DE:38:F6:AE:AB:AC:7C:C2:53:A3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NKH7yCbIsh9-jt449q6rrHzCU6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a1:ba:f1:5d:0e:dd:d3:8a:43:21:7a:df:1a:98:6f:3f:fb:
         fc:d7:74:eb:bb:ec:e1:ea:32:45:5c:31:f8:c0:c4:a4:a8:76:
         d6:5c:67:a8:1d:ad:65:2f:31:73:65:0a:7e:ee:a8:07:e1:76:
         02:0c:37:f7:a4:a5:21:75:12:70:d4:e4:0f:84:54:d3:b3:12:
         6b:d6:de:4e:b6:69:67:35:52:a6:fb:36:54:e4:00:8d:0d:33:
         11:fa:22:80:5c:ce:e7:ec:1e:ff:8f:c8:c5:3e:1d:60:f6:12:
         f1:14:27:93:ea:cf:ab:14:df:28:d5:a9:f2:41:a6:b6:0e:8d:
         45:e1:3f:80:f1:b0:2b:60:15:f1:0b:99:a5:d6:1b:86:86:54:
         e7:e9:03:20:fb:e2:2c:18:23:c5:2d:b1:42:ad:81:cb:c2:a4:
         4c:f4:b7:f5:1e:24:8c:81:6a:61:a7:e6:9c:b9:c9:13:18:f0:
         63:aa:e1:4b:c6:66:52:80:f2:a1:1c:67:0d:71:e8:06:55:3e:
         23:ad:33:f2:59:a8:2e:c2:a7:1f:45:b8:d5:36:ce:0c:f2:ee:
         6a:b7:62:04:5d:63:62:0a:86:5a:d4:d2:92:14:59:06:8d:cd:
         4c:a3:19:5f:fa:46:7b:10:bc:de:cc:03:0e:48:3e:8d:83:f9:
         ea:6f:0b:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hJddpFKz82baA6TMkvr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGExZmJjODI2YzhiMjFmN2U4ZWRlMzhmNmFlYWJhYzdjYzI1M2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpCaSM/0GkJ9HmHK5uflG1M/qA0r
Ssx3PBg5XmuoJVKLDoypTynFGNF+WzPCjXKhR+NgDOOQKF+MiAbnJ7jW2j1DfaVR
rObZQP6IkqSvdGG0J7UkEx3rJSOaL0oWZZds0g/f/8e29es5/oWOhZpFLtPC/w18
rkECrjS6lwsJW5lk4oz//IM2F5NtehZ1dyQV4gBgBcDmpOqM4zG3YU+xw4xT4PrG
FGAdOi0gPX6gbGXRmNrxuscYkvXKl2UbIAd5UGHG+3TuWK1LB2FHVzMD8c8Wy6Gt
CBXHEyEWFW5lVu0xtXOoNgRWW3fflGojyCTm/Owoh54leTCue2kpbp4W8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSh+8gmyLIffo7eOPauq6x8wlOjMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTktIN3lDYklzaDktanQ0NDlxNnJySHpDVTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXarZMA0G
CSqGSIb3DQEBCwUAA4IBAQCyobrxXQ7d04pDIXrfGphvP/v813Tru+zh6jJFXDH4
wMSkqHbWXGeoHa1lLzFzZQp+7qgH4XYCDDf3pKUhdRJw1OQPhFTTsxJr1t5Otmln
NVKm+zZU5ACNDTMR+iKAXM7n7B7/j8jFPh1g9hLxFCeT6s+rFN8o1anyQaa2Do1F
4T+A8bArYBXxC5ml1huGhlTn6QMg++IsGCPFLbFCrYHLwqRM9Lf1HiSMgWphp+ac
uckTGPBjquFLxmZSgPKhHGcNcegGVT4jrTPyWaguwqcfRbjVNs4M8u5qt2IEXWNi
CoZa1NKSFFkGjc1Moxlf+kZ7ELzezAMOSD6Ng/nqbwsI
-----END CERTIFICATE-----