This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/nokRMmTxz9Xd6z-hBVMNLvX9YfM.roa
File:                     nokRMmTxz9Xd6z-hBVMNLvX9YfM.roa (raw, json)
Hash identifier:          bPLMWPwlw8xLKZWkuAQ5tOhzaVyBMSkZqaVe4QemGq0=
Subject key identifier:   9E:89:11:32:64:F1:CF:D5:DD:EB:3F:A1:05:53:0D:2E:F5:FD:61:F3
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019B7E371DA3EEA5EEE0E6B8CAB87F8A9ED3
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/nokRMmTxz9Xd6z-hBVMNLvX9YfM.roa
Signing time:             Fri 02 Jan 2026 10:18:19 +0000
ROA not before:           Fri 02 Jan 2026 10:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61264
IP address blocks:        95.181.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:1d:a3:ee:a5:ee:e0:e6:b8:ca:b8:7f:8a:9e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  2 10:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e89113264f1cfd5ddeb3fa105530d2ef5fd61f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:50:f3:c2:cc:21:ad:4f:95:e2:8f:6f:83:78:
                    b8:6b:12:97:dc:e9:8c:85:5c:ef:79:ea:a4:47:d0:
                    95:52:28:65:3b:4b:73:96:11:e5:a1:12:5b:59:e8:
                    54:0b:f5:c0:84:2f:77:bc:1d:55:94:6e:56:f0:41:
                    ec:80:6b:a3:8e:8d:8d:bd:2f:87:5d:37:5f:fd:52:
                    f3:c9:25:e5:56:4b:01:e0:4a:f7:ef:2c:03:02:f5:
                    28:1c:76:8f:5d:29:8a:84:90:ce:2a:fe:61:a1:ee:
                    ec:2d:0e:03:e2:eb:07:d4:17:bb:cb:fb:b9:0e:6a:
                    bc:07:03:65:60:c7:d9:b4:eb:a5:f5:4e:d3:c2:9b:
                    fc:bc:ef:51:7d:ed:59:7d:69:73:af:b1:76:10:22:
                    e8:e8:31:96:ee:e5:92:92:24:81:f1:e2:c1:4f:68:
                    58:02:18:64:aa:ce:ad:27:50:c6:7a:60:38:d6:69:
                    82:62:b6:19:34:52:e3:27:21:45:37:01:df:ae:ee:
                    f8:7f:3a:84:ba:0d:f5:5f:42:57:ed:d0:1d:34:17:
                    b8:ae:63:61:cb:2a:c0:83:69:0e:55:13:a1:03:fc:
                    54:7e:7e:61:2e:c7:29:4e:c2:5c:0a:21:13:34:a9:
                    fc:38:a3:1e:64:8d:01:0c:64:5a:6f:82:83:a2:95:
                    ab:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:89:11:32:64:F1:CF:D5:DD:EB:3F:A1:05:53:0D:2E:F5:FD:61:F3
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/nokRMmTxz9Xd6z-hBVMNLvX9YfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:4b:33:20:dd:11:43:b5:fd:c8:19:c6:9a:e9:bc:cb:69:60:
         b6:d1:cb:ad:57:cb:ff:56:ca:77:2a:64:1d:26:0b:66:4c:fb:
         f2:86:c3:ae:20:9a:ea:6a:1f:b8:ee:08:01:31:0e:29:ec:e7:
         24:40:5b:6b:43:f4:15:1d:a9:05:81:0b:6c:ba:1f:1b:14:ef:
         45:93:de:77:8f:c2:66:bc:a2:8e:d0:03:94:85:3c:76:1f:2f:
         49:cb:a8:98:53:6c:d4:30:b7:15:46:68:5b:08:46:37:4d:3c:
         05:31:77:b5:01:20:af:73:bc:d7:67:c8:ad:1c:76:2e:27:f4:
         86:26:d0:de:23:c9:cf:e3:74:fd:61:9e:7a:8d:2b:ca:23:73:
         e4:b6:53:19:b4:86:17:39:97:0c:4e:3d:de:a6:6e:d3:bb:e5:
         5c:52:83:f0:49:f3:dd:18:37:f8:23:99:39:a2:a0:1c:de:cb:
         42:04:b1:69:61:4a:53:cc:fa:c3:af:b8:04:d1:cb:f5:28:e9:
         bd:3d:3c:7d:3e:ba:fb:d6:38:0d:49:3d:96:19:c1:ec:f0:9f:
         fd:76:e5:80:3c:85:ba:e0:3d:d4:d7:10:35:e3:1d:02:f5:a8:
         6c:ee:eb:d9:0b:9c:71:50:05:63:f6:b4:03:3d:aa:25:c7:e8:
         4e:1c:68:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+Nx2j7qXu4Oa4yrh/ip7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjYwMTAyMTAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg5MTEzMjY0ZjFjZmQ1ZGRlYjNmYTEwNTUzMGQyZWY1ZmQ2MWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1DzwswhrU+V4o9vg3i4axKX3OmM
hVzveeqkR9CVUihlO0tzlhHloRJbWehUC/XAhC93vB1VlG5W8EHsgGujjo2NvS+H
XTdf/VLzySXlVksB4Er37ywDAvUoHHaPXSmKhJDOKv5hoe7sLQ4D4usH1Be7y/u5
Dmq8BwNlYMfZtOul9U7Twpv8vO9Rfe1ZfWlzr7F2ECLo6DGW7uWSkiSB8eLBT2hY
Ahhkqs6tJ1DGemA41mmCYrYZNFLjJyFFNwHfru74fzqEug31X0JX7dAdNBe4rmNh
yyrAg2kOVROhA/xUfn5hLscpTsJcCiETNKn8OKMeZI0BDGRab4KDopWrRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6JETJk8c/V3es/oQVTDS71/WHzMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvbm9rUk1tVHh6OVhkNnotaEJWTU5Mdlg5WWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WQMA0G
CSqGSIb3DQEBCwUAA4IBAQAiSzMg3RFDtf3IGcaa6bzLaWC20cutV8v/Vsp3KmQd
JgtmTPvyhsOuIJrqah+47ggBMQ4p7OckQFtrQ/QVHakFgQtsuh8bFO9Fk953j8Jm
vKKO0AOUhTx2Hy9Jy6iYU2zUMLcVRmhbCEY3TTwFMXe1ASCvc7zXZ8itHHYuJ/SG
JtDeI8nP43T9YZ56jSvKI3PktlMZtIYXOZcMTj3epm7Tu+VcUoPwSfPdGDf4I5k5
oqAc3stCBLFpYUpTzPrDr7gE0cv1KOm9PTx9Prr71jgNST2WGcHs8J/9duWAPIW6
4D3U1xA14x0C9ahs7uvZC5xxUAVj9rQDPaolx+hOHGiP
-----END CERTIFICATE-----