This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/9NyFHYTj3seW0uDQ9d-qMgihTFQ.roa
File:                     9NyFHYTj3seW0uDQ9d-qMgihTFQ.roa (raw, json)
Hash identifier:          2XDA2KE71Iz1cppVJlV/1O+Z0hd+0MetH5FlOTLgBBc=
Subject key identifier:   F4:DC:85:1D:84:E3:DE:C7:96:D2:E0:D0:F5:DF:AA:32:08:A1:4C:54
Certificate issuer:       /CN=68d24addcc3d5b77a099a907122252a47c8f6310
Certificate serial:       019B79ED2CB8B4713E56143F409AAD6B3960
Authority key identifier: 68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/9NyFHYTj3seW0uDQ9d-qMgihTFQ.roa
Signing time:             Thu 01 Jan 2026 14:19:05 +0000
ROA not before:           Thu 01 Jan 2026 14:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200504
IP address blocks:        178.183.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:2c:b8:b4:71:3e:56:14:3f:40:9a:ad:6b:39:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d24addcc3d5b77a099a907122252a47c8f6310
        Validity
            Not Before: Jan  1 14:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4dc851d84e3dec796d2e0d0f5dfaa3208a14c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:05:7f:eb:ad:c0:5f:df:1d:ce:55:95:8d:bf:
                    d7:12:93:ac:15:3d:ce:09:92:5e:03:f4:17:aa:59:
                    9a:c8:b7:c1:20:e0:18:81:1b:78:dc:0e:22:70:3b:
                    0c:21:39:d1:a3:e2:12:4d:f6:e9:60:fe:34:eb:a8:
                    80:b9:7f:ae:56:3c:84:eb:a5:a9:92:5c:52:64:73:
                    0d:a2:8a:9f:ff:dc:03:c3:fc:48:21:6e:0e:a1:b5:
                    20:b7:5e:f2:28:3b:7e:2b:cd:79:9d:21:c5:63:62:
                    96:ea:d5:ad:59:88:01:8d:61:8d:89:4c:cd:9f:0f:
                    18:00:21:d4:ab:97:08:75:93:5a:a2:8d:fd:00:a6:
                    e4:bf:cb:2b:57:01:2f:c3:01:30:19:e3:42:23:ee:
                    6e:a5:c2:c4:b4:37:98:7c:fb:aa:20:85:d1:2e:5f:
                    1f:fd:06:38:36:dc:a1:23:17:38:c8:73:74:28:cb:
                    4b:b7:7d:03:75:22:50:9b:1f:70:94:b4:0b:d0:8e:
                    e0:1f:71:49:45:71:98:3a:fb:b4:f9:37:e6:82:88:
                    47:24:7a:6d:3b:55:58:25:b8:2c:ac:8d:f4:df:91:
                    f8:aa:20:9f:28:0e:3c:81:92:ad:92:2b:85:09:b6:
                    c1:4b:cc:b4:92:54:70:4d:11:4c:64:b2:98:4e:e2:
                    02:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DC:85:1D:84:E3:DE:C7:96:D2:E0:D0:F5:DF:AA:32:08:A1:4C:54
            X509v3 Authority Key Identifier:
                keyid:68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/9NyFHYTj3seW0uDQ9d-qMgihTFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.183.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:07:06:12:69:aa:23:b4:d9:51:56:5b:b5:7a:bb:fa:b1:a9:
         2d:00:5e:45:76:80:96:22:14:83:d4:b2:31:51:3c:74:2f:a6:
         15:31:75:8b:fc:56:4b:17:82:7a:d0:57:bc:63:ec:65:75:2f:
         17:3d:9e:64:94:d1:bd:79:8a:cb:69:35:64:f3:5f:65:5f:db:
         81:06:be:29:7a:86:f7:73:7f:69:d5:f2:80:dd:35:51:cf:6d:
         e3:c6:7d:33:47:73:dd:c8:3f:d0:54:f6:a1:13:82:57:c2:ed:
         bd:cc:9f:a8:55:76:44:7d:8a:af:47:fe:5d:39:04:ec:e0:08:
         7c:7c:ba:6b:37:65:70:c4:31:7a:a5:70:96:6b:a0:80:c3:e7:
         50:30:ac:8b:ef:6d:25:ba:f2:78:5e:a2:52:25:b9:92:b9:62:
         26:d9:e2:44:0e:9e:e2:90:a8:8c:7d:a7:39:d0:af:1b:35:50:
         f1:83:d4:1c:e8:58:c1:36:fe:ce:2c:fc:36:b4:8c:ae:20:89:
         3d:12:c4:69:3a:09:14:6b:a7:ba:a1:92:62:11:75:15:5e:21:
         da:34:ec:c7:4e:c7:57:bd:a8:6d:de:7f:a4:f9:2a:7d:53:2b:
         a9:2f:3f:22:c6:2f:c6:cd:de:21:d3:dd:e3:d8:49:98:17:24:
         58:77:bf:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Sy4tHE+VhQ/QJqtazlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDI0YWRkY2MzZDViNzdhMDk5YTkwNzEyMjI1MmE0N2M4
ZjYzMTAwHhcNMjYwMTAxMTQxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRjODUxZDg0ZTNkZWM3OTZkMmUwZDBmNWRmYWEzMjA4YTE0YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AV/663AX98dzlWVjb/XEpOsFT3O
CZJeA/QXqlmayLfBIOAYgRt43A4icDsMITnRo+ISTfbpYP4066iAuX+uVjyE66Wp
klxSZHMNooqf/9wDw/xIIW4OobUgt17yKDt+K815nSHFY2KW6tWtWYgBjWGNiUzN
nw8YACHUq5cIdZNaoo39AKbkv8srVwEvwwEwGeNCI+5upcLEtDeYfPuqIIXRLl8f
/QY4NtyhIxc4yHN0KMtLt30DdSJQmx9wlLQL0I7gH3FJRXGYOvu0+TfmgohHJHpt
O1VYJbgsrI3035H4qiCfKA48gZKtkiuFCbbBS8y0klRwTRFMZLKYTuICOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTchR2E497HltLg0PXfqjIIoUxUMB8GA1UdIwQY
MBaAFGjSSt3MPVt3oJmpBxIiUqR8j2MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYt
YjMxNmRiNTkzOGZmLzEvOU55RkhZVGozc2VXMHVEUTlkLXFNZ2loVEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYtYjMxNmRiNTkzOGZm
LzEvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsrcVMA0G
CSqGSIb3DQEBCwUAA4IBAQCLBwYSaaojtNlRVlu1erv6saktAF5FdoCWIhSD1LIx
UTx0L6YVMXWL/FZLF4J60Fe8Y+xldS8XPZ5klNG9eYrLaTVk819lX9uBBr4peob3
c39p1fKA3TVRz23jxn0zR3PdyD/QVPahE4JXwu29zJ+oVXZEfYqvR/5dOQTs4Ah8
fLprN2VwxDF6pXCWa6CAw+dQMKyL720luvJ4XqJSJbmSuWIm2eJEDp7ikKiMfac5
0K8bNVDxg9Qc6FjBNv7OLPw2tIyuIIk9EsRpOgkUa6e6oZJiEXUVXiHaNOzHTsdX
vaht3n+k+Sp9UyupLz8ixi/Gzd4h093j2EmYFyRYd78k
-----END CERTIFICATE-----