This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/nkFi4zOTIt8Fj-eCjPg6D7Iy51o.roa
File:                     nkFi4zOTIt8Fj-eCjPg6D7Iy51o.roa (raw, json)
Hash identifier:          UdJTiJsgedTzEhhlzmy6WzaUSyV+MLTP+RugLowZfx8=
Subject key identifier:   9E:41:62:E3:33:93:22:DF:05:8F:E7:82:8C:F8:3A:0F:B2:32:E7:5A
Certificate issuer:       /CN=331706b915bab8dac2b5547fbc87adeb61e6aede
Certificate serial:       019B7EA487A922E97E8EF6FE91ACBC737997
Authority key identifier: 33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/nkFi4zOTIt8Fj-eCjPg6D7Iy51o.roa
Signing time:             Fri 02 Jan 2026 12:17:50 +0000
ROA not before:           Fri 02 Jan 2026 12:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41998
IP address blocks:        185.7.68.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:87:a9:22:e9:7e:8e:f6:fe:91:ac:bc:73:79:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331706b915bab8dac2b5547fbc87adeb61e6aede
        Validity
            Not Before: Jan  2 12:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e4162e3339322df058fe7828cf83a0fb232e75a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1b:6a:01:52:32:ff:cd:42:0e:4c:10:49:05:
                    8f:0e:7c:5d:49:af:1d:c5:4f:34:a1:55:74:90:34:
                    2a:f6:e8:8b:08:b4:e1:22:ed:e7:5e:1d:65:76:0c:
                    65:d2:59:84:54:6d:5c:eb:01:64:8c:62:e1:d0:6e:
                    12:17:f1:8c:d7:39:13:f5:93:04:be:bf:ef:87:5b:
                    d5:28:8a:ae:d6:7e:fe:a5:f1:4a:af:c4:ad:62:43:
                    3b:4c:4b:4b:e3:d6:29:1c:71:79:96:1f:f5:77:a8:
                    47:18:3f:02:1d:6b:43:83:ec:02:c9:41:91:b6:f6:
                    ec:45:7e:8c:01:0f:a0:ef:dc:0b:fb:4f:2d:67:b8:
                    7a:09:aa:bf:93:18:ff:bc:f9:0d:89:50:86:6b:df:
                    39:29:ae:50:2a:2d:9e:02:0c:8b:89:b8:7f:a2:6c:
                    b7:67:72:16:36:c8:57:a6:61:e3:4e:8b:78:87:95:
                    dd:79:43:3e:20:9e:cc:9d:12:6b:12:05:fa:15:cc:
                    ad:33:87:c9:36:c7:4a:22:41:0e:38:b4:13:7a:c1:
                    7a:6e:03:a5:ab:63:47:67:80:7a:94:12:a0:8b:a0:
                    e8:f7:bf:71:a8:44:75:37:84:d2:b2:39:81:a1:9a:
                    d9:28:b7:c6:f1:b7:c7:8f:ea:cc:bc:92:d8:fd:ee:
                    96:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:41:62:E3:33:93:22:DF:05:8F:E7:82:8C:F8:3A:0F:B2:32:E7:5A
            X509v3 Authority Key Identifier:
                keyid:33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/nkFi4zOTIt8Fj-eCjPg6D7Iy51o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a9:17:9c:66:c1:5c:c5:03:d0:42:45:15:ab:23:b4:11:91:
         91:91:79:c9:6a:64:4d:dd:64:a7:a4:3f:93:2a:33:17:b3:73:
         eb:3c:a5:36:e1:8e:e2:e7:c0:4d:51:40:ee:56:24:ce:62:fc:
         f7:f8:bb:c1:59:dc:1f:95:25:1b:0d:47:2b:a1:b1:a9:d5:23:
         ba:6e:9e:ee:5d:5d:c9:b7:c7:5e:f5:41:24:06:15:6b:1e:01:
         c5:e0:16:2b:87:4c:e2:bf:dc:b9:7f:85:51:7f:13:8c:20:fc:
         23:7c:40:5f:99:a8:07:f3:dc:df:e6:44:4e:33:6e:4c:dc:b6:
         bb:cb:74:79:f3:3c:63:45:79:c5:0f:a8:a5:f2:0f:c2:11:55:
         02:f9:3a:ec:16:0f:f1:81:b2:e5:cd:1d:20:d3:ab:bd:c8:7e:
         1b:48:00:4d:3f:30:0f:09:b7:23:12:88:7c:b1:5f:10:e9:67:
         85:21:26:1e:ca:00:9f:96:37:2d:00:e7:3d:74:47:7e:bd:f5:
         50:36:d1:1e:33:06:26:b4:62:7b:7d:b3:b6:ed:f9:4a:26:b4:
         c5:a6:37:9b:90:b6:d3:19:ca:fe:6e:d3:45:95:91:19:5f:e8:
         05:b9:36:4f:ce:09:08:ca:a8:e1:7d:43:51:55:47:1c:65:0f:
         9c:15:24:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pIepIul+jvb+kay8c3mXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMTcwNmI5MTViYWI4ZGFjMmI1NTQ3ZmJjODdhZGViNjFl
NmFlZGUwHhcNMjYwMTAyMTIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQxNjJlMzMzOTMyMmRmMDU4ZmU3ODI4Y2Y4M2EwZmIyMzJlNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhtqAVIy/81CDkwQSQWPDnxdSa8d
xU80oVV0kDQq9uiLCLThIu3nXh1ldgxl0lmEVG1c6wFkjGLh0G4SF/GM1zkT9ZME
vr/vh1vVKIqu1n7+pfFKr8StYkM7TEtL49YpHHF5lh/1d6hHGD8CHWtDg+wCyUGR
tvbsRX6MAQ+g79wL+08tZ7h6Caq/kxj/vPkNiVCGa985Ka5QKi2eAgyLibh/omy3
Z3IWNshXpmHjTot4h5XdeUM+IJ7MnRJrEgX6FcytM4fJNsdKIkEOOLQTesF6bgOl
q2NHZ4B6lBKgi6Do979xqER1N4TSsjmBoZrZKLfG8bfHj+rMvJLY/e6W5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5BYuMzkyLfBY/ngoz4Og+yMudaMB8GA1UdIwQY
MBaAFDMXBrkVurjawrVUf7yHreth5q7eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAt
ZWM5NTE0OGZkMjM2LzEvbmtGaTR6T1RJdDhGai1lQ2pQZzZEN0l5NTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAtZWM5NTE0OGZkMjM2
LzEvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdEMA0G
CSqGSIb3DQEBCwUAA4IBAQAJqRecZsFcxQPQQkUVqyO0EZGRkXnJamRN3WSnpD+T
KjMXs3PrPKU24Y7i58BNUUDuViTOYvz3+LvBWdwflSUbDUcrobGp1SO6bp7uXV3J
t8de9UEkBhVrHgHF4BYrh0ziv9y5f4VRfxOMIPwjfEBfmagH89zf5kROM25M3La7
y3R58zxjRXnFD6il8g/CEVUC+TrsFg/xgbLlzR0g06u9yH4bSABNPzAPCbcjEoh8
sV8Q6WeFISYeygCfljctAOc9dEd+vfVQNtEeMwYmtGJ7fbO27flKJrTFpjebkLbT
Gcr+btNFlZEZX+gFuTZPzgkIyqjhfUNRVUccZQ+cFSQH
-----END CERTIFICATE-----