This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/ntmmZtCvWH1KgnK0mtBoZQdJAjE.roa
File:                     ntmmZtCvWH1KgnK0mtBoZQdJAjE.roa (raw, json)
Hash identifier:          4hpauTiGCt/CjAVeMXrvC/dDlvUsOGjOLsKwSRTfhvw=
Subject key identifier:   9E:D9:A6:66:D0:AF:58:7D:4A:82:72:B4:9A:D0:68:65:07:49:02:31
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       019B7B35C3A87ABB483DC7994B1304BFD58F
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/ntmmZtCvWH1KgnK0mtBoZQdJAjE.roa
Signing time:             Thu 01 Jan 2026 20:17:59 +0000
ROA not before:           Thu 01 Jan 2026 20:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213576
IP address blocks:        185.140.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:c3:a8:7a:bb:48:3d:c7:99:4b:13:04:bf:d5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Jan  1 20:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ed9a666d0af587d4a8272b49ad0686507490231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:7b:87:7e:79:87:7c:1a:12:fd:de:8c:02:11:
                    49:00:b9:80:b3:51:1d:92:04:c8:8f:b9:b4:e9:8c:
                    6c:d6:48:9c:1f:c1:b0:59:1f:6f:6e:09:e0:5f:95:
                    44:45:56:a8:31:90:5d:5f:c6:f2:55:36:ed:96:bc:
                    e3:92:22:b7:26:3e:84:ba:bc:19:e0:1a:52:c3:93:
                    0e:d3:e2:e9:20:f2:25:9e:01:99:0a:aa:91:36:ab:
                    2a:58:c6:0b:05:4a:b8:28:0d:15:55:5a:5d:b8:1d:
                    c7:6b:8e:ea:2a:89:34:1f:70:35:9d:ee:e3:fb:31:
                    f2:55:3a:3d:9d:fc:1e:72:a1:21:5e:cc:8a:d7:b5:
                    62:5f:c8:00:36:c8:ba:4f:c1:8e:26:4f:e3:6a:7a:
                    80:a6:47:40:fa:66:ea:a5:a7:48:d9:60:d0:8a:db:
                    f7:86:a8:83:44:cc:b4:74:a0:98:b5:5d:91:a5:04:
                    44:77:00:ed:4b:84:27:46:23:ee:07:fd:2c:ad:ef:
                    6f:95:3b:be:f3:22:d8:b2:d3:bf:3b:a3:b6:23:52:
                    08:26:c7:bd:97:06:cb:3e:26:6d:77:dc:f3:bc:40:
                    c4:38:db:d2:ec:19:4a:f4:cc:0a:80:86:a9:4f:0f:
                    64:a3:cb:1d:71:2d:b2:78:a2:57:6a:bf:a9:bb:bb:
                    ad:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D9:A6:66:D0:AF:58:7D:4A:82:72:B4:9A:D0:68:65:07:49:02:31
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/ntmmZtCvWH1KgnK0mtBoZQdJAjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:c3:7d:e1:54:01:a5:c5:2e:1a:eb:60:13:bd:8c:49:1d:63:
         e1:91:c2:43:ac:18:0c:c9:04:e7:da:84:71:2b:c5:6f:fe:e6:
         ae:ab:3f:bd:55:12:79:5a:28:00:df:28:c8:b9:d9:23:ca:8f:
         ca:48:8e:77:60:29:65:57:66:c7:23:12:eb:87:7e:e3:ec:5a:
         23:2f:f5:c9:70:18:12:2d:69:d1:01:cd:1f:32:d4:82:fa:db:
         49:c3:3a:cd:10:7f:ea:55:41:e2:09:67:b2:7e:9f:75:38:21:
         08:16:2c:20:0f:79:8c:48:ba:3f:59:95:e5:da:2c:f4:38:ce:
         ff:8b:0a:d0:04:d5:34:be:47:fa:18:c7:34:2a:10:fe:96:79:
         5f:e4:39:6e:e9:23:9c:00:a2:1d:2e:51:b4:59:25:1a:c6:c8:
         11:f4:0e:40:f7:3c:98:a2:48:89:62:55:e3:0d:4c:1f:de:ab:
         af:4b:53:fa:d9:dd:fb:fb:4f:0a:ed:4e:ef:8e:0b:20:68:0c:
         0d:da:33:42:50:59:9d:fe:f5:e3:6c:b9:57:89:59:dd:52:6c:
         53:04:04:3a:c9:5f:b9:6a:7e:6c:b6:42:4a:40:9c:cb:14:8b:
         ff:d6:e6:79:78:60:b8:59:b2:ab:6d:b1:ac:ea:31:80:a9:b8:
         d5:b5:3c:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NcOoertIPceZSxMEv9WPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjYwMTAxMjAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ5YTY2NmQwYWY1ODdkNGE4MjcyYjQ5YWQwNjg2NTA3NDkwMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XuHfnmHfBoS/d6MAhFJALmAs1Ed
kgTIj7m06Yxs1kicH8GwWR9vbgngX5VERVaoMZBdX8byVTbtlrzjkiK3Jj6EurwZ
4BpSw5MO0+LpIPIlngGZCqqRNqsqWMYLBUq4KA0VVVpduB3Ha47qKok0H3A1ne7j
+zHyVTo9nfwecqEhXsyK17ViX8gANsi6T8GOJk/janqApkdA+mbqpadI2WDQitv3
hqiDRMy0dKCYtV2RpQREdwDtS4QnRiPuB/0sre9vlTu+8yLYstO/O6O2I1IIJse9
lwbLPiZtd9zzvEDEONvS7BlK9MwKgIapTw9ko8sdcS2yeKJXar+pu7utbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7ZpmbQr1h9SoJytJrQaGUHSQIxMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvbnRtbVp0Q3ZXSDFLZ25LMG10Qm9aUWRKQWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYw0MA0G
CSqGSIb3DQEBCwUAA4IBAQBvw33hVAGlxS4a62ATvYxJHWPhkcJDrBgMyQTn2oRx
K8Vv/uauqz+9VRJ5WigA3yjIudkjyo/KSI53YCllV2bHIxLrh37j7FojL/XJcBgS
LWnRAc0fMtSC+ttJwzrNEH/qVUHiCWeyfp91OCEIFiwgD3mMSLo/WZXl2iz0OM7/
iwrQBNU0vkf6GMc0KhD+lnlf5Dlu6SOcAKIdLlG0WSUaxsgR9A5A9zyYokiJYlXj
DUwf3quvS1P62d37+08K7U7vjgsgaAwN2jNCUFmd/vXjbLlXiVndUmxTBAQ6yV+5
an5stkJKQJzLFIv/1uZ5eGC4WbKrbbGs6jGAqbjVtTzy
-----END CERTIFICATE-----