This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ncOZbEMiJNqjiscavpDBkZeriIg.roa
File:                     ncOZbEMiJNqjiscavpDBkZeriIg.roa (raw, json)
Hash identifier:          KP4yleOLVWJhJdzAKqGM+QLwSbZEncnkoAH1TNTBzJs=
Subject key identifier:   9D:C3:99:6C:43:22:24:DA:A3:8A:C7:1A:BE:90:C1:91:97:AB:88:88
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       019B7C80A1A74692BE2DA9D8195542E41839
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ncOZbEMiJNqjiscavpDBkZeriIg.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15502
IP address blocks:        195.218.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a1:a7:46:92:be:2d:a9:d8:19:55:42:e4:18:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dc3996c432224daa38ac71abe90c19197ab8888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ee:38:4e:55:66:b5:56:ad:0d:d4:18:4a:8f:
                    5d:96:49:c1:96:39:22:a5:a2:a6:8f:d9:e7:3f:ee:
                    f9:58:a9:50:dd:37:cd:09:b0:09:7b:eb:cb:1f:bc:
                    7b:f0:45:29:48:1f:30:27:4a:6c:55:6b:1f:33:73:
                    df:f5:bd:7e:ba:b1:36:c5:40:eb:84:d7:b9:c8:c2:
                    64:cd:10:0e:a7:1f:c9:c9:3a:ca:96:c6:1e:bf:a6:
                    0c:c7:56:2c:2c:71:c8:01:5c:61:80:64:1a:f3:ff:
                    38:cf:8d:a2:75:1e:f6:f9:c2:d4:a1:13:3a:fa:3b:
                    ac:13:76:66:65:4d:24:94:1d:cd:24:60:38:86:f7:
                    80:eb:98:8c:f9:40:20:09:69:c0:eb:aa:5e:9a:97:
                    08:db:77:52:f9:21:70:a5:5f:ae:c1:9e:a5:f4:9d:
                    db:2f:ba:36:1b:be:9a:f5:a0:2e:c8:01:5f:7f:a3:
                    12:53:99:da:cc:8e:6a:ff:c7:f8:fe:72:28:61:f1:
                    bd:fa:e7:73:2b:43:32:22:62:06:31:02:74:28:3d:
                    19:a8:db:eb:d7:96:9c:3e:94:58:ae:3e:9d:85:53:
                    09:3f:09:ad:a2:ad:df:a5:8a:50:1b:03:8d:53:b8:
                    14:ee:93:34:13:07:60:c8:86:34:2d:cf:19:ed:46:
                    da:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C3:99:6C:43:22:24:DA:A3:8A:C7:1A:BE:90:C1:91:97:AB:88:88
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ncOZbEMiJNqjiscavpDBkZeriIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.218.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6d:82:04:dc:08:be:27:c8:45:3c:de:62:86:8a:67:6f:98:ae:
         5a:04:a7:1f:8b:6d:b2:ce:bb:8c:b1:91:c4:15:0d:14:82:4c:
         e9:53:8c:87:ad:fc:f9:a3:9e:21:ff:7f:95:e8:80:32:22:fc:
         4a:83:74:17:16:cc:41:1c:ab:47:3e:e8:aa:f1:38:b6:dc:07:
         07:e1:b8:ea:bf:0b:82:c6:64:b5:7d:49:1e:83:f2:0f:7d:43:
         00:da:17:de:8b:12:b1:6b:e8:ac:41:8f:81:d5:b3:c3:0e:46:
         e7:e1:b0:13:2a:62:00:55:ee:70:b6:bd:77:85:92:df:f3:f3:
         00:7f:29:02:a8:d0:60:96:7f:05:26:2a:65:1f:3d:78:73:9b:
         c1:3e:ec:e7:0a:ad:22:b2:18:c1:ac:36:f9:96:b0:7f:a4:fe:
         2c:56:f5:4b:1c:53:2a:b0:18:77:dd:07:95:44:df:1b:84:f3:
         87:b2:ca:4c:f8:9f:7d:71:13:cc:a3:97:cd:49:46:73:72:02:
         80:70:74:c2:7f:77:c9:c7:3d:bd:12:6f:52:81:33:d3:bb:86:
         52:b1:84:29:f4:68:d7:4c:a0:47:a0:82:05:ec:ff:ef:a9:3e:
         2e:41:b9:ec:e7:76:4c:7c:6e:22:27:ba:fb:3a:ed:14:9c:a5:
         db:e5:92:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKGnRpK+LanYGVVC5Bg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMzOTk2YzQzMjIyNGRhYTM4YWM3MWFiZTkwYzE5MTk3YWI4ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7u44TlVmtVatDdQYSo9dlknBljki
paKmj9nnP+75WKlQ3TfNCbAJe+vLH7x78EUpSB8wJ0psVWsfM3Pf9b1+urE2xUDr
hNe5yMJkzRAOpx/JyTrKlsYev6YMx1YsLHHIAVxhgGQa8/84z42idR72+cLUoRM6
+jusE3ZmZU0klB3NJGA4hveA65iM+UAgCWnA66pempcI23dS+SFwpV+uwZ6l9J3b
L7o2G76a9aAuyAFff6MSU5nazI5q/8f4/nIoYfG9+udzK0MyImIGMQJ0KD0ZqNvr
15acPpRYrj6dhVMJPwmtoq3fpYpQGwONU7gU7pM0EwdgyIY0Lc8Z7UbanwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3DmWxDIiTao4rHGr6QwZGXq4iIMB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvbmNPWmJFTWlKTnFqaXNjYXZwREJrWmVyaUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw9pgMA0G
CSqGSIb3DQEBCwUAA4IBAQBtggTcCL4nyEU83mKGimdvmK5aBKcfi22yzruMsZHE
FQ0UgkzpU4yHrfz5o54h/3+V6IAyIvxKg3QXFsxBHKtHPuiq8Ti23AcH4bjqvwuC
xmS1fUkeg/IPfUMA2hfeixKxa+isQY+B1bPDDkbn4bATKmIAVe5wtr13hZLf8/MA
fykCqNBgln8FJiplHz14c5vBPuznCq0ishjBrDb5lrB/pP4sVvVLHFMqsBh33QeV
RN8bhPOHsspM+J99cRPMo5fNSUZzcgKAcHTCf3fJxz29Em9SgTPTu4ZSsYQp9GjX
TKBHoIIF7P/vqT4uQbns53ZMfG4iJ7r7Ou0UnKXb5ZIt
-----END CERTIFICATE-----