This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/NzMNXeLDcLYIFC344oXjWazxrR4.roa
File:                     NzMNXeLDcLYIFC344oXjWazxrR4.roa (raw, json)
Hash identifier:          UgKP2v1WGk4SEP8/PEV1HHI9/43agiNTHs+4EhmSNfE=
Subject key identifier:   37:33:0D:5D:E2:C3:70:B6:08:14:2D:F8:E2:85:E3:59:AC:F1:AD:1E
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       019B7AC89DA0E7A4E8D6755D44B7261AAB07
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/NzMNXeLDcLYIFC344oXjWazxrR4.roa
Signing time:             Thu 01 Jan 2026 18:18:46 +0000
ROA not before:           Thu 01 Jan 2026 18:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34529
IP address blocks:        109.205.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:9d:a0:e7:a4:e8:d6:75:5d:44:b7:26:1a:ab:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Jan  1 18:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37330d5de2c370b608142df8e285e359acf1ad1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ca:17:df:24:97:43:49:c9:ac:23:61:a2:32:
                    ed:7d:6a:00:6d:f1:d3:69:e8:27:d8:89:af:f2:c5:
                    95:17:8c:26:c7:17:c5:3d:ca:76:52:05:6f:f4:ec:
                    da:e2:64:6b:03:0d:51:cf:e4:0a:44:c6:1f:ce:ea:
                    a3:c6:ee:09:42:42:1e:ba:e7:c4:b0:1a:30:cd:c2:
                    aa:47:b3:b6:60:41:f1:f3:1d:e2:39:1d:38:06:1e:
                    6f:c0:ec:98:09:28:a5:f9:39:d0:49:5e:82:78:f4:
                    e8:a6:6b:44:8d:c1:25:ff:ee:85:9f:13:2a:08:0c:
                    44:6d:25:f9:f5:fc:8e:85:5b:60:5d:e7:b1:c2:c0:
                    92:9f:d9:75:86:32:aa:d3:e0:c8:be:c3:83:7b:d4:
                    b1:42:a1:48:09:bc:6b:83:b1:a8:f5:f8:25:b0:e2:
                    99:d8:62:dd:d4:62:57:de:9d:99:d1:82:d1:95:b4:
                    ed:36:2e:7e:73:80:f4:8c:c8:e8:c0:79:da:48:97:
                    d4:9d:a5:28:cf:e9:ff:bf:b8:4b:3f:f9:15:43:65:
                    06:3b:80:93:56:a7:16:f5:e8:20:92:c2:6b:8d:1f:
                    3b:da:3c:67:92:21:dc:a8:b4:ed:14:00:8d:c6:52:
                    db:a9:96:e0:74:a0:44:2e:2f:92:61:cb:cf:73:e1:
                    44:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:33:0D:5D:E2:C3:70:B6:08:14:2D:F8:E2:85:E3:59:AC:F1:AD:1E
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/NzMNXeLDcLYIFC344oXjWazxrR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:a0:9b:9f:ef:34:ca:40:7a:ba:24:02:4e:93:9f:2a:f5:10:
         64:4a:45:47:f0:5f:90:53:50:f4:d8:84:64:c3:2e:e1:b4:50:
         ba:04:b0:19:71:17:e9:61:5c:06:8d:16:b1:1d:31:96:6b:54:
         39:73:52:ff:0e:b2:a9:69:f8:5a:95:75:ff:25:2e:cf:0a:59:
         e0:f0:c9:c5:69:d8:79:07:50:9d:c9:a9:7f:44:c4:3c:c2:8b:
         a3:76:d1:48:c0:9d:a5:76:32:44:b6:98:cc:bc:79:bc:d7:91:
         ad:63:86:31:82:b5:76:5f:f6:db:f9:dd:9c:63:4b:1f:b1:fb:
         39:02:43:e2:17:e7:0f:3d:e1:e7:79:15:ef:54:9d:07:20:91:
         20:8b:35:7a:45:ef:8d:9b:7e:c9:82:ae:d0:1f:ba:df:31:96:
         b3:5f:2f:91:8b:d1:3b:64:a1:66:e8:19:6a:14:ff:cb:4e:57:
         ff:dc:ef:ef:bd:59:54:ed:5b:d3:af:fb:59:5c:be:e0:e7:60:
         05:76:8c:d0:34:a7:dd:a4:3d:97:df:21:84:b4:7e:62:94:ab:
         7c:c3:b6:27:94:ba:cf:92:2f:25:d7:6b:f2:94:43:12:af:35:
         7b:e7:24:0d:69:72:52:f9:24:b9:81:cb:38:32:47:89:f6:4f:
         ea:17:07:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yJ2g56To1nVdRLcmGqsHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjYwMTAxMTgxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzMzMGQ1ZGUyYzM3MGI2MDgxNDJkZjhlMjg1ZTM1OWFjZjFhZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MoX3ySXQ0nJrCNhojLtfWoAbfHT
aegn2Imv8sWVF4wmxxfFPcp2UgVv9Oza4mRrAw1Rz+QKRMYfzuqjxu4JQkIeuufE
sBowzcKqR7O2YEHx8x3iOR04Bh5vwOyYCSil+TnQSV6CePTopmtEjcEl/+6FnxMq
CAxEbSX59fyOhVtgXeexwsCSn9l1hjKq0+DIvsODe9SxQqFICbxrg7Go9fglsOKZ
2GLd1GJX3p2Z0YLRlbTtNi5+c4D0jMjowHnaSJfUnaUoz+n/v7hLP/kVQ2UGO4CT
VqcW9eggksJrjR872jxnkiHcqLTtFACNxlLbqZbgdKBELi+SYcvPc+FEjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDczDV3iw3C2CBQt+OKF41ms8a0eMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvTnpNTlhlTERjTFlJRkMzNDRvWGpXYXp4clI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2/MA0G
CSqGSIb3DQEBCwUAA4IBAQAloJuf7zTKQHq6JAJOk58q9RBkSkVH8F+QU1D02IRk
wy7htFC6BLAZcRfpYVwGjRaxHTGWa1Q5c1L/DrKpafhalXX/JS7PClng8MnFadh5
B1Cdyal/RMQ8woujdtFIwJ2ldjJEtpjMvHm815GtY4YxgrV2X/bb+d2cY0sfsfs5
AkPiF+cPPeHneRXvVJ0HIJEgizV6Re+Nm37Jgq7QH7rfMZazXy+Ri9E7ZKFm6Blq
FP/LTlf/3O/vvVlU7VvTr/tZXL7g52AFdozQNKfdpD2X3yGEtH5ilKt8w7YnlLrP
ki8l12vylEMSrzV75yQNaXJS+SS5gcs4MkeJ9k/qFweL
-----END CERTIFICATE-----