This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nOZiS9ipdCo86_2swgfQMd065RY.roa
File:                     nOZiS9ipdCo86_2swgfQMd065RY.roa (raw, json)
Hash identifier:          284FGn82DHerRbpzHLbn3Hc5ZwaGcd6vcd6k3JnrdOM=
Subject key identifier:   9C:E6:62:4B:D8:A9:74:2A:3C:EB:FD:AC:C2:07:D0:31:DD:3A:E5:16
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019B76EB09577A5E8E844ABAEC8B499AE3FC
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nOZiS9ipdCo86_2swgfQMd065RY.roa
Signing time:             Thu 01 Jan 2026 00:17:53 +0000
ROA not before:           Thu 01 Jan 2026 00:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41531
IP address blocks:        185.214.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:09:57:7a:5e:8e:84:4a:ba:ec:8b:49:9a:e3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 00:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ce6624bd8a9742a3cebfdacc207d031dd3ae516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4f:51:c7:5f:ec:36:39:df:b6:6f:07:a7:83:
                    4c:88:a4:af:61:9b:09:05:7c:a0:c2:27:a9:7a:9a:
                    1e:17:79:ba:d2:49:4b:60:58:45:da:79:91:aa:5c:
                    51:33:9a:a8:f4:4b:39:4f:54:09:84:62:df:81:22:
                    a2:7b:f4:af:0a:da:3c:2a:bf:f3:47:a7:f4:7c:7d:
                    e3:f3:71:c5:7d:ee:7d:4e:b1:89:de:23:57:e0:76:
                    ac:4a:0e:1c:f7:af:36:3a:2e:39:8a:df:10:81:11:
                    54:27:3d:9d:26:6c:04:b0:cb:1c:20:fd:09:9f:42:
                    7c:c0:f1:e6:99:00:80:4c:08:1d:ff:83:96:06:7e:
                    e5:91:82:15:af:7a:af:60:92:ba:21:c1:5f:cd:03:
                    94:17:93:f3:9f:9a:fe:4d:87:1d:3d:c1:91:f1:3c:
                    66:0f:da:46:65:e1:7c:9f:d3:49:33:2a:9b:82:ef:
                    2a:71:f9:02:0d:d5:bb:b4:4c:fa:bf:cd:d2:cb:46:
                    bd:be:c5:54:1c:0d:53:34:a4:37:f3:f5:d4:46:36:
                    5f:38:d3:ba:dc:76:c2:18:75:34:37:56:f7:2a:c4:
                    0c:af:17:b5:1b:aa:0e:f1:1e:11:b1:37:5f:01:db:
                    70:ef:e4:f6:5e:57:87:35:b4:e0:22:45:ad:a5:74:
                    d3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E6:62:4B:D8:A9:74:2A:3C:EB:FD:AC:C2:07:D0:31:DD:3A:E5:16
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nOZiS9ipdCo86_2swgfQMd065RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:17:d5:19:82:1f:cb:49:f8:37:82:e5:42:2d:09:8a:73:6a:
         d9:11:f8:69:d5:7f:40:c5:cd:83:73:7f:0b:ee:15:64:61:8a:
         01:a1:6e:ae:f7:46:a7:9c:5c:46:52:16:79:75:1d:2d:77:ae:
         5d:f9:22:7e:a9:74:bb:41:55:1e:6f:ec:b7:f7:0a:86:16:1f:
         f7:86:02:b3:31:82:85:cb:89:a6:82:be:b0:5e:78:ad:85:df:
         56:32:21:2d:12:70:d5:19:0b:f5:9d:86:9e:f8:0b:cf:f2:a4:
         6e:c9:f9:77:fa:67:50:43:81:71:e4:75:45:d0:4d:ee:dc:c4:
         79:65:e2:25:4b:77:af:da:35:c8:de:b7:a6:dd:e8:e8:95:1b:
         c6:9e:31:17:78:2e:40:5b:0a:dc:43:b5:ec:16:3d:22:a1:c3:
         74:a1:7b:d3:46:c7:5b:35:99:15:b6:69:04:d7:8e:6e:45:66:
         2b:5f:37:ae:cc:85:bb:49:b0:70:29:55:79:d6:bd:42:17:fa:
         27:fc:aa:d1:71:ab:14:e0:64:32:80:ef:bf:5d:c2:79:39:fe:
         27:3b:22:ab:ee:74:7d:d4:37:08:60:fa:1c:15:0d:15:84:be:
         44:3b:56:76:91:20:f8:8f:3b:c1:cd:94:5f:c1:b1:0f:f1:10:
         14:f9:4e:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wlXel6OhEq67ItJmuP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMTAxMDAxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2U2NjI0YmQ4YTk3NDJhM2NlYmZkYWNjMjA3ZDAzMWRkM2FlNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA309Rx1/sNjnftm8Hp4NMiKSvYZsJ
BXygwiepepoeF3m60klLYFhF2nmRqlxRM5qo9Es5T1QJhGLfgSKie/SvCto8Kr/z
R6f0fH3j83HFfe59TrGJ3iNX4HasSg4c9682Oi45it8QgRFUJz2dJmwEsMscIP0J
n0J8wPHmmQCATAgd/4OWBn7lkYIVr3qvYJK6IcFfzQOUF5Pzn5r+TYcdPcGR8Txm
D9pGZeF8n9NJMyqbgu8qcfkCDdW7tEz6v83Sy0a9vsVUHA1TNKQ38/XURjZfONO6
3HbCGHU0N1b3KsQMrxe1G6oO8R4RsTdfAdtw7+T2XleHNbTgIkWtpXTTjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzmYkvYqXQqPOv9rMIH0DHdOuUWMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbk9aaVM5aXBkQ284Nl8yc3dnZlFNZDA2NVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudYMMA0G
CSqGSIb3DQEBCwUAA4IBAQA4F9UZgh/LSfg3guVCLQmKc2rZEfhp1X9Axc2Dc38L
7hVkYYoBoW6u90annFxGUhZ5dR0td65d+SJ+qXS7QVUeb+y39wqGFh/3hgKzMYKF
y4mmgr6wXnithd9WMiEtEnDVGQv1nYae+AvP8qRuyfl3+mdQQ4Fx5HVF0E3u3MR5
ZeIlS3ev2jXI3rem3ejolRvGnjEXeC5AWwrcQ7XsFj0iocN0oXvTRsdbNZkVtmkE
145uRWYrXzeuzIW7SbBwKVV51r1CF/on/KrRcasU4GQygO+/XcJ5Of4nOyKr7nR9
1DcIYPocFQ0VhL5EO1Z2kSD4jzvBzZRfwbEP8RAU+U5I
-----END CERTIFICATE-----