This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nkZpmEXSrCrxAHAiDLwZtC54dBQ.roa
File:                     nkZpmEXSrCrxAHAiDLwZtC54dBQ.roa (raw, json)
Hash identifier:          0qFI3aej4VghLslWDYSHoQqlJwbEz29HxX1cVRGubNw=
Subject key identifier:   9E:46:69:98:45:D2:AC:2A:F1:00:70:22:0C:BC:19:B4:2E:78:74:14
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019B76EB1603CC871C134672B9E13E09F170
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nkZpmEXSrCrxAHAiDLwZtC54dBQ.roa
Signing time:             Thu 01 Jan 2026 00:17:56 +0000
ROA not before:           Thu 01 Jan 2026 00:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204821
IP address blocks:        185.238.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:16:03:cc:87:1c:13:46:72:b9:e1:3e:09:f1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 00:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e46699845d2ac2af10070220cbc19b42e787414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:04:9b:94:d6:9f:9c:f6:c0:0d:03:b8:c1:96:
                    77:20:a6:5c:f8:24:31:a7:c6:c4:35:52:ff:b6:e8:
                    36:e2:44:e2:89:67:0d:f0:4c:88:07:e0:77:d8:67:
                    56:67:3a:ac:0b:8e:4f:89:89:6e:f0:c6:10:2d:86:
                    e6:b1:47:89:f3:66:94:81:8c:07:41:22:2f:e5:76:
                    3a:aa:7e:c7:60:fb:fe:22:9e:89:e9:67:92:71:71:
                    a5:cd:a7:01:a9:a0:88:f2:15:2d:b1:8e:67:c2:26:
                    f4:4d:d3:6f:41:6b:82:eb:9b:82:c5:cd:3e:a2:30:
                    db:75:cc:f8:e8:c3:38:3a:e0:77:d9:ea:f0:de:97:
                    a7:c2:a3:ce:5e:40:28:fa:5a:f9:66:86:03:79:8b:
                    c1:35:0e:36:c9:e4:ff:86:a5:b8:5f:1e:be:32:eb:
                    77:59:47:f7:16:97:c7:bf:61:1f:cc:25:7c:5b:08:
                    9f:ef:02:06:90:10:26:35:6e:b0:c4:24:0a:6c:cb:
                    9b:75:d0:82:13:50:0c:a5:f7:c2:a0:2f:9a:e6:31:
                    a1:70:7f:ba:b1:58:ee:e8:c0:71:e0:d7:4a:b8:ad:
                    67:95:13:c2:0f:42:10:3e:ac:0e:13:a0:8f:87:c0:
                    fc:a4:13:ed:6e:a0:1d:2f:e8:97:74:2b:c9:ea:75:
                    fa:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:46:69:98:45:D2:AC:2A:F1:00:70:22:0C:BC:19:B4:2E:78:74:14
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nkZpmEXSrCrxAHAiDLwZtC54dBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:26:80:69:ee:9d:30:d7:b6:ae:66:18:d1:51:01:6d:78:b8:
         ec:81:8c:a4:18:5e:84:07:09:3f:51:72:f2:d2:ef:c8:35:d0:
         01:21:70:fe:b8:95:e0:6e:91:88:62:f1:b6:49:3c:cb:44:cd:
         6d:18:26:93:3c:4f:b6:f0:02:d4:be:6b:cc:6e:b7:95:2a:34:
         f9:95:1a:e7:5c:19:8d:2d:82:d4:05:a0:86:05:79:db:a3:f8:
         4e:d7:c0:97:39:e2:18:00:e7:c6:1b:d6:56:5c:44:c0:52:ba:
         bf:3a:2a:47:7a:bc:ff:60:3e:1f:59:12:03:09:d0:74:02:73:
         80:71:41:e9:e8:84:db:f9:1b:e7:4e:d8:47:9a:9b:37:6d:33:
         26:1d:b2:b3:3e:76:38:bc:86:d6:d1:76:13:cb:95:f5:de:b2:
         25:c7:1f:21:9a:c6:b9:64:1b:d8:54:2f:67:11:a8:08:a8:23:
         ef:70:0f:c0:05:72:36:a9:1c:99:94:dc:4b:40:d3:13:e2:43:
         6d:cc:11:d0:d5:53:b1:97:c3:98:cf:f2:68:e7:9f:8f:9c:ff:
         5d:94:db:1a:14:5f:30:7a:52:38:b1:f1:04:bd:38:de:a6:c5:
         f4:b8:46:06:8c:e9:a8:ac:f1:14:fa:b6:1c:f1:cb:0c:9a:ad:
         bf:de:37:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xYDzIccE0ZyueE+CfFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMTAxMDAxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ2Njk5ODQ1ZDJhYzJhZjEwMDcwMjIwY2JjMTliNDJlNzg3NDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApASblNafnPbADQO4wZZ3IKZc+CQx
p8bENVL/tug24kTiiWcN8EyIB+B32GdWZzqsC45PiYlu8MYQLYbmsUeJ82aUgYwH
QSIv5XY6qn7HYPv+Ip6J6WeScXGlzacBqaCI8hUtsY5nwib0TdNvQWuC65uCxc0+
ojDbdcz46MM4OuB32erw3penwqPOXkAo+lr5ZoYDeYvBNQ42yeT/hqW4Xx6+Mut3
WUf3FpfHv2EfzCV8Wwif7wIGkBAmNW6wxCQKbMubddCCE1AMpffCoC+a5jGhcH+6
sVju6MBx4NdKuK1nlRPCD0IQPqwOE6CPh8D8pBPtbqAdL+iXdCvJ6nX6RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5GaZhF0qwq8QBwIgy8GbQueHQUMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbmtacG1FWFNyQ3J4QUhBaURMd1p0QzU0ZEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue7oMA0G
CSqGSIb3DQEBCwUAA4IBAQBYJoBp7p0w17auZhjRUQFteLjsgYykGF6EBwk/UXLy
0u/INdABIXD+uJXgbpGIYvG2STzLRM1tGCaTPE+28ALUvmvMbreVKjT5lRrnXBmN
LYLUBaCGBXnbo/hO18CXOeIYAOfGG9ZWXETAUrq/OipHerz/YD4fWRIDCdB0AnOA
cUHp6ITb+RvnTthHmps3bTMmHbKzPnY4vIbW0XYTy5X13rIlxx8hmsa5ZBvYVC9n
EagIqCPvcA/ABXI2qRyZlNxLQNMT4kNtzBHQ1VOxl8OYz/Jo55+PnP9dlNsaFF8w
elI4sfEEvTjepsX0uEYGjOmorPEU+rYc8csMmq2/3jdE
-----END CERTIFICATE-----