This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/k_IWfz24GtW9jdapb5SVoB4B2pg.roa
File:                     k_IWfz24GtW9jdapb5SVoB4B2pg.roa (raw, json)
Hash identifier:          kvz9RvlQv21JjRnE/6/IlWNUP5dNO7sg6mpvMuJ9Xec=
Subject key identifier:   93:F2:16:7F:3D:B8:1A:D5:BD:8D:D6:A9:6F:94:95:A0:1E:01:DA:98
Certificate issuer:       /CN=3512a8a6df9978de7227003b1fd3f0e2b9e59cc7
Certificate serial:       019B797E12156F80E6F2F17126B6B2A42EE7
Authority key identifier: 35:12:A8:A6:DF:99:78:DE:72:27:00:3B:1F:D3:F0:E2:B9:E5:9C:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/k_IWfz24GtW9jdapb5SVoB4B2pg.roa
Signing time:             Thu 01 Jan 2026 12:17:43 +0000
ROA not before:           Thu 01 Jan 2026 12:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2852
IP address blocks:        158.194.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:12:15:6f:80:e6:f2:f1:71:26:b6:b2:a4:2e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3512a8a6df9978de7227003b1fd3f0e2b9e59cc7
        Validity
            Not Before: Jan  1 12:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93f2167f3db81ad5bd8dd6a96f9495a01e01da98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:35:cb:60:6c:e1:02:17:82:62:55:fa:76:34:
                    fe:fd:d3:18:51:b6:0c:2f:3f:04:cb:4f:87:9f:07:
                    f9:ec:82:11:82:c3:c5:88:8e:98:a2:45:be:25:28:
                    00:3f:7e:80:78:39:9f:35:7a:df:5f:a5:7d:2d:50:
                    89:f1:c6:5b:d9:81:60:1d:64:5b:b1:68:c3:5e:fb:
                    e0:0f:fc:0d:c1:04:9c:12:ed:0f:a3:bb:f2:c8:12:
                    2f:cb:0d:24:9d:92:27:d1:2d:f6:22:85:a3:98:a2:
                    40:d3:b7:67:95:b3:23:eb:44:26:9c:3d:fc:72:f2:
                    98:9a:9f:c0:24:5c:ee:91:36:b3:19:66:6b:cd:14:
                    6a:d3:6a:34:d5:8b:57:98:3d:28:77:e1:f6:fc:dd:
                    2f:52:63:ec:8a:b9:06:e2:9b:c5:db:08:00:f3:21:
                    72:f7:00:7f:f6:e8:d8:c7:99:30:8e:69:f7:15:4d:
                    4d:7e:45:4b:c7:d8:c9:bd:ed:00:e8:c6:ed:72:2d:
                    03:79:15:43:26:00:f7:84:81:2b:33:c8:db:47:66:
                    3a:dc:11:7a:dd:0d:b8:fb:ad:42:6e:ba:fe:b5:f4:
                    4a:b9:9b:81:d4:3c:fc:1f:9e:21:b6:71:5a:db:a2:
                    79:13:6c:9b:dd:59:da:98:63:bc:ad:2e:04:b8:ed:
                    b6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F2:16:7F:3D:B8:1A:D5:BD:8D:D6:A9:6F:94:95:A0:1E:01:DA:98
            X509v3 Authority Key Identifier:
                keyid:35:12:A8:A6:DF:99:78:DE:72:27:00:3B:1F:D3:F0:E2:B9:E5:9C:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/k_IWfz24GtW9jdapb5SVoB4B2pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0d95ca-baf5-4689-9b5b-747e75e55461/1/NRKopt-ZeN5yJwA7H9Pw4rnlnMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.194.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:b6:53:71:b1:2f:e8:ff:44:e5:9a:5c:30:58:db:3f:53:5b:
         8f:2a:8b:cd:2f:69:b0:c5:2d:8f:75:27:80:80:aa:e6:01:a9:
         25:4d:e4:65:19:20:1a:0e:f5:6a:df:9d:4f:b5:61:44:31:6b:
         c6:8a:cc:88:54:dd:bc:29:5a:fd:4c:ac:9a:4d:03:29:2a:41:
         e1:df:00:e1:05:07:da:ae:80:22:13:c6:6a:c1:aa:c0:8d:b7:
         b0:0e:b1:93:5f:b7:3f:02:f6:ce:6e:25:75:1a:a6:85:61:e5:
         7e:e3:87:37:d1:e7:20:a4:60:a8:1d:66:58:38:9c:93:f9:19:
         f6:51:14:a8:a3:c3:37:12:46:bc:05:98:46:73:5e:b6:d7:f1:
         58:5f:d2:92:6a:0a:52:9f:68:5a:96:f7:1b:25:06:9a:01:ec:
         a5:e1:82:1d:af:e3:45:1d:07:20:95:69:af:15:0d:d3:4f:c1:
         b2:83:68:32:dc:b1:6d:4e:48:33:19:22:0d:62:0b:fd:a4:74:
         de:33:a0:85:7a:be:dd:a5:85:7d:dc:db:39:bb:bc:74:f6:9d:
         a9:bd:69:e3:bb:aa:74:e8:d7:0b:fd:bc:26:69:68:d8:e3:c9:
         e2:a7:9a:7c:bb:c4:07:ed:aa:ec:57:2b:3e:61:78:a2:d5:f0:
         a9:06:5e:26
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt5fhIVb4Dm8vFxJraypC7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTJhOGE2ZGY5OTc4ZGU3MjI3MDAzYjFmZDNmMGUyYjll
NTljYzcwHhcNMjYwMTAxMTIxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2YyMTY3ZjNkYjgxYWQ1YmQ4ZGQ2YTk2Zjk0OTVhMDFlMDFkYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DXLYGzhAheCYlX6djT+/dMYUbYM
Lz8Ey0+Hnwf57IIRgsPFiI6YokW+JSgAP36AeDmfNXrfX6V9LVCJ8cZb2YFgHWRb
sWjDXvvgD/wNwQScEu0Po7vyyBIvyw0knZIn0S32IoWjmKJA07dnlbMj60QmnD38
cvKYmp/AJFzukTazGWZrzRRq02o01YtXmD0od+H2/N0vUmPsirkG4pvF2wgA8yFy
9wB/9ujYx5kwjmn3FU1NfkVLx9jJve0A6Mbtci0DeRVDJgD3hIErM8jbR2Y63BF6
3Q24+61Cbrr+tfRKuZuB1Dz8H54htnFa26J5E2yb3VnamGO8rS4EuO227QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJPyFn89uBrVvY3WqW+UlaAeAdqYMB8GA1UdIwQY
MBaAFDUSqKbfmXjecicAOx/T8OK55ZzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJLb3B0LVplTjV5SndBN0g5UHc0cm5sbk1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wZDk1Y2EtYmFmNS00Njg5LTliNWIt
NzQ3ZTc1ZTU1NDYxLzEva19JV2Z6MjRHdFc5amRhcGI1U1ZvQjRCMnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wZDk1Y2EtYmFmNS00Njg5LTliNWItNzQ3ZTc1ZTU1NDYx
LzEvTlJLb3B0LVplTjV5SndBN0g5UHc0cm5sbk1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnsIwDQYJ
KoZIhvcNAQELBQADggEBAAC2U3GxL+j/ROWaXDBY2z9TW48qi80vabDFLY91J4CA
quYBqSVN5GUZIBoO9WrfnU+1YUQxa8aKzIhU3bwpWv1MrJpNAykqQeHfAOEFB9qu
gCITxmrBqsCNt7AOsZNftz8C9s5uJXUapoVh5X7jhzfR5yCkYKgdZlg4nJP5GfZR
FKijwzcSRrwFmEZzXrbX8Vhf0pJqClKfaFqW9xslBpoB7KXhgh2v40UdByCVaa8V
DdNPwbKDaDLcsW1OSDMZIg1iC/2kdN4zoIV6vt2lhX3c2zm7vHT2nam9aeO7qnTo
1wv9vCZpaNjjyeKnmny7xAftquxXKz5heKLV8KkGXiY=
-----END CERTIFICATE-----