This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/CNUfiKvpSJ-WDTNl-84qlrCz1pc.roa
File:                     CNUfiKvpSJ-WDTNl-84qlrCz1pc.roa (raw, json)
Hash identifier:          G7YZZuqmByrC2YyMXfXbfApWC4fYr1PvZdU2/f31kE8=
Subject key identifier:   08:D5:1F:88:AB:E9:48:9F:96:0D:33:65:FB:CE:2A:96:B0:B3:D6:97
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       019B7C1267D2D3A4DAB784D9B83E5DEA0273
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/CNUfiKvpSJ-WDTNl-84qlrCz1pc.roa
Signing time:             Fri 02 Jan 2026 00:18:59 +0000
ROA not before:           Fri 02 Jan 2026 00:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198483
IP address blocks:        176.96.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:67:d2:d3:a4:da:b7:84:d9:b8:3e:5d:ea:02:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  2 00:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08d51f88abe9489f960d3365fbce2a96b0b3d697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c6:d2:ae:95:c0:5a:ba:ed:64:bc:88:80:3d:
                    5f:c5:16:27:08:9c:e0:80:83:34:ae:c0:34:ce:27:
                    46:8d:59:a0:4b:51:ee:7a:72:9b:29:29:5a:32:e2:
                    6c:cd:26:89:e2:ef:1d:0b:33:64:b5:4a:d8:4a:8f:
                    90:60:20:eb:1c:a4:63:8c:be:b1:46:67:7c:f8:d4:
                    d7:48:41:31:55:79:49:a6:2e:10:1d:fd:20:40:52:
                    29:6c:53:cc:47:a0:b3:e7:96:5c:60:ac:17:0b:c2:
                    62:a1:4a:a2:c5:1d:32:52:55:73:1a:cd:f3:7f:d9:
                    9e:65:27:01:e4:62:7f:79:23:05:cc:13:00:f4:ea:
                    74:4b:98:86:9e:9e:aa:96:bd:10:b2:66:7c:3c:98:
                    7a:97:87:d8:74:64:a6:36:58:06:79:05:24:1f:da:
                    0d:46:50:50:ce:72:e6:93:30:b4:36:ef:2e:95:4c:
                    38:6d:bf:b2:7f:3b:c2:bc:ca:34:b1:03:40:f2:39:
                    0d:00:b2:97:82:d2:ed:60:08:ac:03:a6:e8:95:59:
                    4b:9b:2a:05:94:fa:42:59:32:2c:8e:00:fd:5d:e5:
                    1b:4c:c5:e9:ed:20:3c:c6:4d:97:fa:4f:b5:a0:bc:
                    97:08:a1:a9:b4:6d:be:c1:82:c8:57:92:c8:1d:c3:
                    2d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D5:1F:88:AB:E9:48:9F:96:0D:33:65:FB:CE:2A:96:B0:B3:D6:97
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/CNUfiKvpSJ-WDTNl-84qlrCz1pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:80:65:62:02:77:63:63:e2:68:1c:b7:b1:2e:5c:7d:e4:7c:
         d7:f7:9c:82:91:c1:16:f2:8e:39:01:bc:62:1b:c0:67:c7:bb:
         47:c9:3a:38:ac:3a:03:84:fc:85:ef:81:21:18:8b:f8:ce:df:
         e9:90:9e:b3:84:cf:4f:77:93:db:8f:10:7d:e2:b6:1c:ad:09:
         d7:95:40:a6:37:82:d5:ad:00:8a:bc:15:ea:59:84:f6:bf:75:
         57:40:27:8d:b1:73:55:18:d7:3b:65:97:56:b2:9c:ea:13:5f:
         bf:d5:f2:f0:ab:ee:2d:9b:78:e1:3d:42:2a:0c:71:48:57:77:
         a4:ae:8a:ca:f9:0b:c5:cc:7a:f2:e5:d0:79:d1:22:73:48:41:
         89:b4:46:85:66:a9:a9:df:5b:cc:93:1e:02:2e:73:b9:1d:22:
         a2:41:61:1c:d1:dc:e3:80:4f:0f:cd:2b:c2:c6:7a:0d:33:42:
         a4:3b:9c:4f:1b:11:c3:3c:93:28:70:0a:88:0b:13:9f:02:2e:
         58:d3:56:7b:58:19:40:1c:fc:ea:4e:3e:00:b2:f2:59:24:70:
         0d:6e:18:af:07:e8:95:d9:44:cf:23:3e:e6:8d:19:68:5c:84:
         a0:dc:bf:36:3e:da:72:d2:1d:23:c1:31:43:8c:2d:77:49:e7:
         51:40:b7:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EmfS06Tat4TZuD5d6gJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjYwMTAyMDAxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ1MWY4OGFiZTk0ODlmOTYwZDMzNjVmYmNlMmE5NmIwYjNkNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsbSrpXAWrrtZLyIgD1fxRYnCJzg
gIM0rsA0zidGjVmgS1HuenKbKSlaMuJszSaJ4u8dCzNktUrYSo+QYCDrHKRjjL6x
Rmd8+NTXSEExVXlJpi4QHf0gQFIpbFPMR6Cz55ZcYKwXC8JioUqixR0yUlVzGs3z
f9meZScB5GJ/eSMFzBMA9Op0S5iGnp6qlr0QsmZ8PJh6l4fYdGSmNlgGeQUkH9oN
RlBQznLmkzC0Nu8ulUw4bb+yfzvCvMo0sQNA8jkNALKXgtLtYAisA6bolVlLmyoF
lPpCWTIsjgD9XeUbTMXp7SA8xk2X+k+1oLyXCKGptG2+wYLIV5LIHcMtgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjVH4ir6Uiflg0zZfvOKpaws9aXMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvQ05VZmlLdnBTSi1XRFRObC04NHFsckN6MXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGDjMA0G
CSqGSIb3DQEBCwUAA4IBAQCkgGViAndjY+JoHLexLlx95HzX95yCkcEW8o45Abxi
G8Bnx7tHyTo4rDoDhPyF74EhGIv4zt/pkJ6zhM9Pd5PbjxB94rYcrQnXlUCmN4LV
rQCKvBXqWYT2v3VXQCeNsXNVGNc7ZZdWspzqE1+/1fLwq+4tm3jhPUIqDHFIV3ek
rorK+QvFzHry5dB50SJzSEGJtEaFZqmp31vMkx4CLnO5HSKiQWEc0dzjgE8PzSvC
xnoNM0KkO5xPGxHDPJMocAqICxOfAi5Y01Z7WBlAHPzqTj4AsvJZJHANbhivB+iV
2UTPIz7mjRloXISg3L82Ptpy0h0jwTFDjC13SedRQLcM
-----END CERTIFICATE-----