This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/NfIoppfvh0qDRIBY8C0ICwJH8U0.roa
File:                     NfIoppfvh0qDRIBY8C0ICwJH8U0.roa (raw, json)
Hash identifier:          hxCOHBmPPpfOoaRS3aXRLBOZUfatkQgbvRlv+0ElggM=
Subject key identifier:   35:F2:28:A6:97:EF:87:4A:83:44:80:58:F0:2D:08:0B:02:47:F1:4D
Certificate issuer:       /CN=3925df798706f90e6d8fd42049555024b73ed369
Certificate serial:       019B7834BA3D2DF918212B4C9C864BA1D44A
Authority key identifier: 39:25:DF:79:87:06:F9:0E:6D:8F:D4:20:49:55:50:24:B7:3E:D3:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSXfeYcG-Q5tj9QgSVVQJLc-02k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/NfIoppfvh0qDRIBY8C0ICwJH8U0.roa
Signing time:             Thu 01 Jan 2026 06:17:59 +0000
ROA not before:           Thu 01 Jan 2026 06:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213222
IP address blocks:        45.134.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/OSXfeYcG-Q5tj9QgSVVQJLc-02k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/OSXfeYcG-Q5tj9QgSVVQJLc-02k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OSXfeYcG-Q5tj9QgSVVQJLc-02k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ba:3d:2d:f9:18:21:2b:4c:9c:86:4b:a1:d4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3925df798706f90e6d8fd42049555024b73ed369
        Validity
            Not Before: Jan  1 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35f228a697ef874a83448058f02d080b0247f14d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:23:d0:27:7d:2a:2d:6b:3e:1e:32:ee:63:eb:
                    e8:ac:19:7f:94:51:f7:3a:c3:f1:e7:cc:05:0b:5d:
                    ef:4d:98:ec:02:a8:f6:5b:d5:ae:b2:48:a5:18:0a:
                    d1:bc:38:5a:dd:0e:8d:26:8c:3a:05:ea:a7:c3:ba:
                    3d:81:49:ea:c6:a2:78:4c:04:90:59:a1:2b:af:14:
                    4d:a0:ac:5b:76:33:e3:bd:3f:f0:9f:67:6c:94:e5:
                    51:1f:e5:fe:b0:01:f3:33:81:90:10:51:6f:38:8b:
                    a0:81:5b:68:02:7f:3e:53:18:2b:c5:1f:4b:26:df:
                    12:bc:33:4b:27:11:fa:17:da:df:53:3f:d1:c9:24:
                    f5:93:26:66:23:52:36:c4:b0:2e:04:40:4e:ef:ba:
                    83:4a:a6:dc:c9:b0:95:ed:6f:52:25:a0:d9:f2:f9:
                    12:f1:60:e2:96:2f:7a:76:06:0e:d7:a3:4f:16:93:
                    82:68:a8:fd:3c:c6:b1:41:45:f9:2a:a4:0c:d2:fe:
                    d2:b4:06:f7:10:77:dd:56:11:5e:1b:d0:0a:bc:dd:
                    77:c6:25:c2:13:4f:db:9a:e4:fa:c9:93:26:a8:b8:
                    76:43:3a:e7:aa:56:99:d7:d4:5d:52:1d:28:43:13:
                    de:72:ce:49:94:84:df:75:a3:f9:a9:8a:53:79:1d:
                    8f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F2:28:A6:97:EF:87:4A:83:44:80:58:F0:2D:08:0B:02:47:F1:4D
            X509v3 Authority Key Identifier:
                keyid:39:25:DF:79:87:06:F9:0E:6D:8F:D4:20:49:55:50:24:B7:3E:D3:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSXfeYcG-Q5tj9QgSVVQJLc-02k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/NfIoppfvh0qDRIBY8C0ICwJH8U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1c7cb2-769c-47ae-b5c5-08942b454998/1/OSXfeYcG-Q5tj9QgSVVQJLc-02k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b8:aa:4a:d5:0d:ff:d5:4e:2a:aa:0b:a6:95:30:d4:c3:b7:
         c6:82:1b:92:3e:ec:0b:83:cf:3d:24:5c:73:a7:1b:fa:c9:02:
         e8:fb:5b:72:5a:b4:eb:55:42:dd:f8:0a:e9:32:09:c3:c2:d5:
         90:46:b7:60:67:7e:cb:37:32:e2:af:32:c8:97:3d:ed:5a:4e:
         10:a5:f0:1e:a4:30:b3:13:9e:56:1f:31:9a:31:b6:40:9a:b4:
         de:31:87:1b:91:ba:27:f5:4b:f2:d2:22:8e:60:54:02:76:4c:
         89:8f:0a:5b:f5:54:83:62:58:70:6d:e5:6b:1f:e8:56:b8:72:
         06:48:92:a3:9f:5b:74:3f:0f:26:68:09:a6:93:2a:d9:cf:e1:
         41:94:45:5f:8d:3c:dd:5d:59:3a:a0:22:b6:dd:82:16:41:30:
         d0:cc:d4:98:1d:8f:1f:fc:47:f5:41:28:59:08:06:b8:68:cf:
         29:19:fc:be:c7:ad:2f:23:89:d9:85:ef:95:54:2a:1e:63:53:
         43:42:81:46:ef:7d:d1:2d:f1:5c:08:fd:64:3f:d5:5f:87:b0:
         7e:25:31:22:14:2d:03:fc:22:e0:c0:a7:14:48:21:11:a6:45:
         f5:91:d2:9e:1c:4c:e7:1e:0e:f4:ed:94:49:99:56:35:6e:00:
         2d:68:ed:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NLo9LfkYIStMnIZLodRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjVkZjc5ODcwNmY5MGU2ZDhmZDQyMDQ5NTU1MDI0Yjcz
ZWQzNjkwHhcNMjYwMTAxMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYyMjhhNjk3ZWY4NzRhODM0NDgwNThmMDJkMDgwYjAyNDdmMTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCPQJ30qLWs+HjLuY+vorBl/lFH3
OsPx58wFC13vTZjsAqj2W9WuskilGArRvDha3Q6NJow6Beqnw7o9gUnqxqJ4TASQ
WaErrxRNoKxbdjPjvT/wn2dslOVRH+X+sAHzM4GQEFFvOIuggVtoAn8+UxgrxR9L
Jt8SvDNLJxH6F9rfUz/RyST1kyZmI1I2xLAuBEBO77qDSqbcybCV7W9SJaDZ8vkS
8WDili96dgYO16NPFpOCaKj9PMaxQUX5KqQM0v7StAb3EHfdVhFeG9AKvN13xiXC
E0/bmuT6yZMmqLh2QzrnqlaZ19RdUh0oQxPecs5JlITfdaP5qYpTeR2PPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXyKKaX74dKg0SAWPAtCAsCR/FNMB8GA1UdIwQY
MBaAFDkl33mHBvkObY/UIElVUCS3PtNpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NYZmVZY0ctUTV0ajlRZ1NWVlFKTGMtMDJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xYzdjYjItNzY5Yy00N2FlLWI1YzUt
MDg5NDJiNDU0OTk4LzEvTmZJb3BwZnZoMHFEUklCWThDMElDd0pIOFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xYzdjYjItNzY5Yy00N2FlLWI1YzUtMDg5NDJiNDU0OTk4
LzEvT1NYZmVZY0ctUTV0ajlRZ1NWVlFKTGMtMDJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYZhMA0G
CSqGSIb3DQEBCwUAA4IBAQCDuKpK1Q3/1U4qqgumlTDUw7fGghuSPuwLg889JFxz
pxv6yQLo+1tyWrTrVULd+ArpMgnDwtWQRrdgZ37LNzLirzLIlz3tWk4QpfAepDCz
E55WHzGaMbZAmrTeMYcbkbon9Uvy0iKOYFQCdkyJjwpb9VSDYlhwbeVrH+hWuHIG
SJKjn1t0Pw8maAmmkyrZz+FBlEVfjTzdXVk6oCK23YIWQTDQzNSYHY8f/Ef1QShZ
CAa4aM8pGfy+x60vI4nZhe+VVCoeY1NDQoFG733RLfFcCP1kP9Vfh7B+JTEiFC0D
/CLgwKcUSCERpkX1kdKeHEznHg707ZRJmVY1bgAtaO2t
-----END CERTIFICATE-----
Generated at Mon Jan 26 07:23:36 2026 by rpki-client