This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/NuJpRF5J3Htz7cWdgH1UXYMDGck.roa
File:                     NuJpRF5J3Htz7cWdgH1UXYMDGck.roa (raw, json)
Hash identifier:          HbAwpyAroslRNiC7LzlkeCES+JwGY9JPqe8c8RZrPKk=
Subject key identifier:   36:E2:69:44:5E:49:DC:7B:73:ED:C5:9D:80:7D:54:5D:83:03:19:C9
Certificate issuer:       /CN=6d6f35d8990a7b294c453956e0e8242c0aacb031
Certificate serial:       019AEE3A4E79BCD18598D96EB9FCCAD78FE1
Authority key identifier: 6D:6F:35:D8:99:0A:7B:29:4C:45:39:56:E0:E8:24:2C:0A:AC:B0:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/NuJpRF5J3Htz7cWdgH1UXYMDGck.roa
Signing time:             Fri 05 Dec 2025 11:16:29 +0000
ROA not before:           Fri 05 Dec 2025 11:16:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205179
IP address blocks:        185.251.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ee:3a:4e:79:bc:d1:85:98:d9:6e:b9:fc:ca:d7:8f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6f35d8990a7b294c453956e0e8242c0aacb031
        Validity
            Not Before: Dec  5 11:16:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36e269445e49dc7b73edc59d807d545d830319c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:15:23:52:af:e0:a6:1f:6d:ee:c5:fd:e7:89:
                    a3:98:ec:57:c6:1d:c0:76:d7:29:80:11:68:0d:1f:
                    4c:bf:ce:f6:f9:87:ff:03:b7:13:ad:0b:71:50:ed:
                    f8:d9:41:2b:0f:3d:4f:a9:66:4c:41:92:2b:04:80:
                    df:c4:e6:b8:c8:e0:54:0a:4c:5b:17:4d:ac:a6:f2:
                    81:ba:93:61:4e:eb:b4:8e:1e:cb:ea:8b:52:80:b3:
                    a3:37:07:23:83:d2:d0:80:a9:db:46:81:e7:28:ab:
                    83:a9:6c:7d:a1:b7:b5:b7:e7:b0:55:67:fd:5c:54:
                    d3:32:05:59:f5:a3:1e:40:a6:ee:38:ed:36:d7:5e:
                    73:e3:76:53:ef:60:67:ff:af:19:da:c0:8f:ff:52:
                    d8:f2:04:c2:2d:5e:eb:5a:3e:52:f7:66:0a:ef:06:
                    d0:5c:02:c4:5a:67:f9:06:f4:56:a4:b7:f0:64:1f:
                    c5:36:d6:9a:98:db:97:93:7f:07:9d:24:5f:5f:d2:
                    69:ec:32:50:4c:04:d5:43:45:21:21:d3:d8:32:82:
                    65:1c:11:5f:01:40:83:3d:55:ab:52:4e:94:6c:b2:
                    6f:d6:79:e0:5f:76:1a:7f:a3:32:92:e4:d7:96:87:
                    73:b0:74:06:63:7c:1a:2d:da:dd:f5:e3:76:e6:f2:
                    42:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E2:69:44:5E:49:DC:7B:73:ED:C5:9D:80:7D:54:5D:83:03:19:C9
            X509v3 Authority Key Identifier:
                keyid:6D:6F:35:D8:99:0A:7B:29:4C:45:39:56:E0:E8:24:2C:0A:AC:B0:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW812JkKeylMRTlW4OgkLAqssDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/NuJpRF5J3Htz7cWdgH1UXYMDGck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ffc29c-43e8-4086-b145-7a096f607e26/1/bW812JkKeylMRTlW4OgkLAqssDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:0b:d4:9e:5e:7c:9c:3b:2d:79:4e:5b:26:08:8c:60:2e:aa:
         16:5b:39:75:5c:8f:75:33:62:9e:4e:5b:91:20:3e:5c:2e:77:
         18:7a:c8:c2:a7:f5:90:79:c7:76:6e:f3:bd:be:a4:bc:f3:44:
         46:d1:3f:0b:82:11:85:aa:7c:11:e9:ec:98:24:a9:df:c5:19:
         ef:e4:19:77:e2:3d:1b:ac:8a:4f:2c:d2:fa:a1:0a:99:63:36:
         a4:6c:8b:b0:69:49:a1:c8:07:9e:68:be:3a:32:7b:cf:42:9b:
         02:06:d8:c5:1a:d1:fa:d8:b6:d4:f7:2c:72:c1:b7:10:d4:b8:
         b0:56:cc:17:5e:7e:c2:2c:2a:fa:c2:15:d4:24:e3:da:ba:fc:
         ce:b6:0f:05:34:40:fc:9e:b9:98:11:16:14:ba:7c:2b:07:bb:
         fe:24:ef:07:ab:bc:33:17:dd:17:de:d0:43:27:9e:46:e7:a7:
         05:bc:12:10:97:fa:79:ae:84:fb:70:f2:77:e2:ad:08:e0:d1:
         1f:54:88:6d:c8:f9:fc:65:71:58:91:5f:c8:c3:47:8b:6f:1c:
         78:96:d0:fb:66:0e:96:f3:8a:84:8e:c6:74:f9:40:60:c5:74:
         14:07:a3:26:75:ab:85:1b:3e:b9:2a:96:06:9e:b7:9a:c6:fd:
         e8:93:2f:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZruOk55vNGFmNluufzK14/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNmYzNWQ4OTkwYTdiMjk0YzQ1Mzk1NmUwZTgyNDJjMGFh
Y2IwMzEwHhcNMjUxMjA1MTExNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUyNjk0NDVlNDlkYzdiNzNlZGM1OWQ4MDdkNTQ1ZDgzMDMxOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hUjUq/gph9t7sX954mjmOxXxh3A
dtcpgBFoDR9Mv872+Yf/A7cTrQtxUO342UErDz1PqWZMQZIrBIDfxOa4yOBUCkxb
F02spvKBupNhTuu0jh7L6otSgLOjNwcjg9LQgKnbRoHnKKuDqWx9obe1t+ewVWf9
XFTTMgVZ9aMeQKbuOO02115z43ZT72Bn/68Z2sCP/1LY8gTCLV7rWj5S92YK7wbQ
XALEWmf5BvRWpLfwZB/FNtaamNuXk38HnSRfX9Jp7DJQTATVQ0UhIdPYMoJlHBFf
AUCDPVWrUk6UbLJv1nngX3Yaf6MykuTXlodzsHQGY3waLdrd9eN25vJCSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbiaUReSdx7c+3FnYB9VF2DAxnJMB8GA1UdIwQY
MBaAFG1vNdiZCnspTEU5VuDoJCwKrLAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlc4MTJKa0tleWxNUlRsVzRPZ2tMQXFzc0RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZmMyOWMtNDNlOC00MDg2LWIxNDUt
N2EwOTZmNjA3ZTI2LzEvTnVKcFJGNUozSHR6N2NXZGdIMVVYWU1ER2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZmMyOWMtNDNlOC00MDg2LWIxNDUtN2EwOTZmNjA3ZTI2
LzEvYlc4MTJKa0tleWxNUlRsVzRPZ2tMQXFzc0RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufuAMA0G
CSqGSIb3DQEBCwUAA4IBAQBrC9SeXnycOy15TlsmCIxgLqoWWzl1XI91M2KeTluR
ID5cLncYesjCp/WQecd2bvO9vqS880RG0T8LghGFqnwR6eyYJKnfxRnv5Bl34j0b
rIpPLNL6oQqZYzakbIuwaUmhyAeeaL46MnvPQpsCBtjFGtH62LbU9yxywbcQ1Liw
VswXXn7CLCr6whXUJOPauvzOtg8FNED8nrmYERYUunwrB7v+JO8Hq7wzF90X3tBD
J55G56cFvBIQl/p5roT7cPJ34q0I4NEfVIhtyPn8ZXFYkV/Iw0eLbxx4ltD7Zg6W
84qEjsZ0+UBgxXQUB6MmdauFGz65KpYGnreaxv3oky+0
-----END CERTIFICATE-----