This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Naj_hbjSCfJxAXzUztYdICw-HJU.roa
File:                     Naj_hbjSCfJxAXzUztYdICw-HJU.roa (raw, json)
Hash identifier:          oHxNo2orkmmjEzObI45+SgF12BlHV9OAFLzlNY9SiB0=
Subject key identifier:   35:A8:FF:85:B8:D2:09:F2:71:01:7C:D4:CE:D6:1D:20:2C:3E:1C:95
Certificate issuer:       /CN=6342600bf1cc9216ae6fe169a1e9d5418ad93a22
Certificate serial:       019B7758E77D2C29F7FFB61A84C78710189C
Authority key identifier: 63:42:60:0B:F1:CC:92:16:AE:6F:E1:69:A1:E9:D5:41:8A:D9:3A:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Naj_hbjSCfJxAXzUztYdICw-HJU.roa
Signing time:             Thu 01 Jan 2026 02:17:53 +0000
ROA not before:           Thu 01 Jan 2026 02:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215810
IP address blocks:        46.173.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:e7:7d:2c:29:f7:ff:b6:1a:84:c7:87:10:18:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6342600bf1cc9216ae6fe169a1e9d5418ad93a22
        Validity
            Not Before: Jan  1 02:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35a8ff85b8d209f271017cd4ced61d202c3e1c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:2c:50:41:9c:80:56:81:da:76:87:80:b7:1b:
                    02:08:af:68:00:c8:e9:ca:84:f4:38:5f:a1:5e:fe:
                    3c:1a:b2:f8:be:bb:50:e0:8f:79:0d:53:8f:dc:e6:
                    49:dd:8b:19:bc:ed:1a:41:5a:21:0c:a1:a6:98:6d:
                    78:22:bd:53:7f:e8:d1:ad:9b:18:fe:f2:15:54:12:
                    55:19:79:38:93:29:4e:72:d4:d2:2c:6b:93:a7:4f:
                    2f:39:bc:e0:58:45:05:3a:e0:2f:b4:69:9a:16:a5:
                    a3:9d:69:27:22:5f:58:16:cb:cf:1a:9b:1a:ba:ef:
                    a8:02:4d:49:06:0a:7e:f7:4f:f7:fa:bf:5e:13:30:
                    ac:52:5b:95:9c:bd:4e:09:6e:d7:10:ea:40:cb:bd:
                    48:59:07:7f:ef:32:57:49:e2:c1:8d:c0:47:c1:9a:
                    76:7a:d7:ad:03:29:58:ba:d7:59:97:17:63:8d:a7:
                    b3:54:6f:67:3b:c4:af:26:59:c1:5d:e0:8b:71:35:
                    44:d3:9c:06:c3:b1:46:63:0f:1a:9f:a3:9d:e9:9b:
                    3d:46:bf:c5:a3:87:a8:0a:b3:6c:5c:9d:ea:a3:fa:
                    50:9c:b5:8b:97:a7:4e:67:b6:41:37:fb:07:d6:8a:
                    bf:a9:07:c9:df:31:c5:c0:19:c9:e3:6e:6a:75:ba:
                    2c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A8:FF:85:B8:D2:09:F2:71:01:7C:D4:CE:D6:1D:20:2C:3E:1C:95
            X509v3 Authority Key Identifier:
                keyid:63:42:60:0B:F1:CC:92:16:AE:6F:E1:69:A1:E9:D5:41:8A:D9:3A:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Naj_hbjSCfJxAXzUztYdICw-HJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.173.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:13:65:e3:f9:e6:5d:a0:24:c3:f5:b5:1b:c9:00:73:4b:aa:
         19:21:5c:57:29:86:e3:cc:36:bc:14:f1:85:88:27:dd:72:1c:
         9c:77:10:6d:19:de:08:18:d4:7f:34:48:a9:91:50:3e:46:46:
         14:87:41:e1:22:18:12:6d:6b:e9:2a:56:60:c6:b1:85:dd:0f:
         64:3e:ab:25:0e:d8:ce:9b:fd:ee:85:58:a9:1a:dd:f9:fa:00:
         29:14:83:0b:9f:e2:6b:1f:6f:68:f7:80:9e:82:5a:e7:7e:2f:
         a9:f8:b8:2b:3f:ff:6d:16:a4:69:6c:4e:e0:49:51:cf:8d:be:
         8b:31:00:4d:29:20:d3:0b:13:18:10:d7:f9:31:32:89:a6:d0:
         7f:a0:2e:d3:1a:74:3d:41:ea:dd:ed:20:21:8f:2b:70:a6:87:
         dc:06:0e:36:93:4e:b2:91:a8:30:4c:cc:69:2c:ba:4a:27:ae:
         d0:7d:dd:26:63:8d:81:dc:88:d0:ac:a4:66:c6:e8:4d:d0:01:
         d2:98:0a:98:6c:7b:2e:22:bd:c6:a7:73:fd:aa:93:5e:d2:70:
         8a:73:49:21:22:22:26:3c:e9:8c:36:d2:11:8c:51:fd:ee:08:
         4f:b1:ec:13:78:96:3e:69:62:5d:ce:a2:67:0a:5a:8d:e5:b3:
         48:df:e9:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOd9LCn3/7YahMeHEBicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDI2MDBiZjFjYzkyMTZhZTZmZTE2OWExZTlkNTQxOGFk
OTNhMjIwHhcNMjYwMTAxMDIxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE4ZmY4NWI4ZDIwOWYyNzEwMTdjZDRjZWQ2MWQyMDJjM2UxYzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CxQQZyAVoHadoeAtxsCCK9oAMjp
yoT0OF+hXv48GrL4vrtQ4I95DVOP3OZJ3YsZvO0aQVohDKGmmG14Ir1Tf+jRrZsY
/vIVVBJVGXk4kylOctTSLGuTp08vObzgWEUFOuAvtGmaFqWjnWknIl9YFsvPGpsa
uu+oAk1JBgp+90/3+r9eEzCsUluVnL1OCW7XEOpAy71IWQd/7zJXSeLBjcBHwZp2
etetAylYutdZlxdjjaezVG9nO8SvJlnBXeCLcTVE05wGw7FGYw8an6Od6Zs9Rr/F
o4eoCrNsXJ3qo/pQnLWLl6dOZ7ZBN/sH1oq/qQfJ3zHFwBnJ425qdbosyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWo/4W40gnycQF81M7WHSAsPhyVMB8GA1UdIwQY
MBaAFGNCYAvxzJIWrm/haaHp1UGK2ToiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBKZ0NfSE1raGF1Yi1GcG9lblZRWXJaT2lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZjA3NmQtZjBlOS00MmI0LWFkNWYt
NzMxMjA2M2ZmYTdmLzEvTmFqX2hialNDZkp4QVh6VXp0WWRJQ3ctSEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZjA3NmQtZjBlOS00MmI0LWFkNWYtNzMxMjA2M2ZmYTdm
LzEvWTBKZ0NfSE1raGF1Yi1GcG9lblZRWXJaT2lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq0VMA0G
CSqGSIb3DQEBCwUAA4IBAQCGE2Xj+eZdoCTD9bUbyQBzS6oZIVxXKYbjzDa8FPGF
iCfdchycdxBtGd4IGNR/NEipkVA+RkYUh0HhIhgSbWvpKlZgxrGF3Q9kPqslDtjO
m/3uhVipGt35+gApFIMLn+JrH29o94Ceglrnfi+p+LgrP/9tFqRpbE7gSVHPjb6L
MQBNKSDTCxMYENf5MTKJptB/oC7TGnQ9Qerd7SAhjytwpofcBg42k06ykagwTMxp
LLpKJ67Qfd0mY42B3IjQrKRmxuhN0AHSmAqYbHsuIr3Gp3P9qpNe0nCKc0khIiIm
POmMNtIRjFH97ghPsewTeJY+aWJdzqJnClqN5bNI3+nD
-----END CERTIFICATE-----