This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/NuJEHjDX6DrNz16mjk8EVqK6rfk.roa
File:                     NuJEHjDX6DrNz16mjk8EVqK6rfk.roa (raw, json)
Hash identifier:          Ys6DWelm4t8OA8iEU1qUmznaHoT0ZkwCkm2E4AX00hk=
Subject key identifier:   36:E2:44:1E:30:D7:E8:3A:CD:CF:5E:A6:8E:4F:04:56:A2:BA:AD:F9
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       019B79114AF015386A1B6769AC07A33F3771
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/NuJEHjDX6DrNz16mjk8EVqK6rfk.roa
Signing time:             Thu 01 Jan 2026 10:18:54 +0000
ROA not before:           Thu 01 Jan 2026 10:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8469
IP address blocks:        185.64.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:4a:f0:15:38:6a:1b:67:69:ac:07:a3:3f:37:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 10:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36e2441e30d7e83acdcf5ea68e4f0456a2baadf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:fd:97:62:6a:2f:36:2b:88:b0:af:4a:00:84:
                    c7:e0:7c:18:e4:ff:0e:cf:ad:c7:56:ed:0e:87:2b:
                    4d:05:d9:ad:79:75:dd:eb:3d:39:b1:c9:6a:05:e0:
                    b9:43:56:b7:ca:49:b4:d7:2a:98:2a:5f:51:12:c0:
                    86:f9:ad:a9:4c:a7:20:9c:32:37:28:6d:e5:c8:ca:
                    a4:0a:c4:c1:f9:35:fa:ca:6f:d7:6b:5a:eb:72:1a:
                    32:38:ea:1f:45:e8:71:0a:61:4d:ec:4d:cc:92:d5:
                    38:87:a2:7b:aa:21:df:68:b6:4c:88:d5:0a:4e:d8:
                    50:b3:f4:9b:08:52:dc:00:e1:08:bb:d7:78:79:4e:
                    d4:a6:c0:bf:6c:2b:dc:f9:06:41:e7:4d:4e:51:61:
                    8b:c6:5a:7d:33:b7:f8:73:b2:15:a1:6c:a5:a6:76:
                    e0:86:a1:26:5c:b7:10:23:90:99:8e:39:14:0e:78:
                    a6:e6:b0:83:a7:1a:e6:be:dc:05:bb:5c:63:93:06:
                    6d:77:2b:0c:d3:69:84:1b:09:0d:82:53:b9:dd:14:
                    15:01:59:68:0b:ac:30:02:91:13:15:de:86:27:56:
                    22:11:d7:03:00:8d:46:e5:6d:6a:23:39:5c:ab:00:
                    4d:15:ee:20:1e:2d:4c:53:4e:9d:89:c2:32:63:8d:
                    c2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E2:44:1E:30:D7:E8:3A:CD:CF:5E:A6:8E:4F:04:56:A2:BA:AD:F9
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/NuJEHjDX6DrNz16mjk8EVqK6rfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:6b:72:72:ec:9c:9a:85:81:d8:e7:13:5d:0b:86:cb:b8:e2:
         e2:d6:1d:f5:3e:bf:5f:f7:52:63:6e:0c:99:1e:03:e4:96:bb:
         ab:fc:a6:03:d1:63:4d:39:28:fd:e1:1e:19:80:19:a9:35:0f:
         c8:35:c6:c1:1e:d5:15:52:4d:1e:c0:75:78:d1:33:9f:a4:28:
         ee:8a:ab:f9:a7:93:05:4a:01:a3:67:f0:e5:a4:ce:61:8a:07:
         a8:a7:f0:e2:6e:59:c9:c5:d6:9f:c7:bc:9e:a6:c7:74:80:bf:
         47:f5:95:4f:4e:3a:6d:77:34:37:5c:01:96:d7:67:43:55:e2:
         7c:aa:ce:04:8b:6f:45:9f:e6:b4:51:7b:b9:64:fc:ac:3a:d0:
         e4:a5:59:57:2f:c3:1c:d9:2f:ab:87:51:e3:f5:bb:ea:7f:b4:
         93:b2:9b:54:66:76:42:f1:ee:52:c4:ae:52:d5:db:5f:c5:19:
         f3:cc:d5:a9:9a:9f:04:90:14:e7:8d:97:dc:f5:41:5a:ca:7b:
         a0:52:3e:63:d1:58:3d:36:3c:2a:b6:52:50:a7:7c:86:73:17:
         04:08:cb:0d:7f:65:ff:c5:38:49:43:98:c3:f1:b7:02:33:fe:
         48:ff:f4:c5:90:35:24:d9:4e:4f:58:b1:0a:a2:87:dd:ee:41:
         e4:9f:9d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EUrwFThqG2dprAejPzdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjYwMTAxMTAxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUyNDQxZTMwZDdlODNhY2RjZjVlYTY4ZTRmMDQ1NmEyYmFhZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5f2XYmovNiuIsK9KAITH4HwY5P8O
z63HVu0OhytNBdmteXXd6z05sclqBeC5Q1a3ykm01yqYKl9REsCG+a2pTKcgnDI3
KG3lyMqkCsTB+TX6ym/Xa1rrchoyOOofRehxCmFN7E3MktU4h6J7qiHfaLZMiNUK
TthQs/SbCFLcAOEIu9d4eU7UpsC/bCvc+QZB501OUWGLxlp9M7f4c7IVoWylpnbg
hqEmXLcQI5CZjjkUDnim5rCDpxrmvtwFu1xjkwZtdysM02mEGwkNglO53RQVAVlo
C6wwApETFd6GJ1YiEdcDAI1G5W1qIzlcqwBNFe4gHi1MU06dicIyY43CCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbiRB4w1+g6zc9epo5PBFaiuq35MB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvTnVKRUhqRFg2RHJOejE2bWprOEVWcUs2cmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQANa3Jy7JyahYHY5xNdC4bLuOLi1h31Pr9f91JjbgyZ
HgPklrur/KYD0WNNOSj94R4ZgBmpNQ/INcbBHtUVUk0ewHV40TOfpCjuiqv5p5MF
SgGjZ/DlpM5higeop/DiblnJxdafx7yepsd0gL9H9ZVPTjptdzQ3XAGW12dDVeJ8
qs4Ei29Fn+a0UXu5ZPysOtDkpVlXL8Mc2S+rh1Hj9bvqf7STsptUZnZC8e5SxK5S
1dtfxRnzzNWpmp8EkBTnjZfc9UFaynugUj5j0Vg9NjwqtlJQp3yGcxcECMsNf2X/
xThJQ5jD8bcCM/5I//TFkDUk2U5PWLEKoofd7kHkn53N
-----END CERTIFICATE-----