This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N0UvmwNivQbxJyeHpRwJe3I0eRE.roa
File:                     N0UvmwNivQbxJyeHpRwJe3I0eRE.roa (raw, json)
Hash identifier:          Pksn2FKRf+QT74exxIfQQXyAIBb1GNAwKt42BMqoI8Y=
Subject key identifier:   37:45:2F:9B:03:62:BD:06:F1:27:27:87:A5:1C:09:7B:72:34:79:11
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F855888D4785552DB9270E000716BF8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N0UvmwNivQbxJyeHpRwJe3I0eRE.roa
Signing time:             Fri 02 Jan 2026 16:23:23 +0000
ROA not before:           Fri 02 Jan 2026 16:23:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        194.87.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:58:88:d4:78:55:52:db:92:70:e0:00:71:6b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37452f9b0362bd06f1272787a51c097b72347911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:44:1a:76:41:3d:fd:4d:f5:f1:56:cb:7b:2f:
                    65:14:51:5c:8f:2b:3e:6d:2d:68:0e:e8:a1:b9:7a:
                    90:c9:9f:31:0e:8a:a9:34:dc:f1:a9:4a:97:6a:51:
                    ae:05:99:35:e4:54:e0:6e:19:e0:fb:cc:0e:ac:54:
                    dd:7b:28:6c:fe:cc:37:56:1b:3f:fe:cd:b7:34:ff:
                    fa:47:0d:b2:2e:de:6b:3c:1d:40:54:c8:4e:64:db:
                    68:b9:99:fb:43:49:96:cd:35:93:15:ff:39:5e:15:
                    0a:50:6e:5f:76:83:74:e8:da:66:ca:10:4f:30:85:
                    49:ba:08:9c:48:29:34:2f:e6:67:53:1d:e7:07:c1:
                    c5:8f:70:50:1f:52:9b:4d:5c:dc:4a:2b:e1:0a:22:
                    c3:ca:d7:58:0a:b1:84:8c:0a:67:cb:59:9c:38:20:
                    77:df:27:c9:3a:83:dc:3f:b1:5b:d0:bc:3b:02:e1:
                    46:02:e8:97:92:9d:66:4c:23:d6:5a:ea:04:38:8d:
                    df:07:8d:a6:37:8d:6b:58:62:e1:ca:9a:1e:ee:b5:
                    b3:95:b9:c5:64:9c:47:ee:a3:8b:16:f3:1f:2b:3e:
                    cc:21:32:af:35:41:a9:58:02:be:04:e7:98:2f:ff:
                    10:f4:df:ea:a6:39:7a:b4:ba:3a:2a:e6:c2:42:f7:
                    c2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:45:2F:9B:03:62:BD:06:F1:27:27:87:A5:1C:09:7B:72:34:79:11
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N0UvmwNivQbxJyeHpRwJe3I0eRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:f5:82:28:20:1e:64:69:5b:61:e6:bc:3a:03:09:ea:ce:3d:
         c9:47:60:5a:8c:0f:36:47:9a:47:db:3e:d1:1c:b9:95:26:d7:
         d7:ca:44:1a:4c:e3:6f:09:2c:8b:d0:72:64:59:35:23:53:0f:
         7c:d3:30:6c:6a:7f:61:95:55:6b:66:d9:c2:e1:73:cc:e8:01:
         af:dc:29:b9:e2:ff:e7:38:32:bc:ee:87:b5:6e:5e:7f:cc:8b:
         3b:e7:15:a5:e1:31:89:b8:57:d8:dc:0f:b2:e4:5a:85:3f:df:
         4d:a7:d3:57:18:72:5e:ab:04:1b:09:5e:19:fc:dc:d7:99:46:
         79:8d:d9:6c:de:15:3c:6e:de:01:b0:0d:2f:e6:44:1d:41:90:
         79:fb:63:50:93:e2:2a:1f:24:bc:29:b9:b4:17:ae:93:d1:5f:
         ad:60:fd:45:35:4a:27:49:3d:53:f4:57:df:f0:1b:ee:89:6d:
         53:8b:ca:20:3f:f3:55:8e:0f:87:d2:42:32:a6:8f:97:e0:9d:
         63:d1:57:cd:c8:8b:67:be:9f:9a:87:46:14:b5:0c:f1:09:ef:
         fa:b0:c0:84:97:70:16:c3:e5:ab:97:53:50:e2:83:b0:e6:7e:
         11:83:52:ec:6d:d9:f7:2e:3e:c8:6b:be:20:50:8e:b1:ba:61:
         56:34:83:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hViI1HhVUtuScOAAcWv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ1MmY5YjAzNjJiZDA2ZjEyNzI3ODdhNTFjMDk3YjcyMzQ3OTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEQadkE9/U318VbLey9lFFFcjys+
bS1oDuihuXqQyZ8xDoqpNNzxqUqXalGuBZk15FTgbhng+8wOrFTdeyhs/sw3Vhs/
/s23NP/6Rw2yLt5rPB1AVMhOZNtouZn7Q0mWzTWTFf85XhUKUG5fdoN06NpmyhBP
MIVJugicSCk0L+ZnUx3nB8HFj3BQH1KbTVzcSivhCiLDytdYCrGEjApny1mcOCB3
3yfJOoPcP7Fb0Lw7AuFGAuiXkp1mTCPWWuoEOI3fB42mN41rWGLhypoe7rWzlbnF
ZJxH7qOLFvMfKz7MITKvNUGpWAK+BOeYL/8Q9N/qpjl6tLo6KubCQvfCrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdFL5sDYr0G8Scnh6UcCXtyNHkRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTjBVdm13Tml2UWJ4SnllSHBSd0plM0kwZVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwldXMA0G
CSqGSIb3DQEBCwUAA4IBAQCI9YIoIB5kaVth5rw6Awnqzj3JR2BajA82R5pH2z7R
HLmVJtfXykQaTONvCSyL0HJkWTUjUw980zBsan9hlVVrZtnC4XPM6AGv3Cm54v/n
ODK87oe1bl5/zIs75xWl4TGJuFfY3A+y5FqFP99Np9NXGHJeqwQbCV4Z/NzXmUZ5
jdls3hU8bt4BsA0v5kQdQZB5+2NQk+IqHyS8Kbm0F66T0V+tYP1FNUonST1T9Fff
8BvuiW1Ti8ogP/NVjg+H0kIypo+X4J1j0VfNyItnvp+ah0YUtQzxCe/6sMCEl3AW
w+Wrl1NQ4oOw5n4Rg1Lsbdn3Lj7Ia74gUI6xumFWNINK
-----END CERTIFICATE-----