This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/5NCPJAHZuuvT_Y3OLL7H8HuHVKg.roa
File:                     5NCPJAHZuuvT_Y3OLL7H8HuHVKg.roa (raw, json)
Hash identifier:          Bkja5xY8wPIuCivflgBr5uP8e0j+G2X5xzd/ng/E16A=
Subject key identifier:   E4:D0:8F:24:01:D9:BA:EB:D3:FD:8D:CE:2C:BE:C7:F0:7B:87:54:A8
Certificate issuer:       /CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
Certificate serial:       019B77C6891B59BD9B070853538C0CD601F4
Authority key identifier: DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/5NCPJAHZuuvT_Y3OLL7H8HuHVKg.roa
Signing time:             Thu 01 Jan 2026 04:17:38 +0000
ROA not before:           Thu 01 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62105
IP address blocks:        185.128.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:89:1b:59:bd:9b:07:08:53:53:8c:0c:d6:01:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
        Validity
            Not Before: Jan  1 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4d08f2401d9baebd3fd8dce2cbec7f07b8754a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:99:f7:35:96:e5:cf:a0:78:28:cf:f0:4a:bf:
                    09:2c:4f:04:12:19:44:fa:c9:e2:da:92:67:db:15:
                    99:42:86:fe:80:4b:52:8b:aa:0b:d2:97:d1:43:24:
                    c4:74:43:03:f8:ab:61:79:78:48:89:cc:c3:91:e5:
                    fb:d4:f1:ed:24:6c:8b:c3:a5:d8:8e:ed:b2:0d:5d:
                    95:7b:9b:f3:cc:52:73:e7:0f:06:76:c8:ba:07:e2:
                    9b:3d:17:7c:93:7f:88:f5:88:28:0f:a7:6d:18:be:
                    c3:e6:40:47:70:38:fc:16:2b:1a:ff:a2:4e:5f:5b:
                    3f:24:8d:25:08:32:71:94:a7:8d:a6:ac:ad:5e:b8:
                    97:4d:0f:ee:87:8e:89:8a:ed:11:d8:8d:2d:51:f9:
                    09:85:9e:62:48:44:ab:8b:ae:a4:14:17:cc:ba:6c:
                    3f:42:31:c7:ca:34:d8:36:0e:67:dd:1e:b0:3c:5a:
                    ba:1c:b5:a5:5f:bc:8d:3b:d1:6e:45:2f:f2:cd:c7:
                    2a:65:89:c6:a6:d2:ad:c5:96:67:be:e7:02:21:ea:
                    e8:7f:20:8d:18:55:c1:6e:f6:68:88:91:e7:a2:ba:
                    ae:dd:c6:ba:7c:bf:5f:58:96:4b:ce:24:eb:04:1d:
                    dd:2b:bb:39:f0:2c:fa:d8:4f:8d:59:c2:b4:b6:d5:
                    6a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D0:8F:24:01:D9:BA:EB:D3:FD:8D:CE:2C:BE:C7:F0:7B:87:54:A8
            X509v3 Authority Key Identifier:
                keyid:DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/5NCPJAHZuuvT_Y3OLL7H8HuHVKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:9e:9c:c2:52:d3:b0:8a:2f:79:e2:7e:a1:a4:7b:85:e7:a0:
         ba:65:95:9b:d1:be:02:1f:44:84:2e:36:cd:2e:44:37:f3:e6:
         06:0b:3a:88:f7:2b:e0:07:d2:12:aa:f6:b0:e5:b0:2b:5e:06:
         67:f6:0f:10:13:7b:71:d2:ae:d8:5f:f1:ef:d5:57:5d:1e:da:
         fe:3f:15:2f:88:c3:eb:33:20:3f:f6:68:57:08:6a:b6:94:6e:
         a4:a9:a4:f7:19:85:1e:24:a5:1c:91:a7:78:d1:df:cb:b3:a3:
         0a:41:11:39:0a:22:83:40:92:3d:6e:31:88:55:f5:02:fb:b8:
         9d:83:8f:5c:7d:89:c5:71:1a:2d:5b:d1:68:ef:85:c2:22:59:
         90:59:56:71:b4:1f:8a:f0:30:77:17:fe:df:4d:5f:77:6c:b4:
         bf:c7:91:fe:fa:78:6b:b5:a2:05:bf:37:7d:a4:08:a1:fe:e2:
         77:99:af:25:a7:af:ca:3d:94:d5:a9:14:e7:c3:75:ac:40:8b:
         51:97:bf:9c:65:85:b0:e0:66:2c:e6:c3:9e:63:56:6c:c6:2e:
         92:27:72:53:fd:fd:d3:c1:f2:aa:b6:f0:64:d2:23:7a:e3:4d:
         dc:4d:9e:f9:72:01:6f:ea:de:c6:ef:cb:2d:58:8f:83:0e:93:
         37:fd:73:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xokbWb2bBwhTU4wM1gH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTRhNDI5ZTY2NThhYmI3MGEzNzkyYzE3MmQ3ZWQ2MmVi
OGZhMjYwHhcNMjYwMTAxMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQwOGYyNDAxZDliYWViZDNmZDhkY2UyY2JlYzdmMDdiODc1NGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZn3NZblz6B4KM/wSr8JLE8EEhlE
+sni2pJn2xWZQob+gEtSi6oL0pfRQyTEdEMD+KtheXhIiczDkeX71PHtJGyLw6XY
ju2yDV2Ve5vzzFJz5w8Gdsi6B+KbPRd8k3+I9YgoD6dtGL7D5kBHcDj8Fisa/6JO
X1s/JI0lCDJxlKeNpqytXriXTQ/uh46Jiu0R2I0tUfkJhZ5iSESri66kFBfMumw/
QjHHyjTYNg5n3R6wPFq6HLWlX7yNO9FuRS/yzccqZYnGptKtxZZnvucCIerofyCN
GFXBbvZoiJHnorqu3ca6fL9fWJZLziTrBB3dK7s58Cz62E+NWcK0ttVqowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTQjyQB2brr0/2Nziy+x/B7h1SoMB8GA1UdIwQY
MBaAFN4UpCnmZYq7cKN5LBctftYuuPomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEt
MDVkOWMxY2Q3NDI1LzEvNU5DUEpBSFp1dXZUX1kzT0xMN0g4SHVIVktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEtMDVkOWMxY2Q3NDI1
LzEvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYALMA0G
CSqGSIb3DQEBCwUAA4IBAQCfnpzCUtOwii954n6hpHuF56C6ZZWb0b4CH0SELjbN
LkQ38+YGCzqI9yvgB9ISqvaw5bArXgZn9g8QE3tx0q7YX/Hv1VddHtr+PxUviMPr
MyA/9mhXCGq2lG6kqaT3GYUeJKUckad40d/Ls6MKQRE5CiKDQJI9bjGIVfUC+7id
g49cfYnFcRotW9Fo74XCIlmQWVZxtB+K8DB3F/7fTV93bLS/x5H++nhrtaIFvzd9
pAih/uJ3ma8lp6/KPZTVqRTnw3WsQItRl7+cZYWw4GYs5sOeY1Zsxi6SJ3JT/f3T
wfKqtvBk0iN6403cTZ75cgFv6t7G78stWI+DDpM3/XOZ
-----END CERTIFICATE-----