This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NGMLQHasbncixbwf8KyPlkWmjD4.roa
File:                     NGMLQHasbncixbwf8KyPlkWmjD4.roa (raw, json)
Hash identifier:          GF01Zm+O7maqUlSml+DBIOBVqISz45g50bh49AgDg/8=
Subject key identifier:   34:63:0B:40:76:AC:6E:77:22:C5:BC:1F:F0:AC:8F:96:45:A6:8C:3E
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F145EEADCBC60328D58A3B758939AF5
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NGMLQHasbncixbwf8KyPlkWmjD4.roa
Signing time:             Fri 02 Jan 2026 14:19:59 +0000
ROA not before:           Fri 02 Jan 2026 14:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206424
IP address blocks:        193.233.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:5e:ea:dc:bc:60:32:8d:58:a3:b7:58:93:9a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34630b4076ac6e7722c5bc1ff0ac8f9645a68c3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:05:de:2c:77:20:30:fb:70:d3:0d:2b:74:48:
                    ec:f6:8c:14:8e:58:a9:83:8f:1d:8f:9f:ad:f8:71:
                    38:68:f5:66:9c:be:b7:96:9f:c4:a4:01:0b:14:19:
                    86:f5:f9:6e:5e:b8:23:22:75:72:ab:76:72:9f:18:
                    5c:00:a4:71:3c:c8:df:dd:45:58:6a:47:42:e8:41:
                    95:41:8e:46:58:da:ed:63:51:f2:1e:bf:99:99:89:
                    21:92:47:f6:46:9a:bd:01:e5:99:3e:b7:9a:12:9e:
                    3b:cf:52:c7:9c:06:c0:ac:4a:f3:98:db:49:af:a2:
                    02:81:95:be:3c:af:5f:14:4d:b3:9b:16:7c:1d:e4:
                    c2:b6:a9:a2:6c:47:f6:39:78:5b:31:41:a4:52:8d:
                    fb:3e:7b:62:27:8e:b9:ee:13:39:2b:fa:d7:dd:10:
                    4c:42:88:2c:9b:79:d9:41:18:3b:8a:8c:60:a2:b8:
                    8f:03:25:82:56:c3:dc:c2:dd:c8:3d:f3:ff:69:60:
                    87:0b:07:22:43:ed:61:d4:da:81:02:2c:7c:bb:ca:
                    da:cf:c2:bd:da:83:b5:41:18:c4:68:fa:c8:b4:c7:
                    8d:cf:b1:1e:42:6d:62:07:88:e9:33:a8:a4:b0:68:
                    82:3d:d2:9e:d1:9f:25:2f:43:aa:ca:91:7f:f9:ec:
                    c3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:63:0B:40:76:AC:6E:77:22:C5:BC:1F:F0:AC:8F:96:45:A6:8C:3E
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NGMLQHasbncixbwf8KyPlkWmjD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:97:65:48:e8:b4:9f:cb:74:3b:c7:c6:43:83:eb:5e:7b:ff:
         7e:ed:85:e2:d9:12:fa:42:00:83:20:c2:e0:50:e3:0a:5a:17:
         23:54:b0:21:6e:f6:de:a6:4c:49:fd:24:d0:c4:f7:f4:b9:a0:
         b3:cb:94:77:03:2d:c8:9c:ec:93:69:51:30:4d:4a:9e:4b:45:
         bc:15:62:ad:06:84:15:82:f1:7c:99:55:9c:58:ff:c4:36:5e:
         62:a0:11:47:6f:fb:67:99:16:7c:f1:e2:13:39:78:d8:1d:f7:
         7b:e6:44:2b:2f:f1:9c:4a:1d:ec:47:5a:ed:22:d6:77:2b:52:
         f7:70:84:7c:2e:e1:2a:3e:9d:ea:9e:b6:50:75:ce:0f:bd:1d:
         d6:4e:96:ef:ec:22:a3:7b:95:67:e7:d1:1c:67:55:99:72:f7:
         86:7c:26:2b:ea:ca:3b:13:97:bd:0a:b7:23:4c:1a:9b:1b:81:
         94:aa:2c:19:1f:eb:1d:f9:b6:f1:00:31:0e:47:80:4e:ab:79:
         9f:de:0e:f6:3d:b0:80:c1:b0:0f:d6:73:ad:14:07:9a:4d:ec:
         bf:20:80:19:06:89:56:5f:51:94:04:11:d9:44:5d:e3:09:28:
         61:0e:7e:92:94:9c:71:b9:5d:fd:db:82:19:f5:20:22:7a:49:
         e3:51:90:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FF7q3LxgMo1Yo7dYk5r1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDYzMGI0MDc2YWM2ZTc3MjJjNWJjMWZmMGFjOGY5NjQ1YTY4YzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywXeLHcgMPtw0w0rdEjs9owUjlip
g48dj5+t+HE4aPVmnL63lp/EpAELFBmG9fluXrgjInVyq3ZynxhcAKRxPMjf3UVY
akdC6EGVQY5GWNrtY1HyHr+ZmYkhkkf2Rpq9AeWZPreaEp47z1LHnAbArErzmNtJ
r6ICgZW+PK9fFE2zmxZ8HeTCtqmibEf2OXhbMUGkUo37PntiJ4657hM5K/rX3RBM
Qogsm3nZQRg7ioxgoriPAyWCVsPcwt3IPfP/aWCHCwciQ+1h1NqBAix8u8raz8K9
2oO1QRjEaPrItMeNz7EeQm1iB4jpM6iksGiCPdKe0Z8lL0OqypF/+ezDUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRjC0B2rG53IsW8H/Csj5ZFpow+MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvTkdNTFFIYXNibmNpeGJ3ZjhLeVBsa1dtakQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelpMA0G
CSqGSIb3DQEBCwUAA4IBAQB9l2VI6LSfy3Q7x8ZDg+tee/9+7YXi2RL6QgCDIMLg
UOMKWhcjVLAhbvbepkxJ/STQxPf0uaCzy5R3Ay3InOyTaVEwTUqeS0W8FWKtBoQV
gvF8mVWcWP/ENl5ioBFHb/tnmRZ88eITOXjYHfd75kQrL/GcSh3sR1rtItZ3K1L3
cIR8LuEqPp3qnrZQdc4PvR3WTpbv7CKje5Vn59EcZ1WZcveGfCYr6so7E5e9Crcj
TBqbG4GUqiwZH+sd+bbxADEOR4BOq3mf3g72PbCAwbAP1nOtFAeaTey/IIAZBolW
X1GUBBHZRF3jCShhDn6SlJxxuV3924IZ9SAieknjUZDh
-----END CERTIFICATE-----