This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NVEhMCV7JNIwu1MSEBaE5CBuzl8.roa
File:                     NVEhMCV7JNIwu1MSEBaE5CBuzl8.roa (raw, json)
Hash identifier:          R1RZ6OwxpM5DH8eYs+ZMzNdIEnjBQjlJ9VIaJCv7mic=
Subject key identifier:   35:51:21:30:25:7B:24:D2:30:BB:53:12:10:16:84:E4:20:6E:CE:5F
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019B7E38F4EB1FE2C827317C11AF0291A0E5
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NVEhMCV7JNIwu1MSEBaE5CBuzl8.roa
Signing time:             Fri 02 Jan 2026 10:20:20 +0000
ROA not before:           Fri 02 Jan 2026 10:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272073
IP address blocks:        109.122.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:f4:eb:1f:e2:c8:27:31:7c:11:af:02:91:a0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jan  2 10:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35512130257b24d230bb5312101684e4206ece5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b6:4b:e2:7b:65:51:06:9c:14:e7:bc:8d:72:
                    21:ba:3b:61:e3:74:35:0e:b1:44:6b:f8:55:0a:8b:
                    0a:02:fd:6d:8b:e8:59:40:13:6f:dc:83:57:d3:03:
                    38:37:61:02:e0:d2:65:a5:24:4d:a2:20:d3:1c:40:
                    db:e1:95:69:88:a7:db:7d:02:ef:87:2e:42:98:93:
                    6b:59:1d:7c:89:6e:12:2c:ec:c2:ba:6d:db:71:46:
                    75:c8:d8:07:1e:aa:5b:57:ca:b7:e9:b2:c9:dc:11:
                    14:7d:3d:66:63:b5:61:30:c8:f9:27:e8:73:cd:11:
                    ba:b8:24:71:ad:c0:6f:6d:2a:9f:5c:5c:55:8d:6c:
                    be:e7:fb:37:b8:38:d9:6e:76:3f:15:2a:d3:24:85:
                    73:d5:93:24:3c:4a:81:af:6d:f1:4f:78:7f:30:0a:
                    a2:bc:e5:ea:1b:89:c6:a2:7f:d6:f2:56:22:4c:74:
                    ba:c3:eb:72:ef:18:51:07:1f:8c:90:d7:65:b0:38:
                    f3:b4:07:87:c5:3d:37:4a:92:1d:51:38:b2:64:30:
                    1a:ba:11:cc:9f:05:81:88:70:2f:aa:84:b8:be:0a:
                    c5:32:5b:db:25:92:73:3b:20:61:24:86:64:57:d8:
                    44:1f:4b:3b:3e:2a:f1:d9:df:ff:3c:23:c4:96:09:
                    76:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:51:21:30:25:7B:24:D2:30:BB:53:12:10:16:84:E4:20:6E:CE:5F
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NVEhMCV7JNIwu1MSEBaE5CBuzl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:60:32:0a:62:70:69:4d:0b:0b:bd:42:fa:fb:9d:6c:43:fa:
         6a:33:30:a7:59:e9:32:2e:0d:62:3d:ca:93:90:de:0e:70:bf:
         69:df:60:76:44:ab:72:8b:1a:eb:30:4e:da:e2:fa:a1:8e:24:
         e2:1f:f0:72:cf:df:e5:23:88:fa:23:9c:2e:c3:c6:67:a4:7c:
         59:8a:4b:e7:b7:98:5d:5c:ea:1c:a9:bd:f5:3f:7c:f4:3c:43:
         2a:19:ba:e9:d3:16:6e:72:0f:32:e3:01:e5:1a:36:03:3a:bc:
         7c:e3:8c:6c:f1:76:0d:9e:b8:13:68:46:e6:8f:22:73:b1:62:
         28:5d:cd:05:e2:cd:4c:36:51:eb:a7:6a:05:82:57:a8:48:72:
         1d:3a:da:65:dc:72:eb:aa:dd:aa:cd:01:92:49:eb:8c:aa:5d:
         2d:3d:b7:bf:c4:87:1e:c2:ba:89:f3:10:e6:27:0b:22:1e:f1:
         b7:61:c8:75:60:6d:ce:0d:51:37:36:85:16:60:7a:10:0a:a7:
         15:22:7d:ee:23:02:a8:35:84:f9:31:aa:ec:c0:d4:94:f8:b1:
         8b:52:a8:12:c5:fd:5e:a7:e7:2e:71:8f:f2:e5:2d:cf:f9:04:
         68:bc:54:26:bd:f0:62:1a:31:dc:0c:1e:cf:fc:d8:44:0f:62:
         c8:d0:9b:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OPTrH+LIJzF8Ea8CkaDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwMTAyMTAyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTUxMjEzMDI1N2IyNGQyMzBiYjUzMTIxMDE2ODRlNDIwNmVjZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirZL4ntlUQacFOe8jXIhujth43Q1
DrFEa/hVCosKAv1ti+hZQBNv3INX0wM4N2EC4NJlpSRNoiDTHEDb4ZVpiKfbfQLv
hy5CmJNrWR18iW4SLOzCum3bcUZ1yNgHHqpbV8q36bLJ3BEUfT1mY7VhMMj5J+hz
zRG6uCRxrcBvbSqfXFxVjWy+5/s3uDjZbnY/FSrTJIVz1ZMkPEqBr23xT3h/MAqi
vOXqG4nGon/W8lYiTHS6w+ty7xhRBx+MkNdlsDjztAeHxT03SpIdUTiyZDAauhHM
nwWBiHAvqoS4vgrFMlvbJZJzOyBhJIZkV9hEH0s7Pirx2d//PCPElgl2zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVRITAleyTSMLtTEhAWhOQgbs5fMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTlZFaE1DVjdKTkl3dTFNU0VCYUU1Q0J1emw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoRMA0G
CSqGSIb3DQEBCwUAA4IBAQAVYDIKYnBpTQsLvUL6+51sQ/pqMzCnWekyLg1iPcqT
kN4OcL9p32B2RKtyixrrME7a4vqhjiTiH/Byz9/lI4j6I5wuw8ZnpHxZikvnt5hd
XOocqb31P3z0PEMqGbrp0xZucg8y4wHlGjYDOrx844xs8XYNnrgTaEbmjyJzsWIo
Xc0F4s1MNlHrp2oFgleoSHIdOtpl3HLrqt2qzQGSSeuMql0tPbe/xIcewrqJ8xDm
JwsiHvG3Ych1YG3ODVE3NoUWYHoQCqcVIn3uIwKoNYT5MarswNSU+LGLUqgSxf1e
p+cucY/y5S3P+QRovFQmvfBiGjHcDB7P/NhED2LI0Juj
-----END CERTIFICATE-----