This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/NAxRx4Jr0rqPtlJTNXrb35CC0xc.roa
File:                     NAxRx4Jr0rqPtlJTNXrb35CC0xc.roa (raw, json)
Hash identifier:          RsFVL4HNfvBrvPK/cBofT0YHxk3eVLnp1XbozYT7S+s=
Subject key identifier:   34:0C:51:C7:82:6B:D2:BA:8F:B6:52:53:35:7A:DB:DF:90:82:D3:17
Certificate issuer:       /CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
Certificate serial:       019B7834ADF1E434BED64390F845D3EC3DF5
Authority key identifier: EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/NAxRx4Jr0rqPtlJTNXrb35CC0xc.roa
Signing time:             Thu 01 Jan 2026 06:17:56 +0000
ROA not before:           Thu 01 Jan 2026 06:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211936
IP address blocks:        185.33.94.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ad:f1:e4:34:be:d6:43:90:f8:45:d3:ec:3d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
        Validity
            Not Before: Jan  1 06:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=340c51c7826bd2ba8fb65253357adbdf9082d317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:74:f1:c0:dc:cd:d4:fb:73:28:f2:82:19:54:
                    f5:b0:da:bc:3c:97:61:8a:a3:d1:4e:14:90:d7:98:
                    55:20:9e:6a:b5:4e:0f:07:18:fd:53:ec:52:c6:d0:
                    88:dd:fa:be:48:81:ee:9e:4f:d1:8b:fe:37:b7:5a:
                    17:29:2c:46:e1:70:77:c1:78:bd:a4:5f:0a:53:95:
                    2a:75:3e:a8:e6:d1:50:8d:03:cc:30:69:14:96:c4:
                    f7:4b:56:13:d7:e2:7c:ca:bf:6f:54:ef:53:5b:94:
                    a5:fd:07:24:c1:01:d7:ef:22:d7:06:3e:ec:68:b7:
                    5f:b6:a8:1a:76:0a:12:d2:bb:35:b2:80:20:ca:f9:
                    ed:82:68:b7:18:f8:52:5f:0a:e2:ea:5a:91:98:f5:
                    f8:d1:8b:94:8d:ff:38:ee:f4:7e:cc:12:92:0f:64:
                    c7:07:ef:1d:f4:6a:d3:5c:7d:34:03:12:8c:36:88:
                    49:7e:15:10:07:11:fe:5a:49:3d:76:32:fa:ea:89:
                    1c:ff:ec:c0:db:26:73:a8:33:5e:27:a1:a5:1a:91:
                    17:f2:45:85:77:1a:5b:d1:3c:7b:c6:93:ad:c0:01:
                    8d:65:84:84:ee:97:0c:bf:88:1e:92:5f:2e:0c:d1:
                    71:8c:72:15:24:d8:b2:01:28:c9:1d:e3:4f:6d:de:
                    aa:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:0C:51:C7:82:6B:D2:BA:8F:B6:52:53:35:7A:DB:DF:90:82:D3:17
            X509v3 Authority Key Identifier:
                keyid:EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/NAxRx4Jr0rqPtlJTNXrb35CC0xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:51:5b:03:24:95:95:f3:cd:12:65:43:6b:24:72:8d:f0:1c:
         28:b7:9b:4f:39:11:2e:e9:28:75:bc:d5:60:86:6f:80:c1:dc:
         dd:ef:39:26:2c:0e:b5:1b:2e:a4:b5:fa:6a:8d:13:2c:ca:e1:
         b9:b8:ce:08:28:c5:8f:ea:b8:93:d4:db:6d:e4:95:a4:64:bf:
         e5:8b:65:88:c4:91:59:29:32:8f:30:fa:9f:a5:73:64:b2:da:
         e2:ec:2f:14:50:20:b3:18:e3:1c:11:34:c8:46:c3:f0:eb:27:
         a9:db:3e:a3:52:f5:9c:73:e8:09:24:4d:04:80:e2:05:3c:bc:
         88:82:14:b5:fe:8b:f7:96:db:02:8a:b7:52:63:9e:f1:94:d9:
         5c:90:13:e3:03:19:d1:14:9b:da:8e:9e:79:86:9d:65:11:23:
         ca:27:e2:a1:f1:44:7f:80:d0:df:5c:3c:d0:0b:4e:57:8f:99:
         f7:84:d2:e6:04:b9:35:3d:6f:4b:c3:31:cb:17:fa:fd:27:7a:
         52:31:b5:6b:2b:e4:33:94:44:86:28:00:ff:44:1f:83:69:1e:
         61:11:ce:60:3a:f3:1b:d8:e4:83:b6:b1:22:b2:c9:90:87:3c:
         4f:48:d2:3c:63:2a:69:9a:0c:10:f9:50:52:97:41:65:f8:bf:
         02:59:bc:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NK3x5DS+1kOQ+EXT7D31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYzY2NDAzYWQwYzQ1MzdhZjljMzJiMGRlZjBjNTJhYzJh
YWIxMDQwHhcNMjYwMTAxMDYxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDBjNTFjNzgyNmJkMmJhOGZiNjUyNTMzNTdhZGJkZjkwODJkMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13TxwNzN1PtzKPKCGVT1sNq8PJdh
iqPRThSQ15hVIJ5qtU4PBxj9U+xSxtCI3fq+SIHunk/Ri/43t1oXKSxG4XB3wXi9
pF8KU5UqdT6o5tFQjQPMMGkUlsT3S1YT1+J8yr9vVO9TW5Sl/QckwQHX7yLXBj7s
aLdftqgadgoS0rs1soAgyvntgmi3GPhSXwri6lqRmPX40YuUjf847vR+zBKSD2TH
B+8d9GrTXH00AxKMNohJfhUQBxH+Wkk9djL66okc/+zA2yZzqDNeJ6GlGpEX8kWF
dxpb0Tx7xpOtwAGNZYSE7pcMv4gekl8uDNFxjHIVJNiyASjJHeNPbd6qBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQMUceCa9K6j7ZSUzV629+QgtMXMB8GA1UdIwQY
MBaAFOvGZAOtDEU3r5wysN7wxSrCqrEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMt
ZDFhOWRhNGExMzBkLzEvTkF4Ung0SnIwcnFQdGxKVE5YcmIzNUNDMHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMtZDFhOWRhNGExMzBk
LzEvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSFeMA0G
CSqGSIb3DQEBCwUAA4IBAQAxUVsDJJWV880SZUNrJHKN8Bwot5tPOREu6Sh1vNVg
hm+Awdzd7zkmLA61Gy6ktfpqjRMsyuG5uM4IKMWP6riT1Ntt5JWkZL/li2WIxJFZ
KTKPMPqfpXNkstri7C8UUCCzGOMcETTIRsPw6yep2z6jUvWcc+gJJE0EgOIFPLyI
ghS1/ov3ltsCirdSY57xlNlckBPjAxnRFJvajp55hp1lESPKJ+Kh8UR/gNDfXDzQ
C05Xj5n3hNLmBLk1PW9LwzHLF/r9J3pSMbVrK+QzlESGKAD/RB+DaR5hEc5gOvMb
2OSDtrEissmQhzxPSNI8YyppmgwQ+VBSl0Fl+L8CWbwu
-----END CERTIFICATE-----