This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/65XPpJ8B0UDLjo_rBH8QftmyqVA.roa
File:                     65XPpJ8B0UDLjo_rBH8QftmyqVA.roa (raw, json)
Hash identifier:          /nCe4ab35wvdZ2ZW1RceiPXC/RgtUn+BuxAA3UpZf4o=
Subject key identifier:   EB:95:CF:A4:9F:01:D1:40:CB:8E:8F:EB:04:7F:10:7E:D9:B2:A9:50
Certificate issuer:       /CN=9e481c098a649265291d402f5f02fc43dda0fc8c
Certificate serial:       019B7910DE324042A20E7202B45C0315C70B
Authority key identifier: 9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/65XPpJ8B0UDLjo_rBH8QftmyqVA.roa
Signing time:             Thu 01 Jan 2026 10:18:27 +0000
ROA not before:           Thu 01 Jan 2026 10:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208486
IP address blocks:        194.147.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:de:32:40:42:a2:0e:72:02:b4:5c:03:15:c7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e481c098a649265291d402f5f02fc43dda0fc8c
        Validity
            Not Before: Jan  1 10:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb95cfa49f01d140cb8e8feb047f107ed9b2a950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f9:61:81:b4:9c:8b:8f:00:64:35:7b:27:79:
                    de:0e:3a:3c:51:99:30:1c:e9:0c:3c:5b:b6:98:f3:
                    2a:45:1b:a1:03:86:3f:c3:60:1f:60:20:c0:06:b4:
                    cc:de:0e:9f:36:e9:27:52:f4:91:5b:b4:d4:b1:40:
                    6f:c9:41:c6:5d:df:3d:e2:35:15:96:32:6d:ce:3b:
                    1a:c9:d7:ae:80:2c:1c:34:ea:80:29:4f:8d:89:ce:
                    03:01:1f:e0:10:78:ea:40:9d:c6:e8:ff:1a:e6:35:
                    b4:d9:27:16:ff:03:ef:ee:e7:69:f9:8a:8e:9a:13:
                    66:31:b8:ad:ea:29:72:01:00:e3:7c:64:42:1d:ee:
                    ca:00:18:87:25:94:b3:82:4b:3d:0d:b1:e3:ad:c8:
                    eb:20:48:de:df:d7:cf:2e:fc:77:e5:7a:a1:3e:1a:
                    62:c6:d1:2d:93:52:be:b4:fa:ac:59:cf:71:5c:09:
                    95:76:90:2e:f3:b6:2f:5c:51:e2:18:5d:d8:0d:aa:
                    63:71:2c:1e:e1:72:89:9b:97:1a:3f:3e:24:7c:6b:
                    33:b2:c9:13:65:be:e7:1b:3c:df:7c:a8:07:a4:54:
                    d0:f7:c3:74:a0:1f:58:a7:32:a9:ae:52:7b:ef:27:
                    8c:03:47:01:0a:02:81:82:78:0f:7b:ad:9e:60:05:
                    71:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:95:CF:A4:9F:01:D1:40:CB:8E:8F:EB:04:7F:10:7E:D9:B2:A9:50
            X509v3 Authority Key Identifier:
                keyid:9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/65XPpJ8B0UDLjo_rBH8QftmyqVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c2:4d:f3:1b:26:43:1d:79:98:02:cc:fd:54:c0:89:a3:6e:
         0b:ff:85:6b:d5:11:44:83:a2:36:56:8c:c0:71:e0:38:89:f3:
         23:74:c7:5b:b0:27:c2:9c:f4:ff:8f:5f:72:0e:c8:77:0f:16:
         bc:85:ab:c6:3b:41:86:ff:88:89:ec:c8:c1:8c:f8:21:c3:b6:
         39:92:2c:0c:40:40:df:c7:d1:c1:c7:07:b5:43:25:3b:9f:60:
         13:68:c0:f1:96:91:68:6e:44:f5:4f:2e:52:e5:14:56:6b:8b:
         75:15:df:e6:46:71:e2:45:86:c3:df:30:27:94:c4:6d:cc:bd:
         f0:a4:8c:30:5b:13:5f:a3:63:b4:64:4c:b5:a0:9a:fb:eb:1d:
         c2:aa:0b:e7:1b:71:c0:c3:fe:d8:a5:af:ea:17:9f:0d:4e:c6:
         b4:6f:ae:76:2a:f8:f8:2f:e8:68:3a:1d:55:80:7f:ef:5a:52:
         4b:82:f5:66:86:bf:56:32:87:df:43:00:5d:d3:e7:0b:0a:cc:
         b7:9d:38:7b:0f:7b:9f:45:ac:5c:04:01:1f:70:00:e4:f2:21:
         ae:79:02:33:6b:f0:fe:c9:2b:03:ac:15:e8:7e:81:9a:95:eb:
         4c:79:89:ad:52:cb:4b:22:a4:a1:0d:a0:c4:59:e3:45:c5:43:
         e3:60:98:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EN4yQEKiDnICtFwDFccLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDgxYzA5OGE2NDkyNjUyOTFkNDAyZjVmMDJmYzQzZGRh
MGZjOGMwHhcNMjYwMTAxMTAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk1Y2ZhNDlmMDFkMTQwY2I4ZThmZWIwNDdmMTA3ZWQ5YjJhOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/lhgbSci48AZDV7J3neDjo8UZkw
HOkMPFu2mPMqRRuhA4Y/w2AfYCDABrTM3g6fNuknUvSRW7TUsUBvyUHGXd894jUV
ljJtzjsaydeugCwcNOqAKU+Nic4DAR/gEHjqQJ3G6P8a5jW02ScW/wPv7udp+YqO
mhNmMbit6ilyAQDjfGRCHe7KABiHJZSzgks9DbHjrcjrIEje39fPLvx35XqhPhpi
xtEtk1K+tPqsWc9xXAmVdpAu87YvXFHiGF3YDapjcSwe4XKJm5caPz4kfGszsskT
Zb7nGzzffKgHpFTQ98N0oB9YpzKprlJ77yeMA0cBCgKBgngPe62eYAVxawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuVz6SfAdFAy46P6wR/EH7ZsqlQMB8GA1UdIwQY
MBaAFJ5IHAmKZJJlKR1AL18C/EPdoPyMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjkt
ZDY5ODU3ZWY3ZDFhLzEvNjVYUHBKOEIwVURMam9fckJIOFFmdG15cVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjktZDY5ODU3ZWY3ZDFh
LzEvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpPiMA0G
CSqGSIb3DQEBCwUAA4IBAQA6wk3zGyZDHXmYAsz9VMCJo24L/4Vr1RFEg6I2VozA
ceA4ifMjdMdbsCfCnPT/j19yDsh3Dxa8havGO0GG/4iJ7MjBjPghw7Y5kiwMQEDf
x9HBxwe1QyU7n2ATaMDxlpFobkT1Ty5S5RRWa4t1Fd/mRnHiRYbD3zAnlMRtzL3w
pIwwWxNfo2O0ZEy1oJr76x3CqgvnG3HAw/7Ypa/qF58NTsa0b652Kvj4L+hoOh1V
gH/vWlJLgvVmhr9WMoffQwBd0+cLCsy3nTh7D3ufRaxcBAEfcADk8iGueQIza/D+
ySsDrBXofoGaletMeYmtUstLIqShDaDEWeNFxUPjYJgL
-----END CERTIFICATE-----