This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/nNuKOyzIzGTmwQXRbtMZnXxqNGU.roa
File:                     nNuKOyzIzGTmwQXRbtMZnXxqNGU.roa (raw, json)
Hash identifier:          pxyHPXJVvBIPu6pK4/g/RHWK47X4cy2XKV2yuRdADe0=
Subject key identifier:   9C:DB:8A:3B:2C:C8:CC:64:E6:C1:05:D1:6E:D3:19:9D:7C:6A:34:65
Certificate issuer:       /CN=212eaf59a2bff3cab118711894478bb9eff93b85
Certificate serial:       019B7B36C21EF9E9CC07C28918FF6007779E
Authority key identifier: 21:2E:AF:59:A2:BF:F3:CA:B1:18:71:18:94:47:8B:B9:EF:F9:3B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/nNuKOyzIzGTmwQXRbtMZnXxqNGU.roa
Signing time:             Thu 01 Jan 2026 20:19:04 +0000
ROA not before:           Thu 01 Jan 2026 20:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24958
IP address blocks:        185.10.14.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:c2:1e:f9:e9:cc:07:c2:89:18:ff:60:07:77:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=212eaf59a2bff3cab118711894478bb9eff93b85
        Validity
            Not Before: Jan  1 20:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9cdb8a3b2cc8cc64e6c105d16ed3199d7c6a3465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cc:a6:a3:14:bd:59:0d:8e:1f:ed:d4:83:df:
                    52:d3:38:7e:fa:3a:63:eb:f9:71:eb:1c:58:b5:73:
                    92:37:36:95:7c:7a:44:57:9a:9c:e7:ee:6e:24:c3:
                    d7:3a:66:2d:e7:a3:01:a3:47:14:5b:ca:6d:b6:ea:
                    08:0e:7e:56:94:c5:a6:4b:e2:4e:1a:eb:d8:89:eb:
                    8c:ab:fe:21:9d:ad:10:08:24:18:0f:98:dd:e2:db:
                    ea:26:57:2e:63:bd:b0:d9:81:29:45:e5:98:8e:df:
                    37:35:79:8b:a2:22:f1:c3:4b:84:bd:a9:94:84:b5:
                    c0:1b:55:a0:c1:9f:c9:0d:98:1f:14:c8:6e:ad:01:
                    02:a3:b4:c5:45:c0:48:b2:a2:86:d9:c6:8e:e9:e5:
                    79:40:bc:c3:67:a7:98:a1:58:06:ed:0e:73:01:7d:
                    86:4d:fc:53:d2:fd:de:3c:64:20:37:9a:f1:0b:b4:
                    b0:51:1c:9a:c3:42:42:6d:d2:c4:1e:c5:e9:9e:38:
                    13:4c:e8:4c:13:47:a9:39:4a:4b:85:5d:08:b9:7d:
                    8f:89:55:34:45:a2:bf:41:81:08:76:b5:f0:cb:dc:
                    0c:aa:45:74:51:6e:6c:4f:74:7f:71:cb:e3:c7:48:
                    f4:37:99:d9:e9:98:1f:ac:fd:e5:5f:76:9f:fb:9a:
                    77:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DB:8A:3B:2C:C8:CC:64:E6:C1:05:D1:6E:D3:19:9D:7C:6A:34:65
            X509v3 Authority Key Identifier:
                keyid:21:2E:AF:59:A2:BF:F3:CA:B1:18:71:18:94:47:8B:B9:EF:F9:3B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/nNuKOyzIzGTmwQXRbtMZnXxqNGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:80:69:4b:4d:9d:ae:4b:80:64:0f:da:f9:cf:20:03:6f:e7:
         b1:69:a7:20:ab:e2:45:bf:ab:49:3a:ad:b7:e8:89:8e:ec:e2:
         16:a4:9b:31:ad:3f:f8:cf:fb:e3:ac:76:d8:cc:e6:2f:41:36:
         9f:82:1e:b8:8c:47:6b:ee:fc:69:21:78:40:16:97:0a:a3:5e:
         3f:ab:1f:67:ac:bb:f7:45:90:da:81:c5:fa:a4:8f:25:be:83:
         83:26:0c:34:f3:84:75:f8:69:11:eb:45:90:cd:b0:0e:e2:8c:
         eb:c7:5e:9f:25:79:3e:9b:02:e8:15:2b:5b:1b:3b:b6:cd:31:
         f8:9f:a6:87:82:dd:34:49:e0:2e:50:d1:2e:3a:bb:0b:43:fa:
         da:5e:c2:4c:53:bf:92:60:94:5c:3a:42:47:ea:c7:e4:02:27:
         0c:67:b0:e9:dc:04:c0:2f:55:cc:c0:54:fd:7a:22:05:b1:7c:
         6b:87:a3:22:f8:fd:88:db:0b:54:5a:b9:1e:6e:03:0e:24:e1:
         e9:59:9c:1b:c6:c7:e0:72:9d:ec:50:00:89:66:ff:f3:a8:d3:
         15:df:63:d6:02:b7:c5:03:b2:d2:c1:f2:82:1f:89:7e:5c:74:
         57:28:3e:d3:04:6c:9d:29:7d:e3:54:f2:84:a8:08:36:89:4f:
         3e:0c:6c:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NsIe+enMB8KJGP9gB3eeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMmVhZjU5YTJiZmYzY2FiMTE4NzExODk0NDc4YmI5ZWZm
OTNiODUwHhcNMjYwMTAxMjAxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RiOGEzYjJjYzhjYzY0ZTZjMTA1ZDE2ZWQzMTk5ZDdjNmEzNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsymoxS9WQ2OH+3Ug99S0zh++jpj
6/lx6xxYtXOSNzaVfHpEV5qc5+5uJMPXOmYt56MBo0cUW8pttuoIDn5WlMWmS+JO
GuvYieuMq/4hna0QCCQYD5jd4tvqJlcuY72w2YEpReWYjt83NXmLoiLxw0uEvamU
hLXAG1WgwZ/JDZgfFMhurQECo7TFRcBIsqKG2caO6eV5QLzDZ6eYoVgG7Q5zAX2G
TfxT0v3ePGQgN5rxC7SwURyaw0JCbdLEHsXpnjgTTOhME0epOUpLhV0IuX2PiVU0
RaK/QYEIdrXwy9wMqkV0UW5sT3R/ccvjx0j0N5nZ6ZgfrP3lX3af+5p3GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzbijssyMxk5sEF0W7TGZ18ajRlMB8GA1UdIwQY
MBaAFCEur1miv/PKsRhxGJRHi7nv+TuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVM2dldhS184OHF4R0hFWWxFZUx1ZV81TzRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yOGY2YWMtZjgwNS00YzkxLWI0ZWEt
MTk0ODg3YmRhNDIzLzEvbk51S095ekl6R1Rtd1FYUmJ0TVpuWHhxTkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yOGY2YWMtZjgwNS00YzkxLWI0ZWEtMTk0ODg3YmRhNDIz
LzEvSVM2dldhS184OHF4R0hFWWxFZUx1ZV81TzRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQoOMA0G
CSqGSIb3DQEBCwUAA4IBAQB/gGlLTZ2uS4BkD9r5zyADb+exaacgq+JFv6tJOq23
6ImO7OIWpJsxrT/4z/vjrHbYzOYvQTafgh64jEdr7vxpIXhAFpcKo14/qx9nrLv3
RZDagcX6pI8lvoODJgw084R1+GkR60WQzbAO4ozrx16fJXk+mwLoFStbGzu2zTH4
n6aHgt00SeAuUNEuOrsLQ/raXsJMU7+SYJRcOkJH6sfkAicMZ7Dp3ATAL1XMwFT9
eiIFsXxrh6Mi+P2I2wtUWrkebgMOJOHpWZwbxsfgcp3sUACJZv/zqNMV32PWArfF
A7LSwfKCH4l+XHRXKD7TBGydKX3jVPKEqAg2iU8+DGzc
-----END CERTIFICATE-----