This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/NPY5R79BjDs2BN9ZK1iHmFXoWXk.roa
File:                     NPY5R79BjDs2BN9ZK1iHmFXoWXk.roa (raw, json)
Hash identifier:          s2DNO9mL4NaiBwxc12CWZhJRXCSSZJIfWr7Kxeaj0qg=
Subject key identifier:   34:F6:39:47:BF:41:8C:3B:36:04:DF:59:2B:58:87:98:55:E8:59:79
Certificate issuer:       /CN=5bbd481841154bcefcaca7b3045c0bef4a734db2
Certificate serial:       019B7EA649E38BB5450A121A0BF3462D779A
Authority key identifier: 5B:BD:48:18:41:15:4B:CE:FC:AC:A7:B3:04:5C:0B:EF:4A:73:4D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/NPY5R79BjDs2BN9ZK1iHmFXoWXk.roa
Signing time:             Fri 02 Jan 2026 12:19:45 +0000
ROA not before:           Fri 02 Jan 2026 12:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213940
IP address blocks:        64.39.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:49:e3:8b:b5:45:0a:12:1a:0b:f3:46:2d:77:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bbd481841154bcefcaca7b3045c0bef4a734db2
        Validity
            Not Before: Jan  2 12:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34f63947bf418c3b3604df592b58879855e85979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:34:df:00:8d:90:d2:82:e7:e5:b8:4d:ff:0d:
                    8d:20:a9:92:a6:16:a2:90:f6:af:c7:dd:2d:3e:07:
                    ff:ce:79:1d:64:6c:f1:7a:f7:f8:d6:e7:b6:e5:ea:
                    0c:05:97:01:1d:b0:98:a5:0f:ce:a9:5b:6f:43:46:
                    82:e9:fe:f8:bd:05:ec:1f:47:2d:d0:96:6d:17:2a:
                    95:61:a0:d6:94:62:34:fd:da:4e:48:8d:4b:09:ea:
                    76:39:b9:91:7e:60:5f:73:5f:89:1a:cb:de:c3:af:
                    6a:25:87:a2:29:3d:12:3c:cb:f8:13:0a:5a:5a:4b:
                    5a:88:8e:89:5c:19:64:72:a9:54:ce:dc:95:ab:49:
                    24:13:f9:2b:e8:cf:23:ce:b2:cf:c8:c6:ac:ae:b5:
                    93:7e:fd:0d:f2:d9:66:ec:b3:82:e7:45:34:c7:8f:
                    dd:f8:8c:59:3a:29:97:f0:ba:78:02:31:d2:0f:d9:
                    fa:88:0f:ea:e7:31:8d:76:cb:b1:2a:db:9c:3d:17:
                    ac:db:11:e7:2c:34:52:a4:13:ed:22:ca:9d:e4:89:
                    c7:06:f1:ea:df:44:cd:11:d5:e7:72:44:c6:d8:74:
                    64:04:13:1b:57:d3:44:cf:7e:65:6d:a2:de:a6:93:
                    9c:e9:19:f0:3d:27:6b:fc:11:3f:25:a5:f6:66:69:
                    c3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F6:39:47:BF:41:8C:3B:36:04:DF:59:2B:58:87:98:55:E8:59:79
            X509v3 Authority Key Identifier:
                keyid:5B:BD:48:18:41:15:4B:CE:FC:AC:A7:B3:04:5C:0B:EF:4A:73:4D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/NPY5R79BjDs2BN9ZK1iHmFXoWXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.39.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:b1:f7:c0:1e:63:4f:d5:56:97:c2:63:e1:6e:ae:72:bf:69:
         70:25:c1:d0:1d:7f:6f:cd:c5:a9:33:1e:55:49:0b:05:0c:77:
         40:28:07:ea:38:cb:9d:93:10:4a:85:3d:48:de:a1:70:54:14:
         18:13:50:a5:d2:4f:7a:b4:b7:21:9d:7b:d3:f0:bc:30:20:0a:
         35:79:44:51:57:a4:a4:8f:1c:5c:f0:bc:47:4d:f8:81:87:1b:
         89:99:f5:fd:2c:90:db:45:89:44:f6:26:41:52:bc:9b:0b:03:
         4c:af:29:07:62:0e:52:2a:97:0d:ca:4a:84:a9:a7:08:4f:b7:
         8c:fa:4e:6a:30:a1:cd:3b:51:ef:0a:c3:98:c2:d1:5c:d2:aa:
         9a:96:38:07:4e:c2:56:44:c4:4b:07:ae:c0:e6:c0:02:6d:9a:
         8b:f8:3a:ce:07:b3:c9:f6:46:20:66:e5:95:95:58:4d:49:61:
         aa:d1:f1:fd:7b:f4:95:3c:fa:25:11:e6:da:12:ea:87:e4:73:
         3a:7d:13:90:35:ed:22:89:fa:76:06:69:6b:58:f0:f8:6e:2a:
         c6:c8:89:20:11:72:b4:01:5d:30:bc:91:0d:cb:5a:6c:84:06:
         85:a2:f5:94:83:f8:07:9d:d1:d7:4d:57:12:bd:fe:38:30:13:
         22:40:ec:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pknji7VFChIaC/NGLXeaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYmQ0ODE4NDExNTRiY2VmY2FjYTdiMzA0NWMwYmVmNGE3
MzRkYjIwHhcNMjYwMTAyMTIxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGY2Mzk0N2JmNDE4YzNiMzYwNGRmNTkyYjU4ODc5ODU1ZTg1OTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDTfAI2Q0oLn5bhN/w2NIKmSphai
kPavx90tPgf/znkdZGzxevf41ue25eoMBZcBHbCYpQ/OqVtvQ0aC6f74vQXsH0ct
0JZtFyqVYaDWlGI0/dpOSI1LCep2ObmRfmBfc1+JGsvew69qJYeiKT0SPMv4Ewpa
WktaiI6JXBlkcqlUztyVq0kkE/kr6M8jzrLPyMasrrWTfv0N8tlm7LOC50U0x4/d
+IxZOimX8Lp4AjHSD9n6iA/q5zGNdsuxKtucPRes2xHnLDRSpBPtIsqd5InHBvHq
30TNEdXnckTG2HRkBBMbV9NEz35lbaLeppOc6RnwPSdr/BE/JaX2ZmnDrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT2OUe/QYw7NgTfWStYh5hV6Fl5MB8GA1UdIwQY
MBaAFFu9SBhBFUvO/KynswRcC+9Kc02yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzcxSUdFRVZTODc4cktlekJGd0w3MHB6VGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81ZGMxOTUtMGQ5OS00ODNlLWI0NDkt
Y2UyMjcwNDJkZGEyLzEvTlBZNVI3OUJqRHMyQk45WksxaUhtRlhvV1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81ZGMxOTUtMGQ5OS00ODNlLWI0NDktY2UyMjcwNDJkZGEy
LzEvVzcxSUdFRVZTODc4cktlekJGd0w3MHB6VGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQCfkMA0G
CSqGSIb3DQEBCwUAA4IBAQAhsffAHmNP1VaXwmPhbq5yv2lwJcHQHX9vzcWpMx5V
SQsFDHdAKAfqOMudkxBKhT1I3qFwVBQYE1Cl0k96tLchnXvT8LwwIAo1eURRV6Sk
jxxc8LxHTfiBhxuJmfX9LJDbRYlE9iZBUrybCwNMrykHYg5SKpcNykqEqacIT7eM
+k5qMKHNO1HvCsOYwtFc0qqaljgHTsJWRMRLB67A5sACbZqL+DrOB7PJ9kYgZuWV
lVhNSWGq0fH9e/SVPPolEebaEuqH5HM6fROQNe0iifp2BmlrWPD4birGyIkgEXK0
AV0wvJENy1pshAaFovWUg/gHndHXTVcSvf44MBMiQOwU
-----END CERTIFICATE-----