This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nvf9a338rUvQtBzNwlI7ItGXca0.roa
File:                     Nvf9a338rUvQtBzNwlI7ItGXca0.roa (raw, json)
Hash identifier:          ZPsAoUm5DuJc5Taa3S0fX3hME0sE86RMRTLwGRq1tt4=
Subject key identifier:   36:F7:FD:6B:7D:FC:AD:4B:D0:B4:1C:CD:C2:52:3B:22:D1:97:71:AD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C80AD3BD98033431CE43939C3149B43
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nvf9a338rUvQtBzNwlI7ItGXca0.roa
Signing time:             Fri 02 Jan 2026 02:19:25 +0000
ROA not before:           Fri 02 Jan 2026 02:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152179
IP address blocks:        84.32.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:ad:3b:d9:80:33:43:1c:e4:39:39:c3:14:9b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36f7fd6b7dfcad4bd0b41ccdc2523b22d19771ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6e:20:91:a5:c4:bd:4c:b2:80:28:60:a0:5f:
                    7e:2d:cb:9f:ff:8c:48:a7:70:d3:20:2d:29:44:f8:
                    8d:a7:23:d6:e9:b8:1c:90:1c:f2:f9:6e:d9:35:c5:
                    9b:70:e7:97:78:c3:00:0a:f9:70:a4:61:80:e6:4e:
                    e2:60:29:41:a9:4f:05:f8:21:52:97:ca:91:77:3f:
                    ae:f6:3a:8f:bc:97:e8:dd:d4:23:7f:1a:f7:fb:0c:
                    90:2b:0a:eb:ad:08:3e:85:e2:e2:aa:9a:a9:47:09:
                    03:9d:bc:24:8b:6a:7a:7b:e0:b2:cd:41:4b:38:28:
                    41:fa:71:b5:ef:42:07:45:24:7a:e3:5e:6c:1b:dc:
                    85:9e:b1:9c:46:2a:75:08:10:45:3e:e9:89:18:21:
                    eb:cc:45:1a:16:11:0d:87:f0:f6:f8:36:16:e4:12:
                    02:f4:92:d5:91:f9:25:27:36:a2:38:ee:02:ac:f0:
                    70:4d:ff:57:b3:bd:59:88:22:d1:5d:cc:c6:c4:9a:
                    f3:df:15:a8:07:f1:f0:34:13:82:7a:d3:54:ef:8c:
                    ea:e0:cd:81:e5:8c:6d:90:f6:58:42:1c:b2:12:c2:
                    f6:da:6b:66:ad:4e:40:4c:a9:63:b2:7c:c6:dd:42:
                    3e:22:33:f6:a2:60:62:a1:c5:04:8f:a0:a7:6c:f2:
                    15:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F7:FD:6B:7D:FC:AD:4B:D0:B4:1C:CD:C2:52:3B:22:D1:97:71:AD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nvf9a338rUvQtBzNwlI7ItGXca0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:39:98:45:a5:19:68:60:e7:6d:34:db:14:a2:44:b4:b5:4b:
         d9:56:62:6c:e4:2b:b0:11:84:72:d7:37:98:2b:5d:55:bc:43:
         88:d1:d1:86:4c:14:9c:64:7a:4e:c1:fb:37:f5:22:11:48:92:
         45:fa:21:63:61:5e:e3:0a:d7:7a:cf:6e:5e:e7:bf:ab:da:55:
         f2:9e:74:ff:48:21:6e:8a:4d:25:53:b9:56:45:39:6f:95:24:
         93:3d:c3:81:1e:2e:52:5a:6d:27:00:ad:ef:57:03:0d:8a:18:
         39:18:88:9f:df:ad:3e:93:e5:a5:48:c3:a8:f3:7e:43:f0:53:
         b6:30:66:a6:e4:3d:75:ea:11:50:45:95:af:60:80:fb:d8:76:
         be:d7:05:87:21:2b:a6:6a:3a:53:2f:ee:06:37:42:65:f7:95:
         a0:d1:8b:b3:f7:37:bd:74:68:92:1c:c1:3c:fd:9d:72:f2:89:
         c3:e9:ed:fa:d5:d0:bd:72:9e:fb:91:1c:e2:c6:8a:4d:51:64:
         4d:25:2d:81:e9:ec:e0:66:64:83:b3:e2:56:d4:75:d3:a6:a7:
         e7:96:3d:c2:93:2a:82:1e:1f:b3:3d:58:26:34:5d:4d:b0:53:
         26:24:fb:1c:3a:25:df:9b:f1:c3:d6:d8:11:28:fc:6c:24:14:
         cf:8c:25:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gK072YAzQxzkOTnDFJtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmY3ZmQ2YjdkZmNhZDRiZDBiNDFjY2RjMjUyM2IyMmQxOTc3MWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzm4gkaXEvUyygChgoF9+Lcuf/4xI
p3DTIC0pRPiNpyPW6bgckBzy+W7ZNcWbcOeXeMMACvlwpGGA5k7iYClBqU8F+CFS
l8qRdz+u9jqPvJfo3dQjfxr3+wyQKwrrrQg+heLiqpqpRwkDnbwki2p6e+CyzUFL
OChB+nG170IHRSR6415sG9yFnrGcRip1CBBFPumJGCHrzEUaFhENh/D2+DYW5BIC
9JLVkfklJzaiOO4CrPBwTf9Xs71ZiCLRXczGxJrz3xWoB/HwNBOCetNU74zq4M2B
5YxtkPZYQhyyEsL22mtmrU5ATKljsnzG3UI+IjP2omBiocUEj6CnbPIVNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb3/Wt9/K1L0LQczcJSOyLRl3GtMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTnZmOWEzMzhyVXZRdEJ6TndsSTdJdEdYY2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAVMA0G
CSqGSIb3DQEBCwUAA4IBAQAgOZhFpRloYOdtNNsUokS0tUvZVmJs5CuwEYRy1zeY
K11VvEOI0dGGTBScZHpOwfs39SIRSJJF+iFjYV7jCtd6z25e57+r2lXynnT/SCFu
ik0lU7lWRTlvlSSTPcOBHi5SWm0nAK3vVwMNihg5GIif360+k+WlSMOo835D8FO2
MGam5D116hFQRZWvYID72Ha+1wWHISumajpTL+4GN0Jl95Wg0Yuz9ze9dGiSHME8
/Z1y8onD6e361dC9cp77kRzixopNUWRNJS2B6ezgZmSDs+JW1HXTpqfnlj3CkyqC
Hh+zPVgmNF1NsFMmJPscOiXfm/HD1tgRKPxsJBTPjCWY
-----END CERTIFICATE-----