This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NyfS9ii7a09V_-xKfted2ZpCkyY.roa
File:                     NyfS9ii7a09V_-xKfted2ZpCkyY.roa (raw, json)
Hash identifier:          BnCPqKh9vWN1Ky6IpnTrtHg76yBabg3+klLt6uZW7Xg=
Subject key identifier:   37:27:D2:F6:28:BB:6B:4F:55:FF:EC:4A:7E:D7:9D:D9:9A:42:93:26
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C80A244C7C7400A4742C9635576215D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NyfS9ii7a09V_-xKfted2ZpCkyY.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43350
IP address blocks:        84.32.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a2:44:c7:c7:40:0a:47:42:c9:63:55:76:21:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3727d2f628bb6b4f55ffec4a7ed79dd99a429326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:0c:58:4e:6a:28:79:7f:d4:e0:7c:06:3f:
                    28:5a:ca:c4:dd:1e:14:ba:a6:3c:2e:b3:ad:df:3e:
                    c9:b8:cc:c0:20:78:a8:de:40:bc:3f:d0:92:3f:cb:
                    d3:19:a5:32:b2:ef:a2:0f:4a:f3:f5:c2:c6:96:fd:
                    bf:3c:68:d5:5f:88:67:84:43:3a:dc:b5:5e:c5:f0:
                    ac:9e:36:a5:94:fa:ac:29:7c:7c:e5:4a:fb:8a:5d:
                    02:f5:99:0d:dd:08:db:9e:6f:8d:b1:82:7d:f6:dc:
                    11:75:e4:5d:01:2b:e8:c8:c3:9e:8a:b8:c4:33:3c:
                    a1:8e:a5:ba:e2:c0:47:20:42:73:5a:05:a5:ca:f9:
                    8e:38:2b:e1:85:8f:4d:fb:f7:67:63:87:78:4b:3e:
                    0d:0f:bd:9f:44:e4:18:99:59:00:01:93:a1:1c:79:
                    09:b3:bd:f1:06:e0:10:a6:2d:8c:ce:a9:44:a1:ea:
                    84:ce:59:9e:fd:68:52:b1:b5:50:1d:aa:1c:a2:a7:
                    25:93:89:3d:bf:18:43:c5:a4:05:56:e0:fa:bd:f6:
                    38:5a:5f:5e:a3:8f:90:47:25:14:ab:7e:b0:72:74:
                    40:9e:ae:28:d5:e4:70:77:04:90:15:20:4e:6f:26:
                    03:1a:6f:96:f4:58:c8:f0:d1:b5:77:de:0e:df:cb:
                    a5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:27:D2:F6:28:BB:6B:4F:55:FF:EC:4A:7E:D7:9D:D9:9A:42:93:26
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NyfS9ii7a09V_-xKfted2ZpCkyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:af:a5:10:e1:af:14:b4:f8:90:31:a9:0c:ea:db:c9:8f:c4:
         0a:36:a3:5f:4f:06:e1:f1:c2:5b:18:32:df:45:79:65:e2:af:
         a7:90:cc:08:c2:52:8f:c6:1f:b5:56:63:17:1b:e4:c1:2c:20:
         5d:98:d1:6f:d3:da:e4:88:ab:68:16:15:a6:18:da:53:99:96:
         13:90:9d:cf:10:e3:39:26:59:8e:74:72:29:8e:66:78:e6:2a:
         c7:4a:7f:52:08:85:7b:9f:85:bd:cb:cf:43:4f:62:5f:94:0f:
         01:5a:45:23:84:57:4b:ca:d8:09:7d:fd:00:f5:5d:9b:60:15:
         6f:7d:3d:0c:c6:4d:d4:9a:96:2d:45:a2:9a:c8:9b:14:e1:0d:
         6f:7e:17:1f:88:c8:54:77:75:36:bc:13:0c:cb:68:2d:6f:8d:
         6f:09:1b:de:1f:77:d0:56:0c:35:9a:8e:39:91:8f:9e:a8:7a:
         e5:1c:3d:b8:5f:c3:45:05:81:6d:d1:2b:32:c1:22:09:1b:1c:
         86:9c:cc:af:f8:f0:9f:c9:68:45:e0:e1:00:a2:a3:9b:fb:53:
         9d:73:bb:61:16:96:a3:f5:9d:0a:56:5b:a0:12:9e:e3:99:5b:
         06:b6:06:f8:48:87:7f:09:ce:57:84:fa:0a:57:9c:96:5e:96:
         11:9e:1f:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKJEx8dACkdCyWNVdiFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI3ZDJmNjI4YmI2YjRmNTVmZmVjNGE3ZWQ3OWRkOTlhNDI5MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyYMWE5qKHl/1OB8Bj8oWsrE3R4U
uqY8LrOt3z7JuMzAIHio3kC8P9CSP8vTGaUysu+iD0rz9cLGlv2/PGjVX4hnhEM6
3LVexfCsnjallPqsKXx85Ur7il0C9ZkN3Qjbnm+NsYJ99twRdeRdASvoyMOeirjE
MzyhjqW64sBHIEJzWgWlyvmOOCvhhY9N+/dnY4d4Sz4ND72fROQYmVkAAZOhHHkJ
s73xBuAQpi2MzqlEoeqEzlme/WhSsbVQHaocoqclk4k9vxhDxaQFVuD6vfY4Wl9e
o4+QRyUUq36wcnRAnq4o1eRwdwSQFSBObyYDGm+W9FjI8NG1d94O38ul/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcn0vYou2tPVf/sSn7XndmaQpMmMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTnlmUzlpaTdhMDlWXy14S2Z0ZWQyWnBDa3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAKMA0G
CSqGSIb3DQEBCwUAA4IBAQARr6UQ4a8UtPiQMakM6tvJj8QKNqNfTwbh8cJbGDLf
RXll4q+nkMwIwlKPxh+1VmMXG+TBLCBdmNFv09rkiKtoFhWmGNpTmZYTkJ3PEOM5
JlmOdHIpjmZ45irHSn9SCIV7n4W9y89DT2JflA8BWkUjhFdLytgJff0A9V2bYBVv
fT0Mxk3UmpYtRaKayJsU4Q1vfhcfiMhUd3U2vBMMy2gtb41vCRveH3fQVgw1mo45
kY+eqHrlHD24X8NFBYFt0SsywSIJGxyGnMyv+PCfyWhF4OEAoqOb+1Odc7thFpaj
9Z0KVlugEp7jmVsGtgb4SId/Cc5XhPoKV5yWXpYRnh88
-----END CERTIFICATE-----