This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/NJmWkpvnLjr053EcyJcpZ7GQEJw.roa
File:                     NJmWkpvnLjr053EcyJcpZ7GQEJw.roa (raw, json)
Hash identifier:          ilBT0fgXRzjOih9KSBqxwvMO7zW6K4l2Ts8OXGa2cVo=
Subject key identifier:   34:99:96:92:9B:E7:2E:3A:F4:E7:71:1C:C8:97:29:67:B1:90:10:9C
Certificate issuer:       /CN=6ebcb57e2d5e40630e193bd5ceb16f1ef18743a3
Certificate serial:       019B7AC866CBAB240B3ED0F5560CB5F6CF34
Authority key identifier: 6E:BC:B5:7E:2D:5E:40:63:0E:19:3B:D5:CE:B1:6F:1E:F1:87:43:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/NJmWkpvnLjr053EcyJcpZ7GQEJw.roa
Signing time:             Thu 01 Jan 2026 18:18:32 +0000
ROA not before:           Thu 01 Jan 2026 18:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203609
IP address blocks:        185.129.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:66:cb:ab:24:0b:3e:d0:f5:56:0c:b5:f6:cf:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ebcb57e2d5e40630e193bd5ceb16f1ef18743a3
        Validity
            Not Before: Jan  1 18:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=349996929be72e3af4e7711cc8972967b190109c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8b:f0:f3:3f:6b:17:52:cb:b4:15:2c:14:28:
                    3a:3f:d4:78:7b:a0:3c:8c:34:ec:69:bd:01:e1:70:
                    c8:ba:13:75:6c:21:30:07:f3:4c:d1:bf:e1:32:bc:
                    8f:2f:1a:e3:8e:d7:0c:45:69:c3:0e:fd:40:88:2f:
                    1f:47:75:3c:8b:fc:dc:73:ea:e8:61:c9:eb:a3:80:
                    a7:af:93:dc:a6:c5:21:bd:c5:80:a8:84:2a:77:19:
                    4c:7d:1b:b5:82:56:21:1d:aa:20:9b:03:1f:50:db:
                    68:6a:99:a5:eb:0d:ba:f9:72:12:88:f8:fc:78:8b:
                    bb:3c:8b:ed:c8:8b:1c:a5:e3:5e:8c:90:56:ee:99:
                    3a:ab:03:69:36:0b:82:2f:4e:23:f8:da:60:71:9e:
                    51:a6:eb:72:e5:3c:e6:5e:6e:ad:e4:9b:ba:53:75:
                    6d:0f:bc:90:c9:b5:f1:51:57:12:70:06:8c:c3:98:
                    a4:81:da:25:1d:fa:e3:ba:93:82:37:fd:c4:8b:c9:
                    c9:92:e6:da:e4:d6:5a:f2:ac:d8:31:2d:c9:5d:e8:
                    d6:cf:6f:d1:59:ed:c3:71:33:f0:85:b9:df:9d:d5:
                    91:b0:36:bc:85:8b:be:7c:82:8d:ba:c5:0b:c7:3d:
                    f6:cd:c2:cb:1c:8b:79:38:bc:93:ee:7a:d2:8a:1f:
                    49:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:99:96:92:9B:E7:2E:3A:F4:E7:71:1C:C8:97:29:67:B1:90:10:9C
            X509v3 Authority Key Identifier:
                keyid:6E:BC:B5:7E:2D:5E:40:63:0E:19:3B:D5:CE:B1:6F:1E:F1:87:43:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/NJmWkpvnLjr053EcyJcpZ7GQEJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:ee:7a:64:81:d8:a9:1d:f8:ed:23:05:14:5e:62:52:2d:3d:
         4c:87:84:c8:21:07:e7:13:94:6d:14:63:75:d3:cb:51:52:c2:
         27:ef:23:60:02:00:a5:5c:7b:e0:91:33:9e:64:0b:a8:e0:ac:
         4a:a2:92:03:e0:29:7c:4b:83:0d:0f:fa:98:47:cc:d2:fc:f9:
         80:7e:58:46:6c:9e:97:fe:5d:00:ed:aa:41:63:47:68:52:67:
         29:f4:23:9f:b7:fb:5e:c1:66:63:ad:78:69:14:a5:69:95:e3:
         05:dd:6f:5d:3b:1e:8b:60:37:34:4d:d8:0f:5d:00:23:63:6d:
         79:23:7a:e1:00:14:10:3c:a2:10:fc:8c:91:9a:16:3c:72:a6:
         db:3d:4b:84:ae:c7:94:94:85:05:e7:05:63:c8:84:bf:37:fa:
         e6:8e:f2:12:c3:73:0d:5f:be:eb:45:20:fc:4c:60:7e:06:8f:
         39:cb:4c:de:24:36:15:78:89:cb:c5:6c:9b:32:ec:92:83:0a:
         a1:14:1b:d1:66:ce:d7:0b:1e:67:19:4f:8a:26:de:84:dd:9a:
         10:62:b2:e7:d6:26:2a:af:d8:88:1d:e7:d3:5b:09:47:f4:24:
         58:e3:08:38:57:d6:68:6a:70:01:1e:cd:fd:38:6b:58:32:8e:
         0e:ad:70:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yGbLqyQLPtD1Vgy19s80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYmNiNTdlMmQ1ZTQwNjMwZTE5M2JkNWNlYjE2ZjFlZjE4
NzQzYTMwHhcNMjYwMTAxMTgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk5OTY5MjliZTcyZTNhZjRlNzcxMWNjODk3Mjk2N2IxOTAxMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYvw8z9rF1LLtBUsFCg6P9R4e6A8
jDTsab0B4XDIuhN1bCEwB/NM0b/hMryPLxrjjtcMRWnDDv1AiC8fR3U8i/zcc+ro
Ycnro4Cnr5PcpsUhvcWAqIQqdxlMfRu1glYhHaogmwMfUNtoapml6w26+XISiPj8
eIu7PIvtyIscpeNejJBW7pk6qwNpNguCL04j+NpgcZ5Rputy5TzmXm6t5Ju6U3Vt
D7yQybXxUVcScAaMw5ikgdolHfrjupOCN/3Ei8nJkuba5NZa8qzYMS3JXejWz2/R
We3DcTPwhbnfndWRsDa8hYu+fIKNusULxz32zcLLHIt5OLyT7nrSih9JoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSZlpKb5y469OdxHMiXKWexkBCcMB8GA1UdIwQY
MBaAFG68tX4tXkBjDhk71c6xbx7xh0OjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJ5MWZpMWVRR01PR1R2VnpyRnZIdkdIUTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNDVmYTEtNDI5ZC00ZWFmLWIyNzgt
OWFkMThiYTFhM2Q5LzEvTkptV2twdm5ManIwNTNFY3lKY3BaN0dRRUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNDVmYTEtNDI5ZC00ZWFmLWIyNzgtOWFkMThiYTFhM2Q5
LzEvYnJ5MWZpMWVRR01PR1R2VnpyRnZIdkdIUTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYGYMA0G
CSqGSIb3DQEBCwUAA4IBAQAU7npkgdipHfjtIwUUXmJSLT1Mh4TIIQfnE5RtFGN1
08tRUsIn7yNgAgClXHvgkTOeZAuo4KxKopID4Cl8S4MND/qYR8zS/PmAflhGbJ6X
/l0A7apBY0doUmcp9COft/tewWZjrXhpFKVpleMF3W9dOx6LYDc0TdgPXQAjY215
I3rhABQQPKIQ/IyRmhY8cqbbPUuErseUlIUF5wVjyIS/N/rmjvISw3MNX77rRSD8
TGB+Bo85y0zeJDYVeInLxWybMuySgwqhFBvRZs7XCx5nGU+KJt6E3ZoQYrLn1iYq
r9iIHefTWwlH9CRY4wg4V9ZoanABHs39OGtYMo4OrXA3
-----END CERTIFICATE-----