This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/N4IzrH0qD40Woupyn9pXT2Z1eMg.roa
File:                     N4IzrH0qD40Woupyn9pXT2Z1eMg.roa (raw, json)
Hash identifier:          Day6JScG9JRnBC85UOxG3a1DX4Ksh0LMtFWjdlB6gU0=
Subject key identifier:   37:82:33:AC:7D:2A:0F:8D:16:A2:EA:72:9F:DA:57:4F:66:75:78:C8
Certificate issuer:       /CN=1f0565865a533402c2f4343fe1af541a006d9d6e
Certificate serial:       019B7CEE3CDF43EADDB043C19AC5185A0ECB
Authority key identifier: 1F:05:65:86:5A:53:34:02:C2:F4:34:3F:E1:AF:54:1A:00:6D:9D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/N4IzrH0qD40Woupyn9pXT2Z1eMg.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.190.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3c:df:43:ea:dd:b0:43:c1:9a:c5:18:5a:0e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f0565865a533402c2f4343fe1af541a006d9d6e
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=378233ac7d2a0f8d16a2ea729fda574f667578c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2c:64:dd:e3:3b:35:8f:cf:24:7b:0a:11:7e:
                    70:bb:ac:09:d6:b9:19:3a:a1:8e:6f:dd:74:a8:d5:
                    c1:c5:56:b7:06:aa:36:d5:8a:62:35:4f:f0:5b:a2:
                    bf:d3:89:39:bb:11:0c:e2:e5:96:a4:9c:21:ff:87:
                    66:6f:4f:f3:2a:18:52:1d:ee:28:ca:25:02:67:45:
                    9f:07:64:a1:e4:a8:22:5b:01:c0:7e:d4:db:d1:44:
                    28:f7:a8:86:6d:d3:61:62:19:3d:47:47:91:a8:a5:
                    17:9a:f1:87:b6:59:77:e3:d6:ef:fa:0c:ac:6d:c4:
                    f9:fc:99:b6:94:c3:22:77:bb:08:79:06:db:f3:d7:
                    1e:66:2b:32:ea:e0:c0:3b:b2:2d:6b:de:8e:71:96:
                    40:eb:f2:23:e9:a0:04:f8:85:ef:06:27:54:97:0a:
                    77:47:3a:62:bb:0a:47:ce:4d:e2:bb:a4:c1:7a:f8:
                    21:78:29:8f:fd:04:1f:c4:bf:cc:18:eb:5d:c9:dd:
                    28:fb:19:35:b6:a0:cb:d9:20:70:39:de:46:eb:35:
                    3e:08:86:87:99:5b:8b:a8:2f:96:61:fc:aa:4e:8b:
                    54:8b:80:97:96:18:b4:52:ba:be:46:dd:06:9b:18:
                    1e:15:80:2a:78:6f:62:a1:e4:98:b1:02:aa:17:73:
                    1b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:82:33:AC:7D:2A:0F:8D:16:A2:EA:72:9F:DA:57:4F:66:75:78:C8
            X509v3 Authority Key Identifier:
                keyid:1F:05:65:86:5A:53:34:02:C2:F4:34:3F:E1:AF:54:1A:00:6D:9D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/N4IzrH0qD40Woupyn9pXT2Z1eMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:b1:d5:41:98:11:46:89:d3:19:78:2b:a8:3c:49:58:08:97:
         63:10:56:b5:a5:ea:56:86:40:f6:49:20:5a:9f:14:56:ab:82:
         08:16:6a:96:29:0f:6a:e1:57:70:63:57:4c:80:5c:4e:4f:80:
         4a:e8:d2:6d:8d:97:e8:d6:f5:bc:c1:3c:88:cc:a7:cc:af:81:
         ca:71:a3:21:06:ae:e3:1b:8b:47:ed:55:d5:c7:69:fd:d0:1a:
         2b:22:76:ff:a2:5a:c9:6a:d0:ef:d6:2a:a8:f4:59:cf:2c:1e:
         83:e0:16:30:90:a3:62:c2:37:22:5c:4a:54:55:99:5c:29:47:
         d6:83:27:0b:a1:e2:75:27:24:ef:e9:23:94:ce:76:34:b1:2e:
         87:25:67:d3:b0:80:87:6e:34:69:e3:77:65:2e:33:70:fa:27:
         d4:c9:36:71:83:a6:df:40:d3:80:b1:82:f7:b4:6e:16:26:9e:
         bf:f5:38:69:a5:e8:61:99:f5:ed:c9:02:1a:d1:c4:76:1c:0c:
         67:57:c2:b2:21:34:ba:1b:4f:3b:b9:5e:f5:20:7e:c6:e6:b8:
         2e:52:71:db:3e:18:2b:72:fd:2b:0c:30:f8:73:27:d6:ff:ed:
         d4:e5:37:da:3e:a6:bb:35:8a:c3:2c:63:b9:54:fa:82:65:73:
         63:01:67:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87jzfQ+rdsEPBmsUYWg7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMDU2NTg2NWE1MzM0MDJjMmY0MzQzZmUxYWY1NDFhMDA2
ZDlkNmUwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgyMzNhYzdkMmEwZjhkMTZhMmVhNzI5ZmRhNTc0ZjY2NzU3OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCxk3eM7NY/PJHsKEX5wu6wJ1rkZ
OqGOb910qNXBxVa3Bqo21YpiNU/wW6K/04k5uxEM4uWWpJwh/4dmb0/zKhhSHe4o
yiUCZ0WfB2Sh5KgiWwHAftTb0UQo96iGbdNhYhk9R0eRqKUXmvGHtll349bv+gys
bcT5/Jm2lMMid7sIeQbb89ceZisy6uDAO7Ita96OcZZA6/Ij6aAE+IXvBidUlwp3
RzpiuwpHzk3iu6TBevgheCmP/QQfxL/MGOtdyd0o+xk1tqDL2SBwOd5G6zU+CIaH
mVuLqC+WYfyqTotUi4CXlhi0Urq+Rt0GmxgeFYAqeG9ioeSYsQKqF3MbvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeCM6x9Kg+NFqLqcp/aV09mdXjIMB8GA1UdIwQY
MBaAFB8FZYZaUzQCwvQ0P+GvVBoAbZ1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHdWbGhscFROQUxDOURRXzRhOVVHZ0J0blc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85ZmU0OWYtOWVkMC00ZGIzLTliZTUt
NWM2OTA0NDdiYTg5LzEvTjRJenJIMHFENDBXb3VweW45cFhUMloxZU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85ZmU0OWYtOWVkMC00ZGIzLTliZTUtNWM2OTA0NDdiYTg5
LzEvSHdWbGhscFROQUxDOURRXzRhOVVHZ0J0blc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub4lMA0G
CSqGSIb3DQEBCwUAA4IBAQBisdVBmBFGidMZeCuoPElYCJdjEFa1pepWhkD2SSBa
nxRWq4IIFmqWKQ9q4VdwY1dMgFxOT4BK6NJtjZfo1vW8wTyIzKfMr4HKcaMhBq7j
G4tH7VXVx2n90BorInb/olrJatDv1iqo9FnPLB6D4BYwkKNiwjciXEpUVZlcKUfW
gycLoeJ1JyTv6SOUznY0sS6HJWfTsICHbjRp43dlLjNw+ifUyTZxg6bfQNOAsYL3
tG4WJp6/9ThppehhmfXtyQIa0cR2HAxnV8KyITS6G087uV71IH7G5rguUnHbPhgr
cv0rDDD4cyfW/+3U5TfaPqa7NYrDLGO5VPqCZXNjAWcm
-----END CERTIFICATE-----