This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ncwoVoCxC9TBspoAa1Q3O6T37Mo.roa
File:                     ncwoVoCxC9TBspoAa1Q3O6T37Mo.roa (raw, json)
Hash identifier:          2/N/wfJNZdK6f8IlWPT9bUPOVhokXOX/IjyDqUo0eAg=
Subject key identifier:   9D:CC:28:56:80:B1:0B:D4:C1:B2:9A:00:6B:54:37:3B:A4:F7:EC:CA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6AAB48544738ECFA741B9E145BDEF
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ncwoVoCxC9TBspoAa1Q3O6T37Mo.roa
Signing time:             Thu 01 Jan 2026 04:17:47 +0000
ROA not before:           Thu 01 Jan 2026 04:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203481
IP address blocks:        46.8.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:aa:b4:85:44:73:8e:cf:a7:41:b9:e1:45:bd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dcc285680b10bd4c1b29a006b54373ba4f7ecca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b4:c1:2c:39:c5:51:60:27:a0:d7:cf:dd:e9:
                    e4:aa:47:09:a1:1a:7b:53:d2:3f:d8:e9:89:b9:f9:
                    4f:59:70:c1:e7:a6:e7:3c:da:f7:1e:ed:60:37:a1:
                    86:10:e3:d4:d4:06:86:a1:55:88:3c:20:d9:72:b2:
                    38:f7:34:2a:b6:2e:ee:13:09:46:6b:c0:a7:60:86:
                    86:f8:d6:4c:c6:91:8b:65:03:04:27:96:4a:fc:0a:
                    4b:e0:03:a4:ee:d9:76:25:1a:bf:41:32:a5:13:87:
                    3d:74:e8:25:3c:a9:27:05:fa:f3:c8:b6:98:4e:68:
                    a4:96:f4:fc:01:65:64:32:d4:cc:5f:e5:fb:3d:e9:
                    55:4a:e1:af:d4:25:6a:e7:81:63:be:dc:b8:7b:82:
                    83:0c:b7:98:ed:1b:46:68:1b:c5:8d:e4:8b:e0:07:
                    ab:20:dd:cd:9d:9f:52:a6:33:77:e5:74:0b:09:8d:
                    e2:78:c5:3a:19:37:1c:1e:78:10:ac:de:7a:ca:70:
                    9c:a6:18:f8:fa:28:5f:64:9c:fd:63:8b:b6:3d:e6:
                    c7:30:b0:35:a2:f2:9e:f7:d7:9d:e6:3d:a5:22:e5:
                    8d:ba:a8:a7:8f:ca:f3:c5:0d:75:49:6e:f9:3e:3e:
                    d1:e8:c5:69:2b:9a:cb:75:81:44:10:c6:1b:ae:8f:
                    d4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:CC:28:56:80:B1:0B:D4:C1:B2:9A:00:6B:54:37:3B:A4:F7:EC:CA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ncwoVoCxC9TBspoAa1Q3O6T37Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:c4:6e:a6:e2:da:1a:5f:67:24:92:be:38:5f:da:be:43:8c:
         6d:7d:d5:52:fe:20:0a:55:19:c9:6b:da:73:5b:56:61:e8:e3:
         46:b4:e6:74:63:0d:08:91:7c:98:0b:9d:71:95:3a:be:c9:bb:
         f4:48:99:24:56:8a:3c:cc:a1:e2:46:15:b9:a8:95:d0:ee:21:
         8e:31:36:ee:52:82:f0:a3:de:4f:1d:3f:61:af:ec:be:f7:92:
         d7:ca:09:41:8a:71:3a:8b:e5:f5:e1:cb:07:9c:ce:d7:e8:54:
         d8:df:02:0b:40:31:d6:f7:74:15:ad:b0:63:08:b8:73:3a:15:
         4a:a3:32:af:4a:c0:50:9b:fb:78:c9:96:fd:4a:b2:81:30:04:
         aa:0e:59:3c:50:a7:04:db:ce:0a:8b:56:4f:f9:38:bd:9f:22:
         f2:92:75:ad:61:2a:eb:38:ff:e3:5c:1b:9b:42:6f:ec:6d:27:
         f4:25:0b:08:38:a1:ec:27:6a:3e:65:c5:ed:2d:79:77:2a:ba:
         71:f8:33:80:ed:81:c8:ef:af:35:7d:68:2a:59:f7:a5:86:31:
         dc:76:1d:89:53:07:f1:b8:6f:21:aa:f9:46:da:ee:b3:5e:63:
         9d:b5:30:fe:46:08:8b:00:a6:8d:ab:c2:7b:e7:2b:64:bf:05:
         b3:69:be:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqq0hURzjs+nQbnhRb3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGNjMjg1NjgwYjEwYmQ0YzFiMjlhMDA2YjU0MzczYmE0ZjdlY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbTBLDnFUWAnoNfP3enkqkcJoRp7
U9I/2OmJuflPWXDB56bnPNr3Hu1gN6GGEOPU1AaGoVWIPCDZcrI49zQqti7uEwlG
a8CnYIaG+NZMxpGLZQMEJ5ZK/ApL4AOk7tl2JRq/QTKlE4c9dOglPKknBfrzyLaY
TmiklvT8AWVkMtTMX+X7PelVSuGv1CVq54Fjvty4e4KDDLeY7RtGaBvFjeSL4Aer
IN3NnZ9SpjN35XQLCY3ieMU6GTccHngQrN56ynCcphj4+ihfZJz9Y4u2PebHMLA1
ovKe99ed5j2lIuWNuqinj8rzxQ11SW75Pj7R6MVpK5rLdYFEEMYbro/UUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3MKFaAsQvUwbKaAGtUNzuk9+zKMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbmN3b1ZvQ3hDOVRCc3BvQWExUTNPNlQzN01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgj8MA0G
CSqGSIb3DQEBCwUAA4IBAQAlxG6m4toaX2ckkr44X9q+Q4xtfdVS/iAKVRnJa9pz
W1Zh6ONGtOZ0Yw0IkXyYC51xlTq+ybv0SJkkVoo8zKHiRhW5qJXQ7iGOMTbuUoLw
o95PHT9hr+y+95LXyglBinE6i+X14csHnM7X6FTY3wILQDHW93QVrbBjCLhzOhVK
ozKvSsBQm/t4yZb9SrKBMASqDlk8UKcE284Ki1ZP+Ti9nyLyknWtYSrrOP/jXBub
Qm/sbSf0JQsIOKHsJ2o+ZcXtLXl3Krpx+DOA7YHI7681fWgqWfelhjHcdh2JUwfx
uG8hqvlG2u6zXmOdtTD+RgiLAKaNq8J75ytkvwWzab5c
-----END CERTIFICATE-----