This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NKi8EFj95NnAgI8qhIqHx4v_p0k.roa
File:                     NKi8EFj95NnAgI8qhIqHx4v_p0k.roa (raw, json)
Hash identifier:          v4iB7I1IvW82qSzm++2GYfTqQrFsoZo9jtLfh4qd91k=
Subject key identifier:   34:A8:BC:10:58:FD:E4:D9:C0:80:8F:2A:84:8A:87:C7:8B:FF:A7:49
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019B797DE7F6D27A5054AA21A9281A98AF79
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NKi8EFj95NnAgI8qhIqHx4v_p0k.roa
Signing time:             Thu 01 Jan 2026 12:17:33 +0000
ROA not before:           Thu 01 Jan 2026 12:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36666
IP address blocks:        185.141.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:e7:f6:d2:7a:50:54:aa:21:a9:28:1a:98:af:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 12:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34a8bc1058fde4d9c0808f2a848a87c78bffa749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4c:8c:8d:55:f8:f6:d6:cc:cf:b8:10:eb:ff:
                    d3:ae:77:c3:cd:18:df:93:86:67:5d:8e:47:ba:74:
                    59:42:ab:38:94:18:ef:e3:db:b4:52:50:dc:40:7b:
                    30:38:0b:4c:d3:b2:d5:ea:07:3a:78:fd:a5:be:8b:
                    a3:04:5d:89:1f:91:bd:e9:2f:78:52:4d:79:e9:e9:
                    67:48:c9:fa:09:f7:6f:9b:12:f8:33:3f:26:fa:9e:
                    d3:f6:23:0e:f8:19:c1:cd:b4:05:90:91:a5:32:0f:
                    49:47:14:c7:ce:2c:0f:4e:f2:9a:8e:89:ee:5d:5a:
                    5b:b0:0a:d0:e8:e4:c2:1a:4a:ab:d6:75:6f:39:f7:
                    93:32:56:f4:a4:37:68:a0:ee:86:96:c9:8c:8e:91:
                    1c:16:80:ae:28:21:58:88:d3:ef:3a:82:20:fe:fb:
                    16:31:cd:14:34:90:2a:4f:50:f6:82:86:f3:e5:4a:
                    da:2e:13:70:52:5b:8a:05:c9:41:df:1f:90:18:7b:
                    e3:ca:35:33:0e:0b:92:96:d5:dd:e1:3e:18:ea:a0:
                    51:55:73:7a:42:b7:35:8e:52:5e:50:ed:c5:78:cb:
                    5c:9d:94:94:ad:c4:10:19:0e:df:45:6d:fb:70:a1:
                    f6:17:ea:ce:cf:f6:6b:1e:64:0f:3e:c8:51:63:36:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A8:BC:10:58:FD:E4:D9:C0:80:8F:2A:84:8A:87:C7:8B:FF:A7:49
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/NKi8EFj95NnAgI8qhIqHx4v_p0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:74:87:10:da:ad:cf:ea:f8:6f:fa:77:8d:06:7e:f5:85:83:
         ea:b5:74:87:03:cd:fc:49:ae:0a:89:0b:9a:49:85:86:89:c4:
         b9:9b:55:89:8b:9e:c2:68:03:5e:43:5a:90:2a:8f:87:1b:74:
         c5:ff:d1:83:50:59:83:72:4c:8d:69:2c:07:33:d3:15:0a:66:
         87:e4:61:b2:e1:06:d9:3d:21:19:49:c4:ef:b5:cd:2e:52:1e:
         79:22:9c:14:a6:63:1b:ad:b5:09:11:f7:9f:45:01:f8:80:3c:
         58:09:2a:b4:25:7d:4c:5a:f1:04:0a:24:7e:43:05:e0:41:20:
         5e:80:56:fe:1a:9a:bc:b4:7d:d4:80:57:a2:12:22:26:d6:e5:
         8d:70:dd:f1:fa:91:27:85:d8:9d:37:bc:e1:8e:5b:34:f9:50:
         98:17:8c:2e:df:a8:2f:3f:3b:8c:49:1f:56:3e:41:27:57:6a:
         00:0d:8a:e9:bb:16:c1:26:64:c9:68:b4:7b:68:a7:e9:b0:30:
         b0:bd:67:e6:01:a0:9f:a4:3b:9a:68:42:ab:f8:bc:e0:a0:ca:
         93:15:fc:1c:e6:39:31:d5:a7:3f:6b:15:63:63:39:7a:e5:f3:
         c4:16:34:c9:24:75:1a:5c:8e:88:64:64:26:89:91:75:77:7f:
         64:7d:0c:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fef20npQVKohqSgamK95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMTAxMTIxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE4YmMxMDU4ZmRlNGQ5YzA4MDhmMmE4NDhhODdjNzhiZmZhNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUyMjVX49tbMz7gQ6//TrnfDzRjf
k4ZnXY5HunRZQqs4lBjv49u0UlDcQHswOAtM07LV6gc6eP2lvoujBF2JH5G96S94
Uk156elnSMn6CfdvmxL4Mz8m+p7T9iMO+BnBzbQFkJGlMg9JRxTHziwPTvKajonu
XVpbsArQ6OTCGkqr1nVvOfeTMlb0pDdooO6GlsmMjpEcFoCuKCFYiNPvOoIg/vsW
Mc0UNJAqT1D2gobz5UraLhNwUluKBclB3x+QGHvjyjUzDguSltXd4T4Y6qBRVXN6
Qrc1jlJeUO3FeMtcnZSUrcQQGQ7fRW37cKH2F+rOz/ZrHmQPPshRYzYZ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSovBBY/eTZwICPKoSKh8eL/6dJMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTktpOEVGajk1Tm5BZ0k4cWhJcUh4NHZfcDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY3aMA0G
CSqGSIb3DQEBCwUAA4IBAQCPdIcQ2q3P6vhv+neNBn71hYPqtXSHA838Sa4KiQua
SYWGicS5m1WJi57CaANeQ1qQKo+HG3TF/9GDUFmDckyNaSwHM9MVCmaH5GGy4QbZ
PSEZScTvtc0uUh55IpwUpmMbrbUJEfefRQH4gDxYCSq0JX1MWvEECiR+QwXgQSBe
gFb+Gpq8tH3UgFeiEiIm1uWNcN3x+pEnhdidN7zhjls0+VCYF4wu36gvPzuMSR9W
PkEnV2oADYrpuxbBJmTJaLR7aKfpsDCwvWfmAaCfpDuaaEKr+LzgoMqTFfwc5jkx
1ac/axVjYzl65fPEFjTJJHUaXI6IZGQmiZF1d39kfQxr
-----END CERTIFICATE-----