This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/NCC353pQrNx8eGiSxSQfU2T_0X8.roa
File:                     NCC353pQrNx8eGiSxSQfU2T_0X8.roa (raw, json)
Hash identifier:          x5reXqO96nT5gM2bNozGLs+YENzOaeTSR3ek69LYolg=
Subject key identifier:   34:20:B7:E7:7A:50:AC:DC:7C:78:68:92:C5:24:1F:53:64:FF:D1:7F
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019B7EA61ADDED21D9DF5458A3E92A1C1C67
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/NCC353pQrNx8eGiSxSQfU2T_0X8.roa
Signing time:             Fri 02 Jan 2026 12:19:33 +0000
ROA not before:           Fri 02 Jan 2026 12:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203615
IP address blocks:        152.53.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:1a:dd:ed:21:d9:df:54:58:a3:e9:2a:1c:1c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Jan  2 12:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3420b7e77a50acdc7c786892c5241f5364ffd17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:28:cc:58:d6:66:63:ee:f0:6a:1f:bf:f6:3e:
                    6c:98:84:ef:a8:3f:e6:12:dd:93:aa:2f:8e:4b:b5:
                    c4:41:9e:29:8e:89:83:05:c2:63:84:92:7f:eb:70:
                    20:51:7b:33:ce:c6:fc:4e:2c:52:03:cc:dc:17:b4:
                    3e:f4:4e:5c:48:9f:4f:83:ec:a4:71:c3:ca:34:66:
                    4a:6c:49:76:bc:c3:d2:67:dc:0a:fe:12:ca:bf:5e:
                    4d:9f:76:18:d1:7e:3a:24:09:26:5c:bd:ab:38:ca:
                    41:ee:5d:f4:74:a1:f8:d3:49:9d:74:df:c1:3e:cb:
                    44:57:95:ea:1e:72:0d:ab:a3:c2:7e:f1:57:84:e0:
                    55:fd:3f:eb:89:ab:65:62:aa:ce:62:b0:7b:d8:0a:
                    26:ca:48:ff:06:1c:66:fb:66:d1:b3:27:0b:b2:ca:
                    4c:bd:c4:74:fc:46:18:1e:17:05:2a:f8:58:2a:ab:
                    0c:b0:ed:44:28:29:25:09:4b:2f:f0:da:4f:0e:21:
                    6c:59:d8:95:f6:41:6e:37:b9:71:a0:eb:75:d1:b1:
                    06:43:4b:33:02:4d:23:ef:12:59:a8:2e:3b:28:dd:
                    74:18:ba:ef:c8:27:28:b7:d0:ef:7b:50:38:f4:47:
                    22:a7:bf:ef:3c:00:ce:61:b2:00:13:73:d9:2a:1e:
                    a7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:20:B7:E7:7A:50:AC:DC:7C:78:68:92:C5:24:1F:53:64:FF:D1:7F
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/NCC353pQrNx8eGiSxSQfU2T_0X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:32:67:a5:ef:51:3f:4a:7d:54:2a:0e:2a:ba:fb:23:c4:5a:
         63:cc:ac:74:d7:04:19:61:0c:9c:6e:a2:e6:16:75:e1:4c:59:
         d3:21:9a:d2:61:d4:e2:d9:10:02:97:6f:52:42:6e:c6:54:60:
         31:99:7c:d0:8a:41:ff:7f:4b:3c:16:cd:42:e6:79:de:0b:ed:
         65:0e:dc:b7:6e:ba:12:75:4b:e8:3f:80:f2:39:f3:59:eb:9c:
         5f:3b:fc:09:bb:12:1e:5c:5e:12:04:67:8b:93:e2:55:d7:60:
         f4:66:0b:21:fa:f6:1a:45:d2:8c:20:6e:57:19:52:2f:b0:a2:
         ba:b4:c7:4f:14:98:d4:81:1a:e4:f3:0b:26:0b:b7:e8:82:b4:
         27:5d:d4:42:3c:d1:75:16:bc:0d:a8:7b:6d:59:59:b3:32:c2:
         39:8c:fc:08:04:71:d4:d5:49:2f:85:9e:41:78:67:9c:95:26:
         b8:e7:0f:ce:db:61:1e:5b:a1:74:00:25:ca:96:ca:8c:0c:1d:
         9e:ad:93:25:aa:99:45:1b:5b:1e:ed:b3:e8:ff:94:73:a7:06:
         f6:c4:5d:64:ea:15:fc:4e:db:90:24:19:d9:fa:27:e1:3b:b6:
         2f:ee:30:7b:66:f8:60:6d:4a:7d:2f:f9:25:73:68:72:4b:fd:
         cc:8f:34:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+phrd7SHZ31RYo+kqHBxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjYwMTAyMTIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIwYjdlNzdhNTBhY2RjN2M3ODY4OTJjNTI0MWY1MzY0ZmZkMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyjMWNZmY+7wah+/9j5smITvqD/m
Et2Tqi+OS7XEQZ4pjomDBcJjhJJ/63AgUXszzsb8TixSA8zcF7Q+9E5cSJ9Pg+yk
ccPKNGZKbEl2vMPSZ9wK/hLKv15Nn3YY0X46JAkmXL2rOMpB7l30dKH400mddN/B
PstEV5XqHnINq6PCfvFXhOBV/T/riatlYqrOYrB72Aomykj/Bhxm+2bRsycLsspM
vcR0/EYYHhcFKvhYKqsMsO1EKCklCUsv8NpPDiFsWdiV9kFuN7lxoOt10bEGQ0sz
Ak0j7xJZqC47KN10GLrvyCcot9Dve1A49Ecip7/vPADOYbIAE3PZKh6noQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQgt+d6UKzcfHhoksUkH1Nk/9F/MB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvTkNDMzUzcFFyTng4ZUdpU3hTUWZVMlRfMFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmDXoMA0G
CSqGSIb3DQEBCwUAA4IBAQAFMmel71E/Sn1UKg4quvsjxFpjzKx01wQZYQycbqLm
FnXhTFnTIZrSYdTi2RACl29SQm7GVGAxmXzQikH/f0s8Fs1C5nneC+1lDty3broS
dUvoP4DyOfNZ65xfO/wJuxIeXF4SBGeLk+JV12D0Zgsh+vYaRdKMIG5XGVIvsKK6
tMdPFJjUgRrk8wsmC7fogrQnXdRCPNF1FrwNqHttWVmzMsI5jPwIBHHU1UkvhZ5B
eGeclSa45w/O22EeW6F0ACXKlsqMDB2erZMlqplFG1se7bPo/5Rzpwb2xF1k6hX8
TtuQJBnZ+ifhO7Yv7jB7ZvhgbUp9L/klc2hyS/3MjzTV
-----END CERTIFICATE-----