This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nUxiSrW0HupHZrInRmljt8wJZsk.roa
File:                     nUxiSrW0HupHZrInRmljt8wJZsk.roa (raw, json)
Hash identifier:          4xRnabcgwW/q/GTws1RRjOF8YDo7FXBsrSucwn3ZCFw=
Subject key identifier:   9D:4C:62:4A:B5:B4:1E:EA:47:66:B2:27:46:69:63:B7:CC:09:66:C9
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83A05411079A1882E6F0C391D579B6
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nUxiSrW0HupHZrInRmljt8wJZsk.roa
Signing time:             Fri 02 Jan 2026 16:21:31 +0000
ROA not before:           Fri 02 Jan 2026 16:21:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56676
IP address blocks:        37.230.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:a0:54:11:07:9a:18:82:e6:f0:c3:91:d5:79:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d4c624ab5b41eea4766b227466963b7cc0966c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:20:9c:c3:09:45:32:6f:cd:95:af:e6:b7:e1:
                    3e:bd:f1:1a:13:68:ba:fb:75:18:21:cb:82:c0:41:
                    2a:07:bb:36:fb:ea:04:db:c6:28:a5:df:70:63:5c:
                    47:c4:8e:df:05:7d:c9:88:f6:b8:f4:0b:0b:c0:8c:
                    e5:b5:3f:32:39:6e:37:dd:dd:63:4c:e7:b4:b2:5f:
                    1d:ba:69:18:73:cc:d9:90:e9:ac:74:94:46:5f:ee:
                    3c:e4:01:86:c6:43:37:30:67:e2:c1:ec:93:9b:d7:
                    d4:c6:fa:83:5f:df:bd:0e:b3:86:6d:a5:04:38:7e:
                    7b:a5:d8:42:d0:61:a6:cc:cf:f7:aa:48:44:ff:81:
                    19:de:91:ac:84:31:ac:f1:45:a4:e0:b2:39:45:d3:
                    e8:c3:5e:82:8e:7f:ef:ba:ef:31:df:09:4d:28:02:
                    a8:d6:b2:04:5d:95:98:96:39:9c:0f:89:8c:68:43:
                    e6:81:74:f8:28:d8:31:74:9f:39:8c:96:14:6f:d0:
                    89:fc:4f:02:6e:15:e6:8e:10:9d:e4:89:18:d6:22:
                    a9:fc:4f:01:1b:2e:13:29:63:d2:6e:eb:d9:ef:da:
                    fc:a3:0a:df:25:1e:c0:f5:c9:a1:c2:5c:02:c1:48:
                    17:57:b8:fb:04:84:6d:4e:a0:a9:6f:bb:ac:25:70:
                    85:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4C:62:4A:B5:B4:1E:EA:47:66:B2:27:46:69:63:B7:CC:09:66:C9
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nUxiSrW0HupHZrInRmljt8wJZsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:b9:1f:84:c7:bf:9f:99:43:4d:54:1a:94:59:ed:5c:f7:fe:
         7d:ea:b6:0d:66:63:da:c8:c1:0f:50:e9:7c:fc:84:54:bb:e4:
         1c:14:84:27:e1:09:23:c3:67:42:dc:48:f4:e4:bc:2a:68:00:
         ed:8a:8a:49:e0:2a:42:80:13:e6:5a:07:ce:c0:e5:bf:e0:58:
         f0:35:0a:f7:36:5a:28:fa:de:d3:12:3a:ce:e9:db:43:bc:00:
         3e:fd:e5:da:db:94:74:0e:f1:ca:d5:8f:7a:fe:3f:04:df:09:
         b9:1b:16:1e:f4:5c:19:46:f5:bc:69:ad:ea:29:35:19:20:10:
         e1:71:1b:2f:ca:c0:ca:fc:2d:73:84:a7:15:08:36:d2:ec:ab:
         40:25:a9:9b:7f:f1:0d:dc:a4:b8:bf:c1:15:ba:3d:a7:15:01:
         46:a8:a9:66:3c:b1:02:db:47:02:a9:6d:d4:54:70:c6:03:0f:
         38:52:f5:78:d1:2d:42:95:88:8b:fb:ca:9d:75:e0:02:22:43:
         5f:28:97:8a:b5:19:fe:15:49:5a:9d:85:70:18:0c:ea:9c:8e:
         74:3d:a5:09:5f:65:f9:6c:77:fd:79:3a:d3:4d:f7:2a:97:33:
         25:c9:c5:d7:76:9a:53:f7:7a:ac:10:b2:13:c2:5e:b4:13:95:
         6a:d1:e4:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6BUEQeaGILm8MOR1Xm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRjNjI0YWI1YjQxZWVhNDc2NmIyMjc0NjY5NjNiN2NjMDk2NmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SCcwwlFMm/Nla/mt+E+vfEaE2i6
+3UYIcuCwEEqB7s2++oE28Yopd9wY1xHxI7fBX3JiPa49AsLwIzltT8yOW433d1j
TOe0sl8dumkYc8zZkOmsdJRGX+485AGGxkM3MGfiweyTm9fUxvqDX9+9DrOGbaUE
OH57pdhC0GGmzM/3qkhE/4EZ3pGshDGs8UWk4LI5RdPow16Cjn/vuu8x3wlNKAKo
1rIEXZWYljmcD4mMaEPmgXT4KNgxdJ85jJYUb9CJ/E8CbhXmjhCd5IkY1iKp/E8B
Gy4TKWPSbuvZ79r8owrfJR7A9cmhwlwCwUgXV7j7BIRtTqCpb7usJXCFYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1MYkq1tB7qR2ayJ0ZpY7fMCWbJMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvblV4aVNyVzBIdXBIWnJJblJtbGp0OHdKWnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeaUMA0G
CSqGSIb3DQEBCwUAA4IBAQCQuR+Ex7+fmUNNVBqUWe1c9/596rYNZmPayMEPUOl8
/IRUu+QcFIQn4Qkjw2dC3Ej05LwqaADtiopJ4CpCgBPmWgfOwOW/4FjwNQr3Nloo
+t7TEjrO6dtDvAA+/eXa25R0DvHK1Y96/j8E3wm5GxYe9FwZRvW8aa3qKTUZIBDh
cRsvysDK/C1zhKcVCDbS7KtAJambf/EN3KS4v8EVuj2nFQFGqKlmPLEC20cCqW3U
VHDGAw84UvV40S1ClYiL+8qddeACIkNfKJeKtRn+FUlanYVwGAzqnI50PaUJX2X5
bHf9eTrTTfcqlzMlycXXdppT93qsELITwl60E5Vq0eQ3
-----END CERTIFICATE-----