This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nzMUAVQKBSQKWLEDFLc3Px50kWk.roa
File:                     nzMUAVQKBSQKWLEDFLc3Px50kWk.roa (raw, json)
Hash identifier:          h0eU4xyAdU7I9aoma5ajQ19LmOAa2m5WDL6ys+E30iw=
Subject key identifier:   9F:33:14:01:54:0A:05:24:0A:58:B1:03:14:B7:37:3F:1E:74:91:69
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AD2C89DB2C04DE63DD514D074256B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nzMUAVQKBSQKWLEDFLc3Px50kWk.roa
Signing time:             Thu 01 Jan 2026 16:18:51 +0000
ROA not before:           Thu 01 Jan 2026 16:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213751
IP address blocks:        109.176.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d2:c8:9d:b2:c0:4d:e6:3d:d5:14:d0:74:25:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f331401540a05240a58b10314b7373f1e749169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:f6:8b:e3:23:d4:27:57:a8:df:af:2a:ff:
                    65:ef:27:51:52:a5:ac:64:58:26:05:47:f8:f6:e9:
                    57:ba:6a:51:dc:a6:2c:c1:01:37:a6:32:e7:84:48:
                    52:c1:0f:c3:68:68:36:ef:30:5a:32:fe:53:a9:14:
                    ae:4f:19:ab:bb:89:34:64:a4:a4:62:91:dd:40:27:
                    fc:b4:49:91:09:17:00:f1:10:5b:05:d7:62:f5:d6:
                    e9:b5:fd:71:45:45:3b:70:26:f3:5e:95:a3:88:02:
                    af:f5:e5:e7:a2:97:45:ae:6b:8f:58:52:e8:55:6e:
                    52:84:12:91:40:e5:fb:5d:b3:9b:10:04:2b:80:44:
                    f3:12:dd:81:e1:db:f9:e9:b3:aa:8e:c0:bf:6f:2e:
                    2b:2b:39:38:6c:d8:2a:66:93:d7:eb:5d:13:2f:27:
                    0f:10:1c:64:64:4c:e5:75:88:3d:15:e3:b4:57:11:
                    d0:19:51:cb:23:cb:f4:71:7b:8c:d2:1c:21:df:1e:
                    0f:5a:c6:8e:4d:b1:05:d2:63:02:95:a6:4a:b0:11:
                    e4:c8:05:39:e9:a9:2d:dd:52:93:37:2d:d0:c4:eb:
                    1a:85:23:05:58:7a:0a:d0:50:d9:5a:43:36:09:60:
                    87:70:5f:2f:f4:95:e2:a8:05:90:47:bc:7d:2d:78:
                    93:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:33:14:01:54:0A:05:24:0A:58:B1:03:14:B7:37:3F:1E:74:91:69
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nzMUAVQKBSQKWLEDFLc3Px50kWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d5:06:4b:e5:16:22:bd:5b:f1:34:54:3d:fa:53:93:50:26:
         bb:7a:f9:e3:1a:22:5c:8f:e5:77:4f:9a:c4:ba:70:07:ff:7f:
         cc:78:c0:c4:70:c6:81:3d:9d:40:3b:a7:d2:8e:2f:e1:ad:94:
         2e:e6:2b:9f:9e:b1:46:25:5b:a8:3e:14:94:e4:a4:ac:01:ac:
         f2:f0:01:34:7d:5d:45:94:71:06:4f:74:b8:2e:e1:97:f6:e0:
         55:eb:14:98:ff:b0:81:c8:4f:8f:86:09:f8:c6:3f:c0:4c:94:
         36:89:5d:cd:d9:bd:2a:d8:56:d6:6a:bf:a0:de:f1:10:ce:60:
         51:22:ee:b7:35:b2:66:34:4e:ea:ba:af:63:3e:4d:9c:05:54:
         12:b4:db:ac:7b:26:7e:2b:d8:5d:8d:9d:3c:e3:65:f1:0f:30:
         77:c3:eb:31:8b:76:02:cf:34:83:5c:29:45:9a:fe:40:c4:1b:
         16:e5:78:7a:72:b3:fb:87:f2:36:a5:c5:a8:a0:c8:0f:f2:aa:
         60:34:e9:69:a2:d2:59:b5:db:63:b3:4f:da:e4:93:40:82:77:
         3d:ab:04:73:6a:e6:04:bb:1f:98:e4:c7:fb:21:21:a8:fe:bc:
         4e:fb:65:10:77:5f:76:df:41:ea:ee:11:9a:8e:ff:60:9a:2b:
         9d:d3:51:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WtLInbLATeY91RTQdCVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjMzMTQwMTU0MGEwNTI0MGE1OGIxMDMxNGI3MzczZjFlNzQ5MTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf32i+Mj1CdXqN+vKv9l7ydRUqWs
ZFgmBUf49ulXumpR3KYswQE3pjLnhEhSwQ/DaGg27zBaMv5TqRSuTxmru4k0ZKSk
YpHdQCf8tEmRCRcA8RBbBddi9dbptf1xRUU7cCbzXpWjiAKv9eXnopdFrmuPWFLo
VW5ShBKRQOX7XbObEAQrgETzEt2B4dv56bOqjsC/by4rKzk4bNgqZpPX610TLycP
EBxkZEzldYg9FeO0VxHQGVHLI8v0cXuM0hwh3x4PWsaOTbEF0mMClaZKsBHkyAU5
6akt3VKTNy3QxOsahSMFWHoK0FDZWkM2CWCHcF8v9JXiqAWQR7x9LXiTjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8zFAFUCgUkClixAxS3Nz8edJFpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbnpNVUFWUUtCU1FLV0xFREZMYzNQeDUwa1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD9MA0G
CSqGSIb3DQEBCwUAA4IBAQAl1QZL5RYivVvxNFQ9+lOTUCa7evnjGiJcj+V3T5rE
unAH/3/MeMDEcMaBPZ1AO6fSji/hrZQu5iufnrFGJVuoPhSU5KSsAazy8AE0fV1F
lHEGT3S4LuGX9uBV6xSY/7CByE+Phgn4xj/ATJQ2iV3N2b0q2FbWar+g3vEQzmBR
Iu63NbJmNE7quq9jPk2cBVQStNuseyZ+K9hdjZ0842XxDzB3w+sxi3YCzzSDXClF
mv5AxBsW5Xh6crP7h/I2pcWooMgP8qpgNOlpotJZtdtjs0/a5JNAgnc9qwRzauYE
ux+Y5Mf7ISGo/rxO+2UQd19230Hq7hGajv9gmiud01Fh
-----END CERTIFICATE-----