This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/Nl65Np2NbEnihFgj_3m0_3bzCWY.roa
File:                     Nl65Np2NbEnihFgj_3m0_3bzCWY.roa (raw, json)
Hash identifier:          7UhBMBB84iPxUUXErAiMT9ZI08Sl9FFg4+ED0ZMQtcM=
Subject key identifier:   36:5E:B9:36:9D:8D:6C:49:E2:84:58:23:FF:79:B4:FF:76:F3:09:66
Certificate issuer:       /CN=2e73ad45f8a3ebe667abb196a289d6719bebb82d
Certificate serial:       019B7A5A85FB7A09404A26441375A20B3125
Authority key identifier: 2E:73:AD:45:F8:A3:EB:E6:67:AB:B1:96:A2:89:D6:71:9B:EB:B8:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnOtRfij6-Znq7GWoonWcZvruC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/Nl65Np2NbEnihFgj_3m0_3bzCWY.roa
Signing time:             Thu 01 Jan 2026 16:18:31 +0000
ROA not before:           Thu 01 Jan 2026 16:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205055
IP address blocks:        185.231.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/LnOtRfij6-Znq7GWoonWcZvruC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/LnOtRfij6-Znq7GWoonWcZvruC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnOtRfij6-Znq7GWoonWcZvruC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:85:fb:7a:09:40:4a:26:44:13:75:a2:0b:31:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e73ad45f8a3ebe667abb196a289d6719bebb82d
        Validity
            Not Before: Jan  1 16:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=365eb9369d8d6c49e2845823ff79b4ff76f30966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6a:70:d7:3c:5d:9b:a7:76:25:8a:62:9b:19:
                    6f:5e:10:4a:2e:9a:5d:73:21:20:b6:e0:cd:88:85:
                    aa:9d:c6:aa:9e:19:8b:9e:7c:7b:7a:52:12:2d:c5:
                    a9:c3:bd:e7:0a:9d:f3:c1:bc:d5:46:82:7a:06:4a:
                    b5:d2:b1:e3:19:a8:e4:b5:88:df:02:13:25:c9:ea:
                    b6:8e:5b:c2:9d:91:24:0b:28:fe:32:f4:8b:dc:e2:
                    6a:32:92:f4:bb:2e:24:ac:a9:47:3d:2d:16:ad:20:
                    b4:04:6a:bd:e6:33:e6:73:c6:83:35:de:10:4c:b3:
                    46:58:72:8f:c6:cb:d9:df:b0:72:82:8b:80:5e:11:
                    fe:51:55:8a:eb:af:19:1a:b9:3f:a7:a8:21:85:95:
                    eb:94:5e:86:e7:be:10:c4:91:94:c5:8c:91:6e:c1:
                    e6:d0:c3:9d:c1:f2:f0:e4:32:4b:bb:94:a5:2b:e9:
                    e1:2f:bd:53:00:39:77:4d:67:95:02:c3:56:58:b7:
                    b6:cf:cd:e0:83:6d:ce:f5:0d:8d:4a:58:78:b6:fc:
                    60:2c:72:d2:a0:26:b0:53:47:b8:c4:7e:6f:e4:8d:
                    7d:7f:46:43:6c:1e:09:dc:77:d3:ad:1c:41:e7:ba:
                    2e:08:12:e8:08:65:dd:a6:9e:4a:e8:61:1c:81:fa:
                    b5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:5E:B9:36:9D:8D:6C:49:E2:84:58:23:FF:79:B4:FF:76:F3:09:66
            X509v3 Authority Key Identifier:
                keyid:2E:73:AD:45:F8:A3:EB:E6:67:AB:B1:96:A2:89:D6:71:9B:EB:B8:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnOtRfij6-Znq7GWoonWcZvruC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/Nl65Np2NbEnihFgj_3m0_3bzCWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/LnOtRfij6-Znq7GWoonWcZvruC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:b2:71:c8:4d:77:17:98:09:95:29:ff:c6:2d:64:dc:94:aa:
         b3:76:31:72:01:16:0b:c6:aa:48:fb:1c:a6:a5:8e:cc:d1:18:
         bf:e8:8f:40:b1:e7:e0:af:91:c7:ee:5f:8c:b1:c9:e1:07:82:
         62:e1:cb:43:89:8a:48:ce:62:c3:36:e7:31:75:33:22:db:18:
         6c:72:77:74:6e:a6:75:2f:f1:2b:c0:3f:b5:ac:94:87:4a:a8:
         40:ca:ac:41:74:62:06:d5:72:7d:41:41:b1:53:fb:e8:f0:63:
         e6:d5:e0:e6:88:38:d6:69:04:db:35:5c:0f:88:cf:57:f2:00:
         e7:53:f8:b5:16:87:44:ad:9c:7b:30:d8:88:f5:cb:3a:fa:bf:
         26:e5:ab:99:b3:fb:3d:48:88:00:fa:0d:c4:ff:ca:ae:a5:36:
         b9:b4:c1:53:4a:f7:bc:76:26:24:68:77:cb:45:1d:97:42:7b:
         73:68:fc:d2:e5:be:74:e4:98:ee:51:84:1d:6e:b7:59:b3:d5:
         bb:b0:75:b3:72:d7:39:e9:d4:11:1a:1e:7e:cf:97:6c:f9:f4:
         4d:ef:fe:38:00:58:58:42:c9:35:c3:28:bb:00:50:40:fb:8a:
         4b:ba:a1:3e:9b:3a:6b:72:2f:f6:76:50:2e:ce:49:4b:95:81:
         f4:87:97:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WoX7eglASiZEE3WiCzElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzNhZDQ1ZjhhM2ViZTY2N2FiYjE5NmEyODlkNjcxOWJl
YmI4MmQwHhcNMjYwMTAxMTYxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjVlYjkzNjlkOGQ2YzQ5ZTI4NDU4MjNmZjc5YjRmZjc2ZjMwOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWpw1zxdm6d2JYpimxlvXhBKLppd
cyEgtuDNiIWqncaqnhmLnnx7elISLcWpw73nCp3zwbzVRoJ6Bkq10rHjGajktYjf
AhMlyeq2jlvCnZEkCyj+MvSL3OJqMpL0uy4krKlHPS0WrSC0BGq95jPmc8aDNd4Q
TLNGWHKPxsvZ37BygouAXhH+UVWK668ZGrk/p6ghhZXrlF6G574QxJGUxYyRbsHm
0MOdwfLw5DJLu5SlK+nhL71TADl3TWeVAsNWWLe2z83gg23O9Q2NSlh4tvxgLHLS
oCawU0e4xH5v5I19f0ZDbB4J3HfTrRxB57ouCBLoCGXdpp5K6GEcgfq1xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZeuTadjWxJ4oRYI/95tP928wlmMB8GA1UdIwQY
MBaAFC5zrUX4o+vmZ6uxlqKJ1nGb67gtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5PdFJmaWo2LVpucTdHV29vbldjWnZydUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS85YTYwY2YtOWQ5NC00NTg1LWEyNWIt
NWU3Zjk1ODExNTYyLzEvTmw2NU5wMk5iRW5paEZnal8zbTBfM2J6Q1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS85YTYwY2YtOWQ5NC00NTg1LWEyNWItNWU3Zjk1ODExNTYy
LzEvTG5PdFJmaWo2LVpucTdHV29vbldjWnZydUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueewMA0G
CSqGSIb3DQEBCwUAA4IBAQC1snHITXcXmAmVKf/GLWTclKqzdjFyARYLxqpI+xym
pY7M0Ri/6I9Asefgr5HH7l+MscnhB4Ji4ctDiYpIzmLDNucxdTMi2xhscnd0bqZ1
L/ErwD+1rJSHSqhAyqxBdGIG1XJ9QUGxU/vo8GPm1eDmiDjWaQTbNVwPiM9X8gDn
U/i1FodErZx7MNiI9cs6+r8m5auZs/s9SIgA+g3E/8qupTa5tMFTSve8diYkaHfL
RR2XQntzaPzS5b505JjuUYQdbrdZs9W7sHWzctc56dQRGh5+z5ds+fRN7/44AFhY
Qsk1wyi7AFBA+4pLuqE+mzprci/2dlAuzklLlYH0h5cR
-----END CERTIFICATE-----