This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/nESdHSYfa1deK4cuMEoqKlkUBhA.roa
File:                     nESdHSYfa1deK4cuMEoqKlkUBhA.roa (raw, json)
Hash identifier:          Ne5xi2gxYVVWXxqP7e6edUaF5lMzo3AlLl0nnSwGj20=
Subject key identifier:   9C:44:9D:1D:26:1F:6B:57:5E:2B:87:2E:30:4A:2A:2A:59:14:06:10
Certificate issuer:       /CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
Certificate serial:       019B7C7FC032F17A3AEA954405D42262AC24
Authority key identifier: 5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/nESdHSYfa1deK4cuMEoqKlkUBhA.roa
Signing time:             Fri 02 Jan 2026 02:18:25 +0000
ROA not before:           Fri 02 Jan 2026 02:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:c0:32:f1:7a:3a:ea:95:44:05:d4:22:62:ac:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
        Validity
            Not Before: Jan  2 02:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c449d1d261f6b575e2b872e304a2a2a59140610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:63:69:f7:dd:a5:a8:c3:84:cc:83:84:36:ba:
                    fe:95:cf:5f:3a:2e:a2:02:c7:84:aa:cf:1d:ce:3c:
                    83:6e:82:3a:b9:a8:97:ab:45:bc:c5:21:15:a6:01:
                    3c:fb:d6:3a:15:ed:b4:e4:c8:0f:72:cf:32:24:e2:
                    0e:6b:32:30:2e:c5:47:b1:03:62:3b:59:f1:0b:29:
                    d7:15:06:f2:10:29:30:fe:95:12:54:e6:2b:ef:ef:
                    c2:f2:da:aa:4b:e2:f5:89:22:15:99:7b:c0:40:30:
                    12:6c:6b:ec:fb:e0:71:1d:df:5e:89:5c:66:13:b5:
                    7c:88:b6:50:8a:f1:ec:81:a9:fa:1b:d9:d7:51:15:
                    22:c9:ee:29:f3:52:b0:81:21:01:7a:f1:4d:92:01:
                    85:aa:30:f2:6f:17:30:7c:88:b2:01:97:06:d0:68:
                    26:6a:27:45:96:60:7d:21:cc:de:b2:5f:ca:57:9e:
                    0d:0c:92:98:6a:69:dd:c7:1b:b6:8f:c1:01:ed:97:
                    c3:cc:00:b3:79:98:c0:0e:16:c7:61:ee:e5:5e:f8:
                    93:ad:8f:5a:b1:8a:5e:54:7f:4f:cf:93:4b:42:1c:
                    5d:10:87:87:a8:35:f8:1c:38:a1:76:21:6a:e9:bc:
                    84:e3:20:63:ee:d3:35:55:3e:07:5b:a0:d2:c2:2d:
                    74:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:44:9D:1D:26:1F:6B:57:5E:2B:87:2E:30:4A:2A:2A:59:14:06:10
            X509v3 Authority Key Identifier:
                keyid:5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/nESdHSYfa1deK4cuMEoqKlkUBhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c3:ed:4f:43:ac:4e:01:d4:e6:55:33:2a:a2:5b:f3:29:03:
         c7:09:95:46:62:bc:7f:4e:ae:80:90:a6:a6:ec:24:d4:84:c0:
         0b:91:ea:5a:a5:c0:b6:d7:a7:bc:53:4e:32:96:51:4d:1f:69:
         92:a8:49:d1:77:00:63:82:3c:67:41:99:c4:1a:e3:b6:88:68:
         8c:0e:30:ca:5e:67:44:c6:05:5b:e1:05:e0:9c:6a:a9:c8:e6:
         57:5b:58:96:af:54:c8:db:fa:51:3f:f1:5a:19:b4:d2:66:f0:
         86:3b:51:1e:22:2f:f5:cc:db:f9:21:a3:10:b6:dc:13:f3:67:
         e3:64:75:93:00:5d:02:cd:bf:06:d5:18:8a:b4:75:1b:52:c5:
         59:6b:46:6d:44:da:24:d9:6b:6e:19:c3:85:33:b8:58:e4:d3:
         19:12:72:d0:18:f6:0c:d6:54:76:57:9d:2d:8b:99:cd:15:ec:
         ab:0a:45:a2:12:e9:ed:61:cc:ce:64:ec:37:8c:3c:4d:49:e4:
         3f:ef:3e:44:7a:cf:8d:ad:3e:fa:80:bf:e9:5f:d7:5e:7a:0a:
         ed:91:ee:b8:de:72:89:b2:8c:cd:94:7f:84:ae:4e:df:6d:c6:
         1b:78:d5:42:bc:69:6c:8f:dc:67:de:d5:ea:ec:94:bf:8a:54:
         e8:5d:47:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f8Ay8Xo66pVEBdQiYqwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjM2ExZDk3M2Y5YjMzOTFlOGFkYWNhYTY2NGQxYjIzZDc3
OGYwMDgwHhcNMjYwMTAyMDIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQ0OWQxZDI2MWY2YjU3NWUyYjg3MmUzMDRhMmEyYTU5MTQwNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmNp992lqMOEzIOENrr+lc9fOi6i
AseEqs8dzjyDboI6uaiXq0W8xSEVpgE8+9Y6Fe205MgPcs8yJOIOazIwLsVHsQNi
O1nxCynXFQbyECkw/pUSVOYr7+/C8tqqS+L1iSIVmXvAQDASbGvs++BxHd9eiVxm
E7V8iLZQivHsgan6G9nXURUiye4p81KwgSEBevFNkgGFqjDybxcwfIiyAZcG0Ggm
aidFlmB9Iczesl/KV54NDJKYamndxxu2j8EB7ZfDzACzeZjADhbHYe7lXviTrY9a
sYpeVH9Pz5NLQhxdEIeHqDX4HDihdiFq6byE4yBj7tM1VT4HW6DSwi105wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxEnR0mH2tXXiuHLjBKKipZFAYQMB8GA1UdIwQY
MBaAFFw6HZc/mzOR6K2sqmZNGyPXePAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEt
MTk0Y2M5OTAyYWJmLzEvbkVTZEhTWWZhMWRlSzRjdU1Fb3FLbGtVQmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEtMTk0Y2M5OTAyYWJm
LzEvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEbMA0G
CSqGSIb3DQEBCwUAA4IBAQB9w+1PQ6xOAdTmVTMqolvzKQPHCZVGYrx/Tq6AkKam
7CTUhMALkepapcC216e8U04yllFNH2mSqEnRdwBjgjxnQZnEGuO2iGiMDjDKXmdE
xgVb4QXgnGqpyOZXW1iWr1TI2/pRP/FaGbTSZvCGO1EeIi/1zNv5IaMQttwT82fj
ZHWTAF0Czb8G1RiKtHUbUsVZa0ZtRNok2WtuGcOFM7hY5NMZEnLQGPYM1lR2V50t
i5nNFeyrCkWiEuntYczOZOw3jDxNSeQ/7z5Ees+NrT76gL/pX9deegrtke643nKJ
sozNlH+Erk7fbcYbeNVCvGlsj9xn3tXq7JS/ilToXUc3
-----END CERTIFICATE-----