This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/nn_1VMvKIWzw2XUgpRSRQ0YbCXA.roa
File:                     nn_1VMvKIWzw2XUgpRSRQ0YbCXA.roa (raw, json)
Hash identifier:          CAV1aicJa1xV33pauRJjVUr2k+nxSkItYvLJyPNkTTs=
Subject key identifier:   9E:7F:F5:54:CB:CA:21:6C:F0:D9:75:20:A5:14:91:43:46:1B:09:70
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       019B7A5AF77852D4D7DE77C227B1537842CC
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/nn_1VMvKIWzw2XUgpRSRQ0YbCXA.roa
Signing time:             Thu 01 Jan 2026 16:19:00 +0000
ROA not before:           Thu 01 Jan 2026 16:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213204
IP address blocks:        2a0f:3784:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f7:78:52:d4:d7:de:77:c2:27:b1:53:78:42:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Jan  1 16:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e7ff554cbca216cf0d97520a5149143461b0970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:1d:9e:e4:7f:1a:54:37:25:9b:04:e0:3b:
                    34:f0:3f:dd:af:8b:b6:bd:a8:e2:1c:a2:8d:31:9a:
                    67:12:b9:2f:d9:ee:f2:23:92:8d:e3:25:dd:93:cc:
                    85:b8:34:f4:3e:a7:de:af:73:0d:b2:08:8a:28:15:
                    fb:1b:ae:6a:a6:5c:fc:6b:85:64:44:de:ad:98:17:
                    fd:f2:9d:a0:f3:47:89:ba:bc:23:f4:4d:f4:af:bf:
                    e7:b3:73:45:7e:0f:8d:e1:be:51:69:31:42:5a:c5:
                    4b:ff:7d:d5:6c:46:4c:2b:9a:de:75:1d:d6:e9:af:
                    a3:ee:d5:18:bb:b3:b6:d3:27:c1:16:de:ee:05:e6:
                    eb:07:41:1c:0b:ce:1a:6c:9f:46:16:f5:6a:72:b9:
                    58:f1:62:f5:52:67:52:3a:a8:10:db:c3:88:e8:83:
                    e8:6d:11:d2:10:c2:cf:9a:1b:21:4b:90:8e:84:8f:
                    0f:58:f2:ea:e5:ce:8c:ae:57:1b:94:14:72:ce:dd:
                    08:43:91:6d:30:71:59:6a:7b:de:ef:e3:a5:79:f6:
                    2e:df:95:3d:c5:9a:fd:c1:00:f9:c1:de:6c:32:d1:
                    a5:c5:44:53:cb:61:7f:c6:29:98:c2:4f:7a:04:a8:
                    cb:3b:78:99:6c:b9:c3:b7:dd:bb:39:c5:a5:4a:bb:
                    0b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:7F:F5:54:CB:CA:21:6C:F0:D9:75:20:A5:14:91:43:46:1B:09:70
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/nn_1VMvKIWzw2XUgpRSRQ0YbCXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3784:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         06:41:5c:d0:b1:f1:f1:5d:03:0a:0e:03:af:8a:2d:cc:59:a5:
         16:51:28:82:e5:47:1a:8d:68:1d:12:09:f9:0d:89:3b:92:a0:
         9a:18:a1:b2:c5:2e:74:e0:36:99:af:40:2c:59:a3:76:a8:47:
         25:0d:33:1c:96:d5:2f:e0:0a:ac:39:57:83:6d:c9:ef:c6:44:
         e3:90:1a:38:bc:b0:e1:56:70:71:5e:f4:89:f8:b6:83:fc:a8:
         9c:23:d7:86:3e:8f:e2:e9:07:1a:e9:6a:99:09:62:3c:ad:5a:
         0a:fe:66:e1:9e:01:45:8e:a3:5e:84:20:0d:db:45:16:12:94:
         c0:65:15:bb:99:f0:09:9c:b4:b9:32:49:62:15:e0:b1:9b:9f:
         39:be:ff:c7:40:75:db:aa:83:b4:62:64:08:72:ad:41:26:e5:
         e7:2e:7e:d0:41:45:00:b3:b2:a0:ee:77:84:01:d2:4b:12:40:
         29:6a:fd:35:b0:d5:fe:ac:a9:39:39:bc:94:95:65:18:b2:60:
         50:3e:ea:cf:bf:e5:50:29:9f:ab:8e:b1:12:5d:ed:d7:df:af:
         63:58:1d:aa:a5:c3:14:61:b0:de:db:bc:5b:74:4a:cb:0d:d4:
         ef:e7:d6:a3:8e:62:9a:59:c6:0d:ca:c7:86:b0:f6:89:05:69:
         40:9d:d5:1d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt6Wvd4UtTX3nfCJ7FTeELMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjYwMTAxMTYxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTdmZjU1NGNiY2EyMTZjZjBkOTc1MjBhNTE0OTE0MzQ2MWIwOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTAdnuR/GlQ3JZsE4Ds08D/dr4u2
vajiHKKNMZpnErkv2e7yI5KN4yXdk8yFuDT0Pqfer3MNsgiKKBX7G65qplz8a4Vk
RN6tmBf98p2g80eJurwj9E30r7/ns3NFfg+N4b5RaTFCWsVL/33VbEZMK5redR3W
6a+j7tUYu7O20yfBFt7uBebrB0EcC84abJ9GFvVqcrlY8WL1UmdSOqgQ28OI6IPo
bRHSEMLPmhshS5COhI8PWPLq5c6MrlcblBRyzt0IQ5FtMHFZanve7+OlefYu35U9
xZr9wQD5wd5sMtGlxURTy2F/ximYwk96BKjLO3iZbLnDt927OcWlSrsL0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ5/9VTLyiFs8Nl1IKUUkUNGGwlwMB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEvbm5fMVZNdktJV3p3MlhVZ3BSU1JRMFliQ1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg83hAEw
DQYJKoZIhvcNAQELBQADggEBAAZBXNCx8fFdAwoOA6+KLcxZpRZRKILlRxqNaB0S
CfkNiTuSoJoYobLFLnTgNpmvQCxZo3aoRyUNMxyW1S/gCqw5V4Ntye/GROOQGji8
sOFWcHFe9In4toP8qJwj14Y+j+LpBxrpapkJYjytWgr+ZuGeAUWOo16EIA3bRRYS
lMBlFbuZ8AmctLkySWIV4LGbnzm+/8dAdduqg7RiZAhyrUEm5ecuftBBRQCzsqDu
d4QB0ksSQClq/TWw1f6sqTk5vJSVZRiyYFA+6s+/5VApn6uOsRJd7dffr2NYHaql
wxRhsN7bvFt0SssN1O/n1qOOYppZxg3Kx4aw9okFaUCd1R0=
-----END CERTIFICATE-----