This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/NiXEkFa2OyOUnxfMEcQON6yPoNg.roa
File:                     NiXEkFa2OyOUnxfMEcQON6yPoNg.roa (raw, json)
Hash identifier:          dVvuF0RyYBJRRTECbqhrE8YUyCue+Lh92GIKr6FebqU=
Subject key identifier:   36:25:C4:90:56:B6:3B:23:94:9F:17:CC:11:C4:0E:37:AC:8F:A0:D8
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       019B7E3937526769B41B302F528566C217B1
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/NiXEkFa2OyOUnxfMEcQON6yPoNg.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        212.4.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:09:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:37:52:67:69:b4:1b:30:2f:52:85:66:c2:17:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3625c49056b63b23949f17cc11c40e37ac8fa0d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:21:54:63:7a:95:50:c1:c5:e1:fa:65:6c:73:
                    1b:c7:5b:d7:65:e7:1c:1e:db:98:82:6c:d6:51:e1:
                    51:bb:65:45:09:80:d5:6d:63:0d:7c:8e:5d:e1:50:
                    a9:9a:50:1c:53:45:da:06:f0:01:a5:66:68:ec:74:
                    52:e5:e0:6a:ba:e9:a0:20:25:2c:5f:7b:b7:c4:70:
                    a8:f9:c9:67:4c:d1:d0:da:99:c3:73:10:3a:be:92:
                    8b:38:e9:4a:de:66:6a:31:44:a1:c8:1e:a7:7a:a4:
                    87:1b:ce:a9:47:a7:58:9d:6e:3d:4e:51:8b:1b:a0:
                    5a:09:50:c0:f3:2f:0f:e9:79:cb:85:de:15:40:42:
                    08:e9:11:7f:8d:bf:53:65:86:a0:0d:de:9c:47:c7:
                    b6:72:40:56:62:b1:e5:5d:b3:ab:bd:a7:7d:15:25:
                    ff:11:83:e8:af:f5:43:96:a8:05:46:82:78:bc:17:
                    aa:10:df:9b:c2:f2:a5:23:88:cf:03:b3:62:83:82:
                    44:f5:75:3a:9c:c6:88:8c:c6:5e:80:7a:bf:f8:45:
                    09:81:67:e8:d2:98:5b:26:ce:3d:1a:56:32:bd:c0:
                    dc:5f:32:e2:c0:87:db:ae:ca:b3:29:e5:d4:e0:5c:
                    5c:ee:21:fa:be:35:ab:9b:fd:22:53:7c:06:e2:b3:
                    9f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:25:C4:90:56:B6:3B:23:94:9F:17:CC:11:C4:0E:37:AC:8F:A0:D8
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/NiXEkFa2OyOUnxfMEcQON6yPoNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:a4:06:de:ad:92:0f:0e:6c:c5:fd:3b:2f:f3:ac:1c:dc:94:
         34:bc:b8:84:48:97:87:61:39:2a:af:21:f7:c5:ee:5d:37:63:
         64:95:d4:71:b0:48:1b:d0:5a:18:d4:df:4d:91:bd:08:30:2e:
         80:ab:ed:dc:7d:68:5f:00:07:04:b8:5b:76:05:e8:b9:d8:28:
         da:fb:c6:c7:32:53:bc:f3:9d:57:88:5b:82:8a:af:2d:b9:08:
         ea:ab:0d:24:85:ad:7d:73:b7:bf:51:90:b0:45:76:c9:2b:ce:
         22:67:ed:17:e0:e7:3a:8f:03:f2:6d:e0:d3:c3:f5:f2:a8:45:
         2f:66:72:88:f9:96:96:d7:70:51:cb:a2:5c:88:db:ad:79:a6:
         9c:18:22:e6:12:3e:55:a8:b9:a8:81:93:97:e9:19:21:c3:a8:
         f6:ec:9b:a4:9c:24:ef:cd:35:19:81:d5:38:d9:7d:52:da:22:
         93:f2:c2:bd:85:5c:e3:97:98:c7:c4:f1:d4:0f:52:b3:46:a2:
         2e:bf:d0:af:72:36:ce:c6:b4:4b:4f:da:6c:67:2a:e4:92:2b:
         26:e7:dc:0a:86:0a:db:c2:22:36:4a:49:4a:eb:54:9b:27:0f:
         84:ce:e5:22:94:c4:2b:b8:47:8a:bd:2f:7b:53:90:f5:8d:11:
         0d:d2:48:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTdSZ2m0GzAvUoVmwhexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI1YzQ5MDU2YjYzYjIzOTQ5ZjE3Y2MxMWM0MGUzN2FjOGZhMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCFUY3qVUMHF4fplbHMbx1vXZecc
HtuYgmzWUeFRu2VFCYDVbWMNfI5d4VCpmlAcU0XaBvABpWZo7HRS5eBquumgICUs
X3u3xHCo+clnTNHQ2pnDcxA6vpKLOOlK3mZqMUShyB6neqSHG86pR6dYnW49TlGL
G6BaCVDA8y8P6XnLhd4VQEII6RF/jb9TZYagDd6cR8e2ckBWYrHlXbOrvad9FSX/
EYPor/VDlqgFRoJ4vBeqEN+bwvKlI4jPA7Nig4JE9XU6nMaIjMZegHq/+EUJgWfo
0phbJs49GlYyvcDcXzLiwIfbrsqzKeXU4Fxc7iH6vjWrm/0iU3wG4rOfaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYlxJBWtjsjlJ8XzBHEDjesj6DYMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvTmlYRWtGYTJPeU9VbnhmTUVjUU9ONnlQb05nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ATwMA0G
CSqGSIb3DQEBCwUAA4IBAQCrpAberZIPDmzF/Tsv86wc3JQ0vLiESJeHYTkqryH3
xe5dN2NkldRxsEgb0FoY1N9Nkb0IMC6Aq+3cfWhfAAcEuFt2Bei52Cja+8bHMlO8
851XiFuCiq8tuQjqqw0kha19c7e/UZCwRXbJK84iZ+0X4Oc6jwPybeDTw/XyqEUv
ZnKI+ZaW13BRy6JciNuteaacGCLmEj5VqLmogZOX6Rkhw6j27JuknCTvzTUZgdU4
2X1S2iKT8sK9hVzjl5jHxPHUD1KzRqIuv9CvcjbOxrRLT9psZyrkkism59wKhgrb
wiI2SklK61SbJw+EzuUilMQruEeKvS97U5D1jREN0kiX
-----END CERTIFICATE-----