This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/NBCpqIpZAF1KaD7VX5EAO0lgw58.roa
File:                     NBCpqIpZAF1KaD7VX5EAO0lgw58.roa (raw, json)
Hash identifier:          FNwe4WLfDmM1bNzJd35FzEdIcc1xxE0RPwhccQQkLXQ=
Subject key identifier:   34:10:A9:A8:8A:59:00:5D:4A:68:3E:D5:5F:91:00:3B:49:60:C3:9F
Certificate issuer:       /CN=70cf5e697c6094adb6bc97156b35e005fd4cf2e2
Certificate serial:       019B797EEB9C148E7856A076391F26B9BA78
Authority key identifier: 70:CF:5E:69:7C:60:94:AD:B6:BC:97:15:6B:35:E0:05:FD:4C:F2:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cM9eaXxglK22vJcVazXgBf1M8uI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/NBCpqIpZAF1KaD7VX5EAO0lgw58.roa
Signing time:             Thu 01 Jan 2026 12:18:39 +0000
ROA not before:           Thu 01 Jan 2026 12:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51915
IP address blocks:        91.220.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/cM9eaXxglK22vJcVazXgBf1M8uI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/cM9eaXxglK22vJcVazXgBf1M8uI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cM9eaXxglK22vJcVazXgBf1M8uI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:eb:9c:14:8e:78:56:a0:76:39:1f:26:b9:ba:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cf5e697c6094adb6bc97156b35e005fd4cf2e2
        Validity
            Not Before: Jan  1 12:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3410a9a88a59005d4a683ed55f91003b4960c39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:03:12:f0:f5:38:f7:9b:3c:b4:d9:eb:92:29:
                    04:fb:f8:ca:12:ff:30:d7:3f:8a:c8:96:b1:3a:6c:
                    1e:24:61:54:ea:75:bc:f6:48:80:9f:7e:40:b8:0e:
                    03:c7:58:c3:93:32:1e:21:89:dd:fc:1f:23:35:b2:
                    1d:c0:de:05:2d:33:00:47:c4:13:1c:6c:ce:83:ac:
                    7e:7f:15:54:6e:30:e8:be:63:a1:e8:85:04:d9:a4:
                    08:8a:96:a9:25:6e:79:20:e8:ad:32:67:b6:5b:6d:
                    ff:ed:34:0e:5b:72:f7:b5:72:5e:79:ac:fd:b9:ac:
                    48:49:15:ac:6f:de:9e:cd:f0:0d:04:b0:b8:77:94:
                    dc:53:5b:60:23:a9:a2:2b:75:02:bb:83:b6:01:b3:
                    01:24:2d:2b:b4:4a:23:3b:6e:4b:78:a6:8d:c8:a7:
                    15:0a:82:73:c1:a3:9f:b5:a9:4c:3e:34:1c:cf:9d:
                    34:fd:7d:e2:0b:f4:f6:fe:53:64:6e:6f:8d:da:b1:
                    da:cb:cb:12:e6:bd:12:c1:fb:9e:21:76:ec:f8:8d:
                    51:ec:59:24:bf:70:d1:81:91:67:be:25:f0:17:02:
                    85:37:c9:8a:06:69:6e:85:d5:ba:3f:0f:55:fc:d6:
                    3d:6a:c2:79:51:67:4f:63:3c:7e:d9:eb:ea:c8:ea:
                    74:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:10:A9:A8:8A:59:00:5D:4A:68:3E:D5:5F:91:00:3B:49:60:C3:9F
            X509v3 Authority Key Identifier:
                keyid:70:CF:5E:69:7C:60:94:AD:B6:BC:97:15:6B:35:E0:05:FD:4C:F2:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cM9eaXxglK22vJcVazXgBf1M8uI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/NBCpqIpZAF1KaD7VX5EAO0lgw58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/4d5295-f8f2-4e05-add0-519795a22502/1/cM9eaXxglK22vJcVazXgBf1M8uI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:37:63:b3:80:a1:7b:53:5e:4c:6a:06:a8:b4:bb:be:ae:44:
         d2:c5:d1:a1:96:ea:cc:6a:92:53:e4:99:fe:8a:13:ff:5f:42:
         a1:06:41:ae:5b:3b:cb:17:c7:1e:3b:ad:9e:5c:aa:b3:b8:02:
         84:22:1c:0d:c2:fd:39:16:1c:80:85:a7:f4:a1:7a:af:b4:40:
         4c:c0:c5:5c:75:bd:43:13:9c:45:75:f9:1d:32:d6:4c:bf:ae:
         e8:38:3b:e6:ca:1f:41:0d:c5:37:9c:b7:98:af:1f:0a:80:bc:
         13:8e:4e:a3:17:8d:a0:78:78:bc:0c:c8:1c:f3:37:fd:f9:75:
         95:84:22:a7:24:2b:1f:ea:77:97:01:fc:01:18:35:08:74:0e:
         d9:91:f6:98:7d:1b:be:8b:50:65:3b:1b:b9:79:c3:9f:f1:86:
         29:47:e1:df:f7:f2:bf:48:8f:60:fe:14:74:46:d8:b0:f0:e4:
         cc:6b:3e:1f:be:36:04:b3:27:00:0f:13:cb:50:71:47:16:62:
         e2:8c:b0:0d:f1:ce:eb:a7:63:46:c0:2f:10:1d:bb:2b:75:55:
         fb:c8:4e:a1:dc:8a:ac:6c:17:4d:ff:ba:48:ac:19:e8:6c:08:
         8d:8d:a9:7f:4b:e6:91:00:69:cc:df:96:42:f3:4c:b5:85:92:
         84:a1:c3:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fuucFI54VqB2OR8mubp4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwY2Y1ZTY5N2M2MDk0YWRiNmJjOTcxNTZiMzVlMDA1ZmQ0
Y2YyZTIwHhcNMjYwMTAxMTIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDEwYTlhODhhNTkwMDVkNGE2ODNlZDU1ZjkxMDAzYjQ5NjBjMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gMS8PU495s8tNnrkikE+/jKEv8w
1z+KyJaxOmweJGFU6nW89kiAn35AuA4Dx1jDkzIeIYnd/B8jNbIdwN4FLTMAR8QT
HGzOg6x+fxVUbjDovmOh6IUE2aQIipapJW55IOitMme2W23/7TQOW3L3tXJeeaz9
uaxISRWsb96ezfANBLC4d5TcU1tgI6miK3UCu4O2AbMBJC0rtEojO25LeKaNyKcV
CoJzwaOftalMPjQcz500/X3iC/T2/lNkbm+N2rHay8sS5r0SwfueIXbs+I1R7Fkk
v3DRgZFnviXwFwKFN8mKBmluhdW6Pw9V/NY9asJ5UWdPYzx+2evqyOp0YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQQqaiKWQBdSmg+1V+RADtJYMOfMB8GA1UdIwQY
MBaAFHDPXml8YJSttryXFWs14AX9TPLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY005ZWFYeGdsSzIydkpjVmF6WGdCZjFNOHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80ZDUyOTUtZjhmMi00ZTA1LWFkZDAt
NTE5Nzk1YTIyNTAyLzEvTkJDcHFJcFpBRjFLYUQ3Vlg1RUFPMGxndzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80ZDUyOTUtZjhmMi00ZTA1LWFkZDAtNTE5Nzk1YTIyNTAy
LzEvY005ZWFYeGdsSzIydkpjVmF6WGdCZjFNOHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9y2MA0G
CSqGSIb3DQEBCwUAA4IBAQB4N2OzgKF7U15MagaotLu+rkTSxdGhlurMapJT5Jn+
ihP/X0KhBkGuWzvLF8ceO62eXKqzuAKEIhwNwv05FhyAhaf0oXqvtEBMwMVcdb1D
E5xFdfkdMtZMv67oODvmyh9BDcU3nLeYrx8KgLwTjk6jF42geHi8DMgc8zf9+XWV
hCKnJCsf6neXAfwBGDUIdA7ZkfaYfRu+i1BlOxu5ecOf8YYpR+Hf9/K/SI9g/hR0
Rtiw8OTMaz4fvjYEsycADxPLUHFHFmLijLAN8c7rp2NGwC8QHbsrdVX7yE6h3Iqs
bBdN/7pIrBnobAiNjal/S+aRAGnM35ZC80y1hZKEocPn
-----END CERTIFICATE-----