This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NdCzsFK5SwfeAb6e4GnlaLiuGrE.roa
File:                     NdCzsFK5SwfeAb6e4GnlaLiuGrE.roa (raw, json)
Hash identifier:          cc16MtOis+wldYiThk/h/NdOUb2U0vekWYd8pITplbk=
Subject key identifier:   35:D0:B3:B0:52:B9:4B:07:DE:01:BE:9E:E0:69:E5:68:B8:AE:1A:B1
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D4B6D46FFC6561BF90206540B143B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NdCzsFK5SwfeAb6e4GnlaLiuGrE.roa
Signing time:             Fri 02 Jan 2026 06:20:24 +0000
ROA not before:           Fri 02 Jan 2026 06:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     149782
IP address blocks:        45.91.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:4b:6d:46:ff:c6:56:1b:f9:02:06:54:0b:14:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35d0b3b052b94b07de01be9ee069e568b8ae1ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:44:a3:a9:d0:96:4f:31:cf:d7:22:a2:11:91:
                    3c:5c:c9:4b:93:ae:f9:25:fe:d3:ce:9c:2d:16:2c:
                    48:05:ee:84:9d:a7:5f:e7:ea:7e:22:08:3c:29:5c:
                    13:22:51:30:80:f8:ca:28:dd:f3:3e:1f:82:8f:6c:
                    8a:6c:b0:44:c7:8a:72:7b:f7:b7:6c:59:ef:a9:5b:
                    a6:cc:89:64:ea:b3:54:2c:74:07:58:5c:06:2e:0c:
                    c7:d5:3b:0e:8b:a3:ee:b0:a8:70:ef:6e:ac:35:6e:
                    ef:9b:d0:68:1d:ea:ca:3b:db:93:5b:34:fa:40:75:
                    f7:fb:4d:a5:6f:e0:6f:11:2d:40:ab:4a:59:90:7b:
                    ca:e5:49:cb:11:91:f1:45:70:57:b8:b3:57:e8:88:
                    9c:b5:cd:f9:1e:9f:d5:76:2d:6c:82:e2:84:9f:91:
                    b6:2a:8b:e6:50:b2:35:52:15:18:fe:4b:97:d2:de:
                    de:d8:cf:6f:3a:2a:c2:e3:e3:73:49:1f:ce:76:43:
                    f3:b9:06:ac:ce:ff:11:8e:56:f0:90:5d:94:77:38:
                    e1:a9:9c:a7:54:ad:8c:8d:a9:f2:d9:07:c5:e6:7e:
                    c5:a5:e3:a3:0d:a0:26:40:83:a4:f7:6a:14:b4:8f:
                    75:c1:70:d6:64:cf:a5:9a:65:ec:79:08:35:32:5e:
                    d7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D0:B3:B0:52:B9:4B:07:DE:01:BE:9E:E0:69:E5:68:B8:AE:1A:B1
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NdCzsFK5SwfeAb6e4GnlaLiuGrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d2:99:0a:dc:b8:c9:0e:ff:16:79:28:cd:91:2b:24:7d:30:
         66:16:01:b1:3d:57:e4:45:81:41:5d:81:0f:b0:8c:33:8d:12:
         91:c6:3e:74:69:7f:80:12:f8:aa:a6:da:9c:99:ba:a2:2d:41:
         97:b1:e1:69:e1:9f:65:73:15:0a:8a:81:9e:26:14:25:81:d2:
         4f:8e:f0:5e:7c:47:e6:0a:0c:86:39:08:2c:aa:b1:da:12:dd:
         49:8d:b6:7d:e9:72:e5:c0:77:de:bd:a6:47:84:44:e8:fa:98:
         75:86:b8:d2:b4:a1:dd:83:d8:05:cc:d6:d9:4a:1b:c5:ce:32:
         33:29:73:2d:7c:6a:3e:3a:47:fc:cd:be:9a:f5:68:af:66:0b:
         ee:c1:37:2b:0c:54:b7:e4:c2:91:85:52:e7:92:ea:92:77:d8:
         a9:0a:bf:a3:c6:93:12:a8:56:c6:fe:a3:b4:96:ed:8e:ab:08:
         8b:90:81:c1:56:55:52:e0:de:c1:1f:48:7c:79:8e:26:c5:2d:
         bc:f5:05:a0:19:63:9a:6d:59:46:e8:9c:8c:ca:28:2b:9c:ef:
         51:1e:7e:44:c9:27:68:12:38:e1:06:fb:72:de:47:65:76:da:
         75:73:b5:05:5b:22:06:9b:71:9d:16:04:92:a6:55:be:34:ea:
         58:f8:4d:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XUttRv/GVhv5AgZUCxQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQwYjNiMDUyYjk0YjA3ZGUwMWJlOWVlMDY5ZTU2OGI4YWUxYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkESjqdCWTzHP1yKiEZE8XMlLk675
Jf7TzpwtFixIBe6Enadf5+p+Igg8KVwTIlEwgPjKKN3zPh+Cj2yKbLBEx4pye/e3
bFnvqVumzIlk6rNULHQHWFwGLgzH1TsOi6PusKhw726sNW7vm9BoHerKO9uTWzT6
QHX3+02lb+BvES1Aq0pZkHvK5UnLEZHxRXBXuLNX6Iictc35Hp/Vdi1sguKEn5G2
KovmULI1UhUY/kuX0t7e2M9vOirC4+NzSR/OdkPzuQaszv8RjlbwkF2UdzjhqZyn
VK2Mjany2QfF5n7FpeOjDaAmQIOk92oUtI91wXDWZM+lmmXseQg1Ml7XBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXQs7BSuUsH3gG+nuBp5Wi4rhqxMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTmRDenNGSzVTd2ZlQWI2ZTRHbmxhTGl1R3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVszMA0G
CSqGSIb3DQEBCwUAA4IBAQB40pkK3LjJDv8WeSjNkSskfTBmFgGxPVfkRYFBXYEP
sIwzjRKRxj50aX+AEviqptqcmbqiLUGXseFp4Z9lcxUKioGeJhQlgdJPjvBefEfm
CgyGOQgsqrHaEt1JjbZ96XLlwHfevaZHhETo+ph1hrjStKHdg9gFzNbZShvFzjIz
KXMtfGo+Okf8zb6a9WivZgvuwTcrDFS35MKRhVLnkuqSd9ipCr+jxpMSqFbG/qO0
lu2OqwiLkIHBVlVS4N7BH0h8eY4mxS289QWgGWOabVlG6JyMyigrnO9RHn5EySdo
EjjhBvty3kdldtp1c7UFWyIGm3GdFgSSplW+NOpY+E3k
-----END CERTIFICATE-----