This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/X8zbseMN9ZZSe_HqQiMUdmuFkr8.roa
File:                     X8zbseMN9ZZSe_HqQiMUdmuFkr8.roa (raw, json)
Hash identifier:          +tWiir2rE/cl358tXZqa5oyHakH4pH61vnCR3vjh3wc=
Subject key identifier:   5F:CC:DB:B1:E3:0D:F5:96:52:7B:F1:EA:42:23:14:76:6B:85:92:BF
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D44F3E061A99EE762B739A92AE61D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/X8zbseMN9ZZSe_HqQiMUdmuFkr8.roa
Signing time:             Fri 02 Jan 2026 06:20:23 +0000
ROA not before:           Fri 02 Jan 2026 06:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56488
IP address blocks:        194.76.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:44:f3:e0:61:a9:9e:e7:62:b7:39:a9:2a:e6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fccdbb1e30df596527bf1ea422314766b8592bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:bb:0e:c1:5d:c8:7b:d4:58:c8:fc:99:1b:a3:
                    af:89:15:0b:36:81:b4:e5:ad:f8:96:65:26:f5:fe:
                    b0:82:7e:a8:b6:5e:43:41:da:b3:e4:bb:17:ac:20:
                    32:99:5c:25:6f:29:4a:45:5d:d8:26:4b:94:18:a0:
                    64:ee:52:0f:0d:54:0c:66:fe:23:e4:de:1e:8a:fb:
                    2f:6e:58:8d:de:c1:fc:3f:b1:a0:47:47:71:b7:86:
                    c7:3c:63:17:c6:a3:52:d7:81:3c:59:06:cc:3d:f7:
                    b7:9d:56:1a:9a:1f:21:18:ed:05:f7:cb:bc:06:a3:
                    95:66:91:37:71:4c:32:74:28:79:0c:52:91:bc:a5:
                    80:34:fe:f1:61:69:ee:28:c4:87:ac:a1:d7:3d:a6:
                    8d:fb:92:24:13:2a:85:e9:bc:81:55:eb:49:b2:3c:
                    9b:1b:0a:1e:bf:75:92:27:f2:9e:ec:a7:1a:4a:14:
                    d0:ee:1a:0e:dd:00:a2:93:6e:c3:bd:f4:2e:52:fb:
                    94:29:07:fb:3d:b9:ec:99:83:12:0b:10:17:e7:03:
                    28:f0:dd:e4:7b:e5:2a:a6:34:cb:c8:9c:5e:46:d3:
                    a1:32:0e:e7:14:a8:f8:93:12:97:ce:61:60:53:e3:
                    16:16:cd:7a:55:1b:b1:1e:bf:ad:3c:df:f8:fd:b3:
                    2f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:CC:DB:B1:E3:0D:F5:96:52:7B:F1:EA:42:23:14:76:6B:85:92:BF
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/X8zbseMN9ZZSe_HqQiMUdmuFkr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:2d:fb:79:c8:7a:fd:24:88:53:76:a6:21:c0:94:05:f3:92:
         f7:88:89:0c:3e:f7:c6:7a:3f:55:de:fb:11:c2:8f:4b:0b:e1:
         db:50:b9:96:91:8d:9f:9a:6f:47:4e:80:b2:88:12:7a:10:cf:
         12:47:89:38:95:78:c0:5c:f7:09:47:33:64:53:76:e5:67:b2:
         be:14:d0:9e:96:25:e1:0d:e3:41:f8:1e:b6:4d:9b:9e:12:63:
         60:19:ff:ff:ca:2a:cd:a5:26:c2:07:f4:e3:3e:41:84:76:84:
         28:14:eb:c9:67:fb:c6:29:8b:f9:0e:45:77:43:24:09:50:2f:
         30:90:52:08:b6:7c:86:a8:5e:20:09:df:f5:7c:78:b4:ae:ce:
         08:2e:7f:0a:ae:92:d4:19:65:59:25:dc:d4:57:5f:09:9b:cf:
         e4:6d:00:a7:48:51:6f:01:51:d8:2c:93:78:73:e7:65:5f:22:
         ad:b7:da:82:d0:8a:1c:32:b1:79:a7:db:d5:cd:10:85:5f:40:
         f6:bd:1b:24:7a:8a:02:72:7c:79:14:72:a7:3f:d7:c6:a1:31:
         34:87:86:ae:43:12:b9:af:c2:be:23:1f:e8:1d:21:bc:39:21:
         7b:9d:13:6c:31:ba:9c:ea:c2:ad:27:50:24:c9:2b:37:48:d1:
         dd:5a:6c:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XUTz4GGpnuditzmpKuYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmNjZGJiMWUzMGRmNTk2NTI3YmYxZWE0MjIzMTQ3NjZiODU5MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9LsOwV3Ie9RYyPyZG6OviRULNoG0
5a34lmUm9f6wgn6otl5DQdqz5LsXrCAymVwlbylKRV3YJkuUGKBk7lIPDVQMZv4j
5N4eivsvbliN3sH8P7GgR0dxt4bHPGMXxqNS14E8WQbMPfe3nVYamh8hGO0F98u8
BqOVZpE3cUwydCh5DFKRvKWANP7xYWnuKMSHrKHXPaaN+5IkEyqF6byBVetJsjyb
Gwoev3WSJ/Ke7KcaShTQ7hoO3QCik27DvfQuUvuUKQf7PbnsmYMSCxAX5wMo8N3k
e+UqpjTLyJxeRtOhMg7nFKj4kxKXzmFgU+MWFs16VRuxHr+tPN/4/bMvFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/M27HjDfWWUnvx6kIjFHZrhZK/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWDh6YnNlTU45WlpTZV9IcVFpTVVkbXVGa3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkyHMA0G
CSqGSIb3DQEBCwUAA4IBAQBULft5yHr9JIhTdqYhwJQF85L3iIkMPvfGej9V3vsR
wo9LC+HbULmWkY2fmm9HToCyiBJ6EM8SR4k4lXjAXPcJRzNkU3blZ7K+FNCeliXh
DeNB+B62TZueEmNgGf//yirNpSbCB/TjPkGEdoQoFOvJZ/vGKYv5DkV3QyQJUC8w
kFIItnyGqF4gCd/1fHi0rs4ILn8KrpLUGWVZJdzUV18Jm8/kbQCnSFFvAVHYLJN4
c+dlXyKtt9qC0IocMrF5p9vVzRCFX0D2vRskeooCcnx5FHKnP9fGoTE0h4auQxK5
r8K+Ix/oHSG8OSF7nRNsMbqc6sKtJ1AkySs3SNHdWmw9
-----END CERTIFICATE-----