This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/ngjkfOBH-dxB0xiqqQKvL_WdtG0.roa
File:                     ngjkfOBH-dxB0xiqqQKvL_WdtG0.roa (raw, json)
Hash identifier:          1zwPy7iZtuLHaNUBo4QmZO75vcSTlaybrWc7phI+i2w=
Subject key identifier:   9E:08:E4:7C:E0:47:F9:DC:41:D3:18:AA:A9:02:AF:2F:F5:9D:B4:6D
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019B7A5B9FC44FC28A71E2B97124C46C3CBE
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/ngjkfOBH-dxB0xiqqQKvL_WdtG0.roa
Signing time:             Thu 01 Jan 2026 16:19:43 +0000
ROA not before:           Thu 01 Jan 2026 16:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        64.255.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:9f:c4:4f:c2:8a:71:e2:b9:71:24:c4:6c:3c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Jan  1 16:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e08e47ce047f9dc41d318aaa902af2ff59db46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:48:b0:37:72:6c:a4:92:a2:d0:23:e1:32:75:
                    e1:36:25:1a:d5:6e:94:79:a8:7d:e7:a6:23:91:16:
                    68:8d:46:57:15:f6:0e:f9:97:8b:d2:22:64:dd:60:
                    7c:e4:38:21:b7:79:3e:e6:9b:9e:7c:f9:3a:30:26:
                    39:5f:49:67:32:93:52:ce:7d:80:0d:9a:e5:42:4b:
                    2b:bc:99:1a:68:38:b4:e0:93:8a:f3:d9:49:bf:35:
                    3b:36:3a:5f:61:e0:95:7d:4d:9d:c3:77:f5:28:90:
                    9a:12:fc:69:ca:78:5c:2c:f6:b8:6d:9f:f4:d7:7b:
                    d2:8a:30:c8:d3:29:3f:13:54:3e:2b:1c:44:2d:b5:
                    a8:77:c0:52:27:bb:25:b1:63:35:b8:b7:29:6f:af:
                    6b:c9:2a:0c:26:de:d8:01:77:73:94:df:37:c3:5a:
                    86:30:32:11:bf:cb:d9:a4:dc:7f:4a:06:82:bd:fe:
                    79:ec:d7:d3:03:fd:a9:9e:de:b1:05:9d:c6:75:85:
                    00:b5:cb:38:d2:6f:fa:53:79:fb:fa:c8:32:15:bf:
                    06:d5:6b:59:30:46:cc:69:2b:cb:84:42:6f:7d:c6:
                    9d:a4:9d:15:36:72:18:89:92:ae:b9:5c:ad:fe:3a:
                    99:04:26:1d:d3:95:b8:d1:9e:5b:a2:a8:94:f0:a3:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:08:E4:7C:E0:47:F9:DC:41:D3:18:AA:A9:02:AF:2F:F5:9D:B4:6D
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/ngjkfOBH-dxB0xiqqQKvL_WdtG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.255.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:cc:c7:08:df:c2:4f:ef:92:b1:05:20:72:19:5a:a9:13:95:
         04:7f:be:e2:4a:8d:6d:b1:45:22:91:e9:ac:f7:3f:1b:a9:2b:
         2f:60:10:49:a7:6a:0e:4d:71:35:fe:a1:3e:7e:60:08:24:2b:
         52:81:d1:12:98:c0:49:6d:4a:31:4b:78:d2:ad:2a:de:29:c0:
         b6:9d:4b:f1:ec:43:20:be:9a:16:95:c1:41:ee:fe:59:85:55:
         de:bc:95:3b:af:2e:a4:9b:98:d2:e2:74:11:c9:2b:f4:8c:fe:
         99:32:8a:29:db:46:c8:0f:36:b1:54:9b:22:7b:98:2f:02:c5:
         31:a7:b5:40:57:57:b6:78:ea:41:6b:25:cd:85:53:7a:a4:3b:
         3d:48:89:6d:aa:a9:06:7d:c7:57:1d:cc:6d:57:93:3b:6a:f6:
         13:e3:17:c5:4d:80:fe:5c:85:a2:0e:ae:e3:4f:81:36:ef:26:
         bc:3d:4d:dc:18:18:77:a7:4d:36:1f:d2:e0:ae:1c:ae:52:6c:
         fb:fb:c1:00:c2:ac:12:7d:93:5b:2d:82:50:25:c8:9a:f1:8c:
         57:b7:9d:77:c0:07:30:2f:fb:00:be:11:bf:5b:aa:b8:98:11:
         a4:aa:c1:02:88:53:f9:2d:e5:ec:ea:e5:68:5f:42:bb:9a:a5:
         ee:17:f9:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W5/ET8KKceK5cSTEbDy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjYwMTAxMTYxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTA4ZTQ3Y2UwNDdmOWRjNDFkMzE4YWFhOTAyYWYyZmY1OWRiNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEiwN3JspJKi0CPhMnXhNiUa1W6U
eah956YjkRZojUZXFfYO+ZeL0iJk3WB85Dght3k+5puefPk6MCY5X0lnMpNSzn2A
DZrlQksrvJkaaDi04JOK89lJvzU7NjpfYeCVfU2dw3f1KJCaEvxpynhcLPa4bZ/0
13vSijDI0yk/E1Q+KxxELbWod8BSJ7slsWM1uLcpb69rySoMJt7YAXdzlN83w1qG
MDIRv8vZpNx/SgaCvf557NfTA/2pnt6xBZ3GdYUAtcs40m/6U3n7+sgyFb8G1WtZ
MEbMaSvLhEJvfcadpJ0VNnIYiZKuuVyt/jqZBCYd05W40Z5boqiU8KOJOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4I5HzgR/ncQdMYqqkCry/1nbRtMB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEvbmdqa2ZPQkgtZHhCMHhpcXFRS3ZMX1dkdEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQP8ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAnzMcI38JP75KxBSByGVqpE5UEf77iSo1tsUUikems
9z8bqSsvYBBJp2oOTXE1/qE+fmAIJCtSgdESmMBJbUoxS3jSrSreKcC2nUvx7EMg
vpoWlcFB7v5ZhVXevJU7ry6km5jS4nQRySv0jP6ZMoop20bIDzaxVJsie5gvAsUx
p7VAV1e2eOpBayXNhVN6pDs9SIltqqkGfcdXHcxtV5M7avYT4xfFTYD+XIWiDq7j
T4E27ya8PU3cGBh3p002H9LgrhyuUmz7+8EAwqwSfZNbLYJQJcia8YxXt513wAcw
L/sAvhG/W6q4mBGkqsECiFP5LeXs6uVoX0K7mqXuF/kR
-----END CERTIFICATE-----