This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/NKg93JWQUnBu80RX13MwmqJxvVc.roa
File:                     NKg93JWQUnBu80RX13MwmqJxvVc.roa (raw, json)
Hash identifier:          nG4jnHVVr/B/zg5snhsHaHEVH2wq5BQYMoc/wJLZKCM=
Subject key identifier:   34:A8:3D:DC:95:90:52:70:6E:F3:44:57:D7:73:30:9A:A2:71:BD:57
Certificate issuer:       /CN=5f16b294b1a647bf6d67683b51614497e751f21f
Certificate serial:       019B79ED46D2D499017838F5EDC7884B1869
Authority key identifier: 5F:16:B2:94:B1:A6:47:BF:6D:67:68:3B:51:61:44:97:E7:51:F2:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/NKg93JWQUnBu80RX13MwmqJxvVc.roa
Signing time:             Thu 01 Jan 2026 14:19:11 +0000
ROA not before:           Thu 01 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34182
IP address blocks:        193.28.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:46:d2:d4:99:01:78:38:f5:ed:c7:88:4b:18:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f16b294b1a647bf6d67683b51614497e751f21f
        Validity
            Not Before: Jan  1 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34a83ddc959052706ef34457d773309aa271bd57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:39:e7:8b:89:b5:5c:f6:62:6b:82:50:ef:60:
                    f6:5b:e1:21:55:d3:91:5a:7d:a3:bd:8b:79:12:61:
                    cd:4e:f5:aa:fa:5d:f2:b3:0a:02:d3:d2:9d:5c:43:
                    3a:7f:71:16:0a:27:18:77:06:b1:65:3d:58:e3:94:
                    bc:af:00:0f:68:fd:04:02:80:8d:cd:71:8c:3b:c7:
                    e0:ff:a8:ba:14:5e:3a:6a:59:e3:1b:5a:93:d6:c7:
                    55:98:4f:49:b6:27:59:fa:f3:bf:9d:97:f8:a5:8a:
                    a7:d6:90:48:db:d5:e8:bd:5d:6e:12:ae:09:1d:6d:
                    0a:6e:3b:05:f0:05:43:6a:9b:57:1a:2d:98:df:d8:
                    f9:ab:e4:1e:bb:e4:20:6d:65:73:82:58:57:05:7c:
                    b7:18:2b:87:01:de:71:cb:30:bb:d3:26:10:86:54:
                    9f:01:57:7b:76:09:da:2c:e1:ab:50:ee:ce:3d:88:
                    57:f4:dd:c0:12:79:ee:7d:06:7f:e4:23:96:1d:16:
                    63:9c:1c:08:ca:46:ad:ef:a4:9c:79:fe:8c:4e:20:
                    a9:c9:75:93:5c:96:50:46:ce:38:bb:45:cb:56:3d:
                    82:b3:8a:08:a7:06:ea:59:74:85:0f:f4:f2:85:cc:
                    c1:b6:6f:d2:34:69:38:c4:77:8d:a6:b4:d7:b8:07:
                    59:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A8:3D:DC:95:90:52:70:6E:F3:44:57:D7:73:30:9A:A2:71:BD:57
            X509v3 Authority Key Identifier:
                keyid:5F:16:B2:94:B1:A6:47:BF:6D:67:68:3B:51:61:44:97:E7:51:F2:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/NKg93JWQUnBu80RX13MwmqJxvVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:cc:9f:88:73:1f:25:d7:6e:b2:27:c0:7e:87:d7:0a:aa:43:
         17:66:f3:29:10:30:e8:9c:65:01:4b:74:9b:79:97:57:b1:a1:
         d0:0f:f7:45:d8:54:46:d7:ef:0e:85:1f:43:8f:34:b1:19:6d:
         7e:a2:79:04:51:2b:13:22:6e:97:bc:e1:c6:02:8e:a3:04:73:
         94:b9:72:e8:25:35:63:26:a5:3c:30:12:b5:4e:bc:fc:b9:b5:
         03:f7:53:53:17:47:34:d8:ae:dc:65:aa:1a:54:27:99:cd:b5:
         b2:2b:7f:f8:49:66:f7:f3:a5:0c:5f:2b:43:b3:b6:69:f8:af:
         2e:1f:7a:bf:f8:ad:95:a9:a0:be:87:46:5b:ae:c3:de:8f:fc:
         93:94:7f:01:75:23:a8:fa:24:56:46:ee:7e:e6:46:8f:2d:9e:
         33:ca:47:29:a5:41:30:88:05:e9:95:4d:48:66:4f:ba:55:b5:
         1a:2a:3b:4c:f1:61:19:16:45:c9:5f:df:4a:b8:c1:02:fa:47:
         9d:5e:54:b0:02:e5:3d:d3:88:68:ce:f0:b0:b4:87:ee:16:1a:
         a8:0f:0d:89:bb:a4:19:b4:cd:cf:56:09:16:44:3e:2f:e5:3a:
         26:d8:66:35:c8:7e:2f:19:d7:c6:a2:3d:41:9b:62:1d:df:00:
         6d:59:82:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57UbS1JkBeDj17ceISxhpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMTZiMjk0YjFhNjQ3YmY2ZDY3NjgzYjUxNjE0NDk3ZTc1
MWYyMWYwHhcNMjYwMTAxMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE4M2RkYzk1OTA1MjcwNmVmMzQ0NTdkNzczMzA5YWEyNzFiZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzznni4m1XPZia4JQ72D2W+EhVdOR
Wn2jvYt5EmHNTvWq+l3yswoC09KdXEM6f3EWCicYdwaxZT1Y45S8rwAPaP0EAoCN
zXGMO8fg/6i6FF46alnjG1qT1sdVmE9JtidZ+vO/nZf4pYqn1pBI29XovV1uEq4J
HW0KbjsF8AVDaptXGi2Y39j5q+Qeu+QgbWVzglhXBXy3GCuHAd5xyzC70yYQhlSf
AVd7dgnaLOGrUO7OPYhX9N3AEnnufQZ/5COWHRZjnBwIykat76Scef6MTiCpyXWT
XJZQRs44u0XLVj2Cs4oIpwbqWXSFD/TyhczBtm/SNGk4xHeNprTXuAdZrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSoPdyVkFJwbvNEV9dzMJqicb1XMB8GA1UdIwQY
MBaAFF8WspSxpke/bWdoO1FhRJfnUfIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhheWxMR21SNzl0WjJnN1VXRkVsLWRSOGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kZjI3NzctNzdhMS00Yjg0LTkyMWYt
YTg4MjcwZjVkMWE5LzEvTktnOTNKV1FVbkJ1ODBSWDEzTXdtcUp4dlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kZjI3NzctNzdhMS00Yjg0LTkyMWYtYTg4MjcwZjVkMWE5
LzEvWHhheWxMR21SNzl0WjJnN1VXRkVsLWRSOGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRy5MA0G
CSqGSIb3DQEBCwUAA4IBAQATzJ+Icx8l126yJ8B+h9cKqkMXZvMpEDDonGUBS3Sb
eZdXsaHQD/dF2FRG1+8OhR9DjzSxGW1+onkEUSsTIm6XvOHGAo6jBHOUuXLoJTVj
JqU8MBK1Trz8ubUD91NTF0c02K7cZaoaVCeZzbWyK3/4SWb386UMXytDs7Zp+K8u
H3q/+K2VqaC+h0ZbrsPej/yTlH8BdSOo+iRWRu5+5kaPLZ4zykcppUEwiAXplU1I
Zk+6VbUaKjtM8WEZFkXJX99KuMEC+kedXlSwAuU904hozvCwtIfuFhqoDw2Ju6QZ
tM3PVgkWRD4v5Tom2GY1yH4vGdfGoj1Bm2Id3wBtWYL5
-----END CERTIFICATE-----