This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/dhPvX_i1mFOzhmyQ6cgEC3zR_ns.roa
File:                     dhPvX_i1mFOzhmyQ6cgEC3zR_ns.roa (raw, json)
Hash identifier:          9n9s5loPBcCb7Ueh7CcxWNEVFKz5nZ6rOXbrQKMlyU8=
Subject key identifier:   76:13:EF:5F:F8:B5:98:53:B3:86:6C:90:E9:C8:04:0B:7C:D1:FE:7B
Certificate issuer:       /CN=e0012bcb9e6e747237724781a4c919fc5c941965
Certificate serial:       019B76EABAC1AEBDE57A9EC2D59AC055046C
Authority key identifier: E0:01:2B:CB:9E:6E:74:72:37:72:47:81:A4:C9:19:FC:5C:94:19:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/dhPvX_i1mFOzhmyQ6cgEC3zR_ns.roa
Signing time:             Thu 01 Jan 2026 00:17:33 +0000
ROA not before:           Thu 01 Jan 2026 00:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57645
IP address blocks:        91.234.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ba:c1:ae:bd:e5:7a:9e:c2:d5:9a:c0:55:04:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0012bcb9e6e747237724781a4c919fc5c941965
        Validity
            Not Before: Jan  1 00:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7613ef5ff8b59853b3866c90e9c8040b7cd1fe7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d4:0a:c6:6e:d8:c8:07:a7:f9:0f:3f:12:16:
                    b4:16:7e:91:01:7f:0c:9b:fc:74:21:d7:22:68:b0:
                    38:ef:8b:f2:3b:1b:ac:22:63:b9:45:d2:3a:e2:83:
                    49:e5:1b:bb:7b:88:d3:f3:bb:60:39:36:16:d6:98:
                    12:cc:9f:d8:e3:2f:97:0c:0e:c8:12:9c:18:7e:84:
                    94:cf:af:34:41:90:6f:e9:e0:d0:6b:d7:ab:03:00:
                    4a:82:ef:f4:d5:02:3a:b7:b8:3e:f2:43:fa:3f:f6:
                    59:e9:6f:f0:00:35:40:2d:9c:68:02:8a:2a:cf:07:
                    57:97:15:de:8c:4e:07:f2:c6:58:8b:f1:81:7c:33:
                    4d:66:82:8a:65:03:d8:d3:45:fc:67:dd:a0:fa:cf:
                    f9:cd:6f:5c:eb:27:5e:f8:3c:26:3c:d3:57:44:bc:
                    97:cc:23:11:6d:68:15:18:f2:c3:bb:bd:bc:cf:ac:
                    1f:8a:a1:2f:ee:1b:2a:a4:dd:d5:46:6a:2c:c4:28:
                    65:84:c0:c0:8c:35:45:1a:61:7e:59:63:3e:60:88:
                    6e:50:39:2e:9b:06:0e:54:65:08:0b:63:79:90:d4:
                    e6:ac:98:2b:0c:8b:0b:48:b0:5b:55:b8:5e:4a:d9:
                    ff:a4:91:5e:66:10:ae:7b:66:67:a4:a8:d6:de:1e:
                    ff:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:13:EF:5F:F8:B5:98:53:B3:86:6C:90:E9:C8:04:0B:7C:D1:FE:7B
            X509v3 Authority Key Identifier:
                keyid:E0:01:2B:CB:9E:6E:74:72:37:72:47:81:A4:C9:19:FC:5C:94:19:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/dhPvX_i1mFOzhmyQ6cgEC3zR_ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:96:cf:39:90:d1:93:43:30:61:a7:d9:f6:91:0c:db:79:14:
         de:dc:d1:66:c0:95:4d:e7:46:9f:26:4b:43:0d:e5:55:66:8d:
         ab:5d:3f:8e:78:d7:07:58:f2:03:93:eb:6e:7b:2a:ff:c5:f1:
         7f:6f:d2:9e:43:2e:a0:54:81:7d:79:8c:ae:ba:29:fe:e9:7a:
         15:70:90:2d:7f:87:40:09:72:0d:4f:8e:dd:c8:71:c2:00:30:
         7b:10:1f:52:64:81:08:6a:20:cb:28:da:e4:2b:17:21:46:a2:
         3e:8d:b0:2b:74:d4:02:ea:32:c9:a3:01:09:87:43:2d:e1:57:
         31:06:06:6d:b9:63:26:be:52:32:17:90:78:17:65:46:64:5a:
         e2:ac:6d:ac:d3:0e:81:d3:89:cc:9d:bc:47:de:c1:d6:ea:ac:
         d4:88:ed:33:41:7a:e8:1a:eb:95:cb:96:38:7d:25:16:63:0b:
         87:aa:9d:7d:28:d5:20:ab:81:03:17:91:70:aa:81:1e:39:31:
         99:36:cc:65:c8:d2:75:89:2c:c2:a8:c1:15:b7:46:cd:a6:1a:
         05:02:9a:b5:50:54:ec:18:20:27:64:ef:62:4c:62:21:c0:d0:
         82:b4:2c:0a:55:47:ba:f5:c5:69:5b:4b:7f:3d:bd:e5:77:78:
         88:74:f2:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26rrBrr3lep7C1ZrAVQRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMDEyYmNiOWU2ZTc0NzIzNzcyNDc4MWE0YzkxOWZjNWM5
NDE5NjUwHhcNMjYwMTAxMDAxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjEzZWY1ZmY4YjU5ODUzYjM4NjZjOTBlOWM4MDQwYjdjZDFmZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtQKxm7YyAen+Q8/Eha0Fn6RAX8M
m/x0IdciaLA474vyOxusImO5RdI64oNJ5Ru7e4jT87tgOTYW1pgSzJ/Y4y+XDA7I
EpwYfoSUz680QZBv6eDQa9erAwBKgu/01QI6t7g+8kP6P/ZZ6W/wADVALZxoAooq
zwdXlxXejE4H8sZYi/GBfDNNZoKKZQPY00X8Z92g+s/5zW9c6yde+DwmPNNXRLyX
zCMRbWgVGPLDu728z6wfiqEv7hsqpN3VRmosxChlhMDAjDVFGmF+WWM+YIhuUDku
mwYOVGUIC2N5kNTmrJgrDIsLSLBbVbheStn/pJFeZhCue2ZnpKjW3h7/CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYT71/4tZhTs4ZskOnIBAt80f57MB8GA1UdIwQY
MBaAFOABK8uebnRyN3JHgaTJGfxclBllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEFFcnk1NXVkSEkzY2tlQnBNa1pfRnlVR1dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8wMmNlNmYtMTQyOS00MGFkLWI3NTMt
MGRiODhlYzczNDJjLzEvZGhQdlhfaTFtRk96aG15UTZjZ0VDM3pSX25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8wMmNlNmYtMTQyOS00MGFkLWI3NTMtMGRiODhlYzczNDJj
LzEvNEFFcnk1NXVkSEkzY2tlQnBNa1pfRnlVR1dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oQMA0G
CSqGSIb3DQEBCwUAA4IBAQADls85kNGTQzBhp9n2kQzbeRTe3NFmwJVN50afJktD
DeVVZo2rXT+OeNcHWPIDk+tueyr/xfF/b9KeQy6gVIF9eYyuuin+6XoVcJAtf4dA
CXINT47dyHHCADB7EB9SZIEIaiDLKNrkKxchRqI+jbArdNQC6jLJowEJh0Mt4Vcx
BgZtuWMmvlIyF5B4F2VGZFrirG2s0w6B04nMnbxH3sHW6qzUiO0zQXroGuuVy5Y4
fSUWYwuHqp19KNUgq4EDF5FwqoEeOTGZNsxlyNJ1iSzCqMEVt0bNphoFApq1UFTs
GCAnZO9iTGIhwNCCtCwKVUe69cVpW0t/Pb3ld3iIdPJR
-----END CERTIFICATE-----