This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/NG0J62IT4TEYyBuMqKM6OpYG_0Q.roa
File:                     NG0J62IT4TEYyBuMqKM6OpYG_0Q.roa (raw, json)
Hash identifier:          0M3OIOezZ3BNzW0tJgVErTfGfdQ/cL0eGWBKnFHK6bA=
Subject key identifier:   34:6D:09:EB:62:13:E1:31:18:C8:1B:8C:A8:A3:3A:3A:96:06:FF:44
Certificate issuer:       /CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Certificate serial:       019B7DC9E0301AE65B9323A1260081518BE4
Authority key identifier: 47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/NG0J62IT4TEYyBuMqKM6OpYG_0Q.roa
Signing time:             Fri 02 Jan 2026 08:19:00 +0000
ROA not before:           Fri 02 Jan 2026 08:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4913
IP address blocks:        84.22.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 08:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:e0:30:1a:e6:5b:93:23:a1:26:00:81:51:8b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
        Validity
            Not Before: Jan  2 08:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=346d09eb6213e13118c81b8ca8a33a3a9606ff44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:58:8b:c9:20:56:0d:10:66:c5:97:9e:d7:30:
                    e6:e2:46:86:f6:d8:10:47:3d:60:40:01:c9:18:e9:
                    ff:26:03:78:2d:31:d3:64:ec:5e:a2:0a:85:af:6d:
                    17:3d:bc:86:30:db:f6:97:d0:55:58:f8:a9:e0:ec:
                    61:64:f2:ca:71:96:d1:f6:0c:31:38:30:40:20:aa:
                    e4:25:83:27:49:9e:38:ef:8f:60:4f:80:4d:10:9f:
                    b5:e9:41:9f:84:ec:de:2f:40:92:74:da:0b:0d:93:
                    89:db:49:19:ec:72:f8:f8:63:60:7a:75:b0:07:b6:
                    ef:e7:d2:4d:28:74:13:c9:d7:e5:1c:57:d7:f3:3d:
                    ac:db:31:4c:77:38:5f:7f:65:d7:2e:af:55:51:06:
                    d0:a0:2b:e9:03:fc:80:d4:fd:8a:3d:c7:29:a0:0b:
                    8a:b9:e3:f8:fa:db:12:dc:8d:21:1c:b7:16:de:98:
                    df:a6:a9:0d:cf:9b:4d:63:02:b7:ad:07:27:ea:f2:
                    e3:84:6b:a1:bb:5a:85:39:cf:8b:83:1f:8c:01:20:
                    f1:b7:12:a7:e4:d6:2a:e2:8f:e1:ad:34:dc:a6:90:
                    c0:fe:42:08:9d:01:ef:44:29:ff:23:bd:7f:b6:05:
                    9d:60:6e:ad:66:46:b4:40:03:cc:92:ec:4d:0e:a8:
                    c6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:6D:09:EB:62:13:E1:31:18:C8:1B:8C:A8:A3:3A:3A:96:06:FF:44
            X509v3 Authority Key Identifier:
                keyid:47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/NG0J62IT4TEYyBuMqKM6OpYG_0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.22.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b2:8d:cf:8a:fa:73:a1:f4:d0:c8:b9:a8:83:26:04:b4:92:
         75:4c:1b:e4:64:25:01:f0:7e:f7:94:15:f8:3d:85:03:df:39:
         8b:47:1e:97:b2:f0:2c:b1:9e:7b:3d:61:72:1b:6f:99:e9:de:
         10:f9:67:06:10:9d:c2:28:a6:de:5f:2d:1d:fe:e5:71:c6:cb:
         27:fd:54:ef:07:df:0a:b8:fa:e1:59:6d:5a:0d:f9:be:e4:f6:
         78:f3:e4:34:f7:0e:2a:0f:5c:da:d7:cd:ca:2d:16:0e:8a:3c:
         22:5e:31:9b:74:9d:a7:fe:99:52:36:c7:4e:01:02:08:b0:db:
         0f:a5:07:98:76:8a:72:f8:49:1b:c0:75:a8:4c:4f:da:7a:32:
         49:b0:70:d7:be:c3:2a:ca:89:81:0c:06:1a:8c:7d:78:87:7d:
         62:55:3d:08:f3:28:87:df:40:14:4e:b6:b6:72:4e:a1:cc:47:
         13:75:cc:26:06:49:8e:fb:46:a1:74:9a:f2:2c:79:95:69:1b:
         b3:8b:69:af:b0:8e:35:55:c1:c2:de:97:41:55:57:90:b4:75:
         d7:45:14:31:ae:b6:d2:07:a7:56:83:f8:a9:53:aa:a9:e9:2d:
         f9:a1:f9:3c:c7:6b:15:09:ef:eb:22:eb:76:b6:52:46:bb:47:
         58:40:a7:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yeAwGuZbkyOhJgCBUYvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTk0Y2NiN2I2MDFkYTBjYTA5NDY5ZjYwZjY1MzY0MGZl
ZDhjMWMwHhcNMjYwMTAyMDgxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDZkMDllYjYyMTNlMTMxMThjODFiOGNhOGEzM2EzYTk2MDZmZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4liLySBWDRBmxZee1zDm4kaG9tgQ
Rz1gQAHJGOn/JgN4LTHTZOxeogqFr20XPbyGMNv2l9BVWPip4OxhZPLKcZbR9gwx
ODBAIKrkJYMnSZ44749gT4BNEJ+16UGfhOzeL0CSdNoLDZOJ20kZ7HL4+GNgenWw
B7bv59JNKHQTydflHFfX8z2s2zFMdzhff2XXLq9VUQbQoCvpA/yA1P2KPccpoAuK
ueP4+tsS3I0hHLcW3pjfpqkNz5tNYwK3rQcn6vLjhGuhu1qFOc+Lgx+MASDxtxKn
5NYq4o/hrTTcppDA/kIInQHvRCn/I71/tgWdYG6tZka0QAPMkuxNDqjGawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRtCetiE+ExGMgbjKijOjqWBv9EMB8GA1UdIwQY
MBaAFEfpTMt7YB2gyglGn2D2U2QP7YwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQt
YmQ5MGEzZjA2ZTE2LzEvTkcwSjYySVQ0VEVZeUJ1TXFLTTZPcFlHXzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQtYmQ5MGEzZjA2ZTE2
LzEvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBZMMA0G
CSqGSIb3DQEBCwUAA4IBAQApso3PivpzofTQyLmogyYEtJJ1TBvkZCUB8H73lBX4
PYUD3zmLRx6XsvAssZ57PWFyG2+Z6d4Q+WcGEJ3CKKbeXy0d/uVxxssn/VTvB98K
uPrhWW1aDfm+5PZ48+Q09w4qD1za183KLRYOijwiXjGbdJ2n/plSNsdOAQIIsNsP
pQeYdopy+EkbwHWoTE/aejJJsHDXvsMqyomBDAYajH14h31iVT0I8yiH30AUTra2
ck6hzEcTdcwmBkmO+0ahdJryLHmVaRuzi2mvsI41VcHC3pdBVVeQtHXXRRQxrrbS
B6dWg/ipU6qp6S35ofk8x2sVCe/rIut2tlJGu0dYQKfK
-----END CERTIFICATE-----