This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/nkcD404rwM-bjy3W1eqAGIf4-jM.roa
File:                     nkcD404rwM-bjy3W1eqAGIf4-jM.roa (raw, json)
Hash identifier:          c+Jt4XtXipvJeR1ev/pkQCOQCvUzFmWnznkD8NrTMoI=
Subject key identifier:   9E:47:03:E3:4E:2B:C0:CF:9B:8F:2D:D6:D5:EA:80:18:87:F8:FA:33
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019B7F835DE0B544ED91DC388674DE427DB4
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/nkcD404rwM-bjy3W1eqAGIf4-jM.roa
Signing time:             Fri 02 Jan 2026 16:21:14 +0000
ROA not before:           Fri 02 Jan 2026 16:21:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        37.1.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:5d:e0:b5:44:ed:91:dc:38:86:74:de:42:7d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 16:21:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e4703e34e2bc0cf9b8f2dd6d5ea801887f8fa33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:db:04:ad:ed:de:b9:1d:70:a6:56:f0:db:6f:
                    90:32:db:a8:2b:0c:7b:ec:b9:a4:57:c9:f4:cb:12:
                    80:c8:d9:e3:28:6b:99:c1:82:5e:5a:57:ce:de:1e:
                    d4:d4:0d:58:59:e0:8c:aa:44:df:9a:38:b5:33:e9:
                    32:df:05:4e:bb:69:44:5b:6f:06:76:7d:27:00:30:
                    51:c0:8e:86:d5:8f:64:4c:b2:a9:a8:0e:c1:d0:4d:
                    04:b3:72:7a:b0:e1:18:07:80:b6:27:3d:8d:a4:8f:
                    04:97:89:1b:03:2e:b5:5d:ff:17:31:e9:fb:2e:1b:
                    93:81:18:ee:9a:58:65:f1:b0:2e:d5:a6:23:01:51:
                    8b:49:8a:5e:c1:38:e4:ea:bc:68:5f:4d:b1:db:25:
                    b3:31:78:f6:94:85:96:5d:bc:8f:e9:68:1c:49:be:
                    ed:37:d7:77:3b:89:ab:28:cd:f4:59:52:e5:31:55:
                    1e:05:5d:81:da:d0:82:f3:56:a8:b3:3f:97:b4:81:
                    43:5f:07:83:ba:aa:64:34:45:0c:12:67:3e:0c:7e:
                    71:3d:07:a4:52:d0:75:3c:ba:0e:a1:40:29:2d:a9:
                    88:a5:7a:72:87:9b:88:c4:5f:92:88:53:f3:ce:d5:
                    e0:0a:3f:6a:c4:25:c2:8a:4b:15:3b:78:22:a6:91:
                    c4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:47:03:E3:4E:2B:C0:CF:9B:8F:2D:D6:D5:EA:80:18:87:F8:FA:33
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/nkcD404rwM-bjy3W1eqAGIf4-jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:0d:f6:12:79:8e:94:34:5b:cb:df:90:ad:a6:ee:ed:9f:ba:
         9a:21:39:c6:42:4e:2d:cd:5a:72:11:87:55:e6:20:14:9a:e2:
         62:23:24:63:8a:b5:cf:8c:0f:39:42:74:76:03:f9:97:ff:e8:
         69:1c:e2:81:6d:42:d8:3c:14:9e:61:b7:fd:71:5d:bf:27:f0:
         62:a7:63:3b:17:8c:35:a4:50:9d:a5:31:d5:84:08:47:d3:ed:
         c7:9b:01:57:a0:d7:6d:ed:f6:6e:eb:19:10:81:62:c0:1b:6b:
         1b:60:b5:77:70:15:4b:51:67:94:39:42:77:af:7d:b0:15:66:
         3e:5f:3e:18:b8:91:64:9c:99:fa:b5:f3:a1:a5:15:b2:85:d1:
         a0:a6:ba:b8:7c:37:ee:9d:cc:1f:b1:c4:26:5a:3d:21:c1:ed:
         f4:20:db:e9:dd:2e:b0:1e:9d:bd:86:d2:2b:19:f4:39:9d:60:
         a7:11:35:ab:16:ff:1d:06:d3:f1:87:49:6b:80:93:2a:a1:8e:
         3a:c2:40:ec:18:ce:0c:f9:2b:57:8f:d5:56:e3:01:fa:09:10:
         1b:f1:54:b0:55:cd:1b:18:3e:73:97:e2:a3:0f:6d:50:8d:65:
         4a:df:c9:67:5f:0c:0d:df:8b:17:2e:5a:85:e7:5c:20:f3:f6:
         fd:b8:91:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g13gtUTtkdw4hnTeQn20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjYwMTAyMTYyMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ3MDNlMzRlMmJjMGNmOWI4ZjJkZDZkNWVhODAxODg3ZjhmYTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdsEre3euR1wplbw22+QMtuoKwx7
7LmkV8n0yxKAyNnjKGuZwYJeWlfO3h7U1A1YWeCMqkTfmji1M+ky3wVOu2lEW28G
dn0nADBRwI6G1Y9kTLKpqA7B0E0Es3J6sOEYB4C2Jz2NpI8El4kbAy61Xf8XMen7
LhuTgRjumlhl8bAu1aYjAVGLSYpewTjk6rxoX02x2yWzMXj2lIWWXbyP6WgcSb7t
N9d3O4mrKM30WVLlMVUeBV2B2tCC81aosz+XtIFDXweDuqpkNEUMEmc+DH5xPQek
UtB1PLoOoUApLamIpXpyh5uIxF+SiFPzztXgCj9qxCXCiksVO3gippHECQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5HA+NOK8DPm48t1tXqgBiH+PozMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvbmtjRDQwNHJ3TS1iankzVzFlcUFHSWY0LWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJQGTMA0G
CSqGSIb3DQEBCwUAA4IBAQCsDfYSeY6UNFvL35Ctpu7tn7qaITnGQk4tzVpyEYdV
5iAUmuJiIyRjirXPjA85QnR2A/mX/+hpHOKBbULYPBSeYbf9cV2/J/Bip2M7F4w1
pFCdpTHVhAhH0+3HmwFXoNdt7fZu6xkQgWLAG2sbYLV3cBVLUWeUOUJ3r32wFWY+
Xz4YuJFknJn6tfOhpRWyhdGgprq4fDfuncwfscQmWj0hwe30INvp3S6wHp29htIr
GfQ5nWCnETWrFv8dBtPxh0lrgJMqoY46wkDsGM4M+StXj9VW4wH6CRAb8VSwVc0b
GD5zl+KjD21QjWVK38lnXwwN34sXLlqF51wg8/b9uJHo
-----END CERTIFICATE-----