This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dbNHTd-1z8qgFUsw14HxSaBJdjY.roa
File:                     dbNHTd-1z8qgFUsw14HxSaBJdjY.roa (raw, json)
Hash identifier:          u/8d5zfiDeQsTVL+VutwftOnhD4pJpGB5hjJcsmietI=
Subject key identifier:   75:B3:47:4D:DF:B5:CF:CA:A0:15:4B:30:D7:81:F1:49:A0:49:76:36
Certificate issuer:       /CN=7629b4f1a090ac07be1762dec338e6a0fe35d97e
Certificate serial:       019B797ECB96B12509D5C6F7A6C03D418C41
Authority key identifier: 76:29:B4:F1:A0:90:AC:07:BE:17:62:DE:C3:38:E6:A0:FE:35:D9:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dim08aCQrAe-F2LewzjmoP412X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dbNHTd-1z8qgFUsw14HxSaBJdjY.roa
Signing time:             Thu 01 Jan 2026 12:18:31 +0000
ROA not before:           Thu 01 Jan 2026 12:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34412
IP address blocks:        193.37.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dim08aCQrAe-F2LewzjmoP412X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dim08aCQrAe-F2LewzjmoP412X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dim08aCQrAe-F2LewzjmoP412X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:cb:96:b1:25:09:d5:c6:f7:a6:c0:3d:41:8c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7629b4f1a090ac07be1762dec338e6a0fe35d97e
        Validity
            Not Before: Jan  1 12:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75b3474ddfb5cfcaa0154b30d781f149a0497636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:11:b9:93:b8:c3:14:b6:9f:2a:e0:c2:56:77:
                    f7:d1:44:47:57:08:81:63:3e:66:a8:32:13:ef:03:
                    d8:e0:5c:18:90:41:de:40:db:39:60:fb:fb:18:c4:
                    c0:0e:8c:7e:78:b8:3b:03:2b:3b:70:a8:4b:60:84:
                    a4:b5:30:d1:da:60:5d:d0:ae:ed:37:49:3c:d2:33:
                    2b:43:64:15:15:ae:52:3a:63:c4:bc:2f:3c:34:f0:
                    68:b9:0f:07:d2:40:90:c9:74:d6:37:c2:be:97:49:
                    2d:f4:aa:c5:90:0e:01:dd:f7:db:db:c5:af:e8:e1:
                    3a:ac:95:17:2a:5c:39:76:e6:02:df:7d:2a:29:38:
                    e8:19:56:1c:fb:50:15:43:ef:46:02:ed:44:92:87:
                    ef:d3:c2:8b:00:90:d4:b7:78:64:88:6a:5e:a4:0b:
                    11:22:e3:15:21:22:d3:18:3f:86:4f:02:42:2a:0a:
                    15:88:70:02:9c:fa:43:63:64:a7:0e:9e:f5:0c:9b:
                    8c:53:76:b4:72:a9:5e:0f:1f:8a:07:d7:94:73:c3:
                    d5:d4:69:cf:90:bb:3b:fd:8d:98:4b:b7:f3:d6:5e:
                    87:8e:90:b7:34:48:4e:bc:d2:1f:a8:06:f0:bd:81:
                    58:27:67:97:4d:13:b5:1c:7b:37:4d:e0:89:5c:19:
                    03:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B3:47:4D:DF:B5:CF:CA:A0:15:4B:30:D7:81:F1:49:A0:49:76:36
            X509v3 Authority Key Identifier:
                keyid:76:29:B4:F1:A0:90:AC:07:BE:17:62:DE:C3:38:E6:A0:FE:35:D9:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dim08aCQrAe-F2LewzjmoP412X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dbNHTd-1z8qgFUsw14HxSaBJdjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dim08aCQrAe-F2LewzjmoP412X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:49:4b:15:f9:42:e5:f2:4c:93:59:75:05:b2:49:d8:a0:84:
         d5:b9:f0:5a:1b:8e:bc:91:ee:45:cb:8c:4f:dc:1d:2a:5d:b9:
         63:bf:a4:d3:4d:cb:98:8d:ca:21:7c:fd:6d:a6:5f:1b:f5:24:
         91:42:eb:3f:f4:bb:9e:a5:39:4b:d5:0b:08:70:d8:db:8c:13:
         45:07:d9:33:85:36:83:16:73:ab:d2:98:83:93:50:26:b1:2a:
         4f:d4:2f:e5:13:a1:e1:fb:32:47:2a:43:ae:fb:27:69:b6:1d:
         f8:ce:d1:a8:11:44:f2:7c:de:e6:db:33:b6:85:37:5f:29:43:
         a1:9f:8b:5f:e7:69:3b:07:80:d5:cc:bb:8c:27:85:be:91:36:
         3c:0b:52:ad:dd:9e:b9:02:95:09:b8:de:a6:a9:3c:da:1a:69:
         39:24:f9:19:92:4d:9f:e8:90:04:72:d0:79:e5:81:29:49:10:
         42:b4:37:b0:04:7d:3b:50:9f:a1:f5:4d:fc:39:18:d3:0e:6e:
         f1:e5:bb:f1:d0:59:04:fc:b7:c4:8a:dc:47:2d:e4:5c:4a:39:
         bb:34:b9:94:b4:bc:b8:64:43:77:e3:59:d3:ab:41:d4:63:a1:
         0c:ff:21:9a:c0:00:00:13:99:57:ca:36:71:af:97:74:9f:96:
         cc:f2:eb:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fsuWsSUJ1cb3psA9QYxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MjliNGYxYTA5MGFjMDdiZTE3NjJkZWMzMzhlNmEwZmUz
NWQ5N2UwHhcNMjYwMTAxMTIxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWIzNDc0ZGRmYjVjZmNhYTAxNTRiMzBkNzgxZjE0OWEwNDk3NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRG5k7jDFLafKuDCVnf30URHVwiB
Yz5mqDIT7wPY4FwYkEHeQNs5YPv7GMTADox+eLg7Ays7cKhLYISktTDR2mBd0K7t
N0k80jMrQ2QVFa5SOmPEvC88NPBouQ8H0kCQyXTWN8K+l0kt9KrFkA4B3ffb28Wv
6OE6rJUXKlw5duYC330qKTjoGVYc+1AVQ+9GAu1Ekofv08KLAJDUt3hkiGpepAsR
IuMVISLTGD+GTwJCKgoViHACnPpDY2SnDp71DJuMU3a0cqleDx+KB9eUc8PV1GnP
kLs7/Y2YS7fz1l6HjpC3NEhOvNIfqAbwvYFYJ2eXTRO1HHs3TeCJXBkDIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWzR03ftc/KoBVLMNeB8UmgSXY2MB8GA1UdIwQY
MBaAFHYptPGgkKwHvhdi3sM45qD+Ndl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGltMDhhQ1FyQWUtRjJMZXd6am1vUDQxMlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9hMWVmNjMtMTZhNy00YTk0LWIxMTQt
NWYxNzViNWFlMDM4LzEvZGJOSFRkLTF6OHFnRlVzdzE0SHhTYUJKZGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9hMWVmNjMtMTZhNy00YTk0LWIxMTQtNWYxNzViNWFlMDM4
LzEvZGltMDhhQ1FyQWUtRjJMZXd6am1vUDQxMlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUlMA0G
CSqGSIb3DQEBCwUAA4IBAQCXSUsV+ULl8kyTWXUFsknYoITVufBaG468ke5Fy4xP
3B0qXbljv6TTTcuYjcohfP1tpl8b9SSRQus/9LuepTlL1QsIcNjbjBNFB9kzhTaD
FnOr0piDk1AmsSpP1C/lE6Hh+zJHKkOu+ydpth34ztGoEUTyfN7m2zO2hTdfKUOh
n4tf52k7B4DVzLuMJ4W+kTY8C1Kt3Z65ApUJuN6mqTzaGmk5JPkZkk2f6JAEctB5
5YEpSRBCtDewBH07UJ+h9U38ORjTDm7x5bvx0FkE/LfEitxHLeRcSjm7NLmUtLy4
ZEN341nTq0HUY6EM/yGawAAAE5lXyjZxr5d0n5bM8utY
-----END CERTIFICATE-----