This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/nbiO0Qsuka11ZNMxAFy9dEINXys.roa
File:                     nbiO0Qsuka11ZNMxAFy9dEINXys.roa (raw, json)
Hash identifier:          NaboMvIQcJu7trkWGRw22aXFbkdnEJpMvSjIpYA2/ik=
Subject key identifier:   9D:B8:8E:D1:0B:2E:91:AD:75:64:D3:31:00:5C:BD:74:42:0D:5F:2B
Certificate issuer:       /CN=5c92b9a92c7eb913c3da558002c673e8238db1c7
Certificate serial:       019B78A2A24E3D4C24350E7BC9425019EE6C
Authority key identifier: 5C:92:B9:A9:2C:7E:B9:13:C3:DA:55:80:02:C6:73:E8:23:8D:B1:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/nbiO0Qsuka11ZNMxAFy9dEINXys.roa
Signing time:             Thu 01 Jan 2026 08:18:02 +0000
ROA not before:           Thu 01 Jan 2026 08:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        194.35.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:a2:4e:3d:4c:24:35:0e:7b:c9:42:50:19:ee:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c92b9a92c7eb913c3da558002c673e8238db1c7
        Validity
            Not Before: Jan  1 08:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9db88ed10b2e91ad7564d331005cbd74420d5f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b8:26:79:b1:e3:a7:e8:a3:b1:0b:42:e3:a6:
                    e9:7a:a2:ff:09:cd:e3:18:86:12:bc:f4:61:61:f8:
                    b1:ec:7c:24:51:37:f4:35:dd:2d:d6:c1:bc:02:ba:
                    d6:41:0d:b8:17:14:d0:3d:56:33:f1:64:dd:7a:21:
                    4e:e2:2a:e7:dc:2b:75:f9:8c:bc:45:92:2d:60:37:
                    23:8f:57:d4:f5:a3:17:44:15:74:48:3a:60:48:b6:
                    aa:66:5e:82:15:49:2b:94:cd:c1:d7:92:0e:3c:4c:
                    11:3b:a8:14:9d:97:fe:f0:bc:1c:c3:f9:c2:0f:de:
                    1b:64:38:5b:79:a4:d1:cd:d1:6a:0d:24:d5:aa:d2:
                    83:3c:72:6a:7b:0b:f8:ce:8a:ba:c4:1d:12:82:15:
                    57:cb:82:9a:2b:a0:2b:27:1c:39:27:b7:1e:d6:61:
                    e7:7c:99:1f:d8:33:6c:e4:13:96:a8:9b:d6:f1:6b:
                    b6:cc:bc:fe:05:2f:4a:9e:ef:21:04:99:ae:47:8c:
                    2d:23:95:18:ed:91:70:28:84:99:d0:ef:e7:ab:c1:
                    b0:1b:7f:60:60:0a:53:13:b5:25:7d:f1:04:93:d8:
                    50:15:76:fe:27:45:f9:5a:5e:42:6c:f7:f3:8b:79:
                    e6:92:de:7d:c4:9d:64:ea:cb:b9:05:4c:fe:d0:4c:
                    98:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B8:8E:D1:0B:2E:91:AD:75:64:D3:31:00:5C:BD:74:42:0D:5F:2B
            X509v3 Authority Key Identifier:
                keyid:5C:92:B9:A9:2C:7E:B9:13:C3:DA:55:80:02:C6:73:E8:23:8D:B1:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/nbiO0Qsuka11ZNMxAFy9dEINXys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:35:55:4d:97:b8:b2:1c:9d:81:1b:20:2d:1c:4d:59:32:
         86:24:08:31:a2:1a:ac:0d:18:ac:b8:6b:51:52:2b:17:91:a3:
         b4:16:2e:bb:96:df:67:5f:a2:e9:f3:82:b9:a0:9a:38:94:b1:
         e3:ac:e4:f6:a0:7e:fe:72:aa:24:2c:80:60:17:e2:1d:03:5a:
         67:3d:11:09:03:60:d6:db:61:38:cd:a3:58:6b:3b:a5:2c:4e:
         99:41:d2:ef:6b:77:dd:d7:f7:a4:cd:cd:7e:5b:f3:99:77:f9:
         99:de:1c:ba:4a:5b:22:15:4f:6e:e6:5f:d0:43:2a:d7:87:80:
         8e:f7:41:36:02:74:88:ea:0e:54:5b:31:2f:d5:59:a2:a3:cd:
         3a:6d:8c:c6:7f:33:9b:1a:f9:18:6a:ad:a0:de:1b:7f:39:3f:
         b9:51:eb:3a:44:d3:86:1d:a6:fb:57:27:e3:4f:99:d5:a1:8f:
         72:06:c7:09:d1:6e:37:3c:80:03:b7:46:11:56:3e:d6:a5:ba:
         e4:08:f0:e9:6b:07:b4:66:94:8b:71:e5:4f:74:b2:a9:1a:e4:
         f2:81:94:9b:da:0a:fd:fe:bd:35:c1:22:76:e4:15:f5:27:2c:
         f6:09:90:1f:3b:2c:cf:9d:d2:e1:5d:c9:9c:58:45:9f:3a:cd:
         15:72:bb:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oqJOPUwkNQ57yUJQGe5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjOTJiOWE5MmM3ZWI5MTNjM2RhNTU4MDAyYzY3M2U4MjM4
ZGIxYzcwHhcNMjYwMTAxMDgxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI4OGVkMTBiMmU5MWFkNzU2NGQzMzEwMDVjYmQ3NDQyMGQ1ZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbgmebHjp+ijsQtC46bpeqL/Cc3j
GIYSvPRhYfix7HwkUTf0Nd0t1sG8ArrWQQ24FxTQPVYz8WTdeiFO4irn3Ct1+Yy8
RZItYDcjj1fU9aMXRBV0SDpgSLaqZl6CFUkrlM3B15IOPEwRO6gUnZf+8Lwcw/nC
D94bZDhbeaTRzdFqDSTVqtKDPHJqewv4zoq6xB0SghVXy4KaK6ArJxw5J7ce1mHn
fJkf2DNs5BOWqJvW8Wu2zLz+BS9Knu8hBJmuR4wtI5UY7ZFwKISZ0O/nq8GwG39g
YApTE7UlffEEk9hQFXb+J0X5Wl5CbPfzi3nmkt59xJ1k6su5BUz+0EyYzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ24jtELLpGtdWTTMQBcvXRCDV8rMB8GA1UdIwQY
MBaAFFySuaksfrkTw9pVgALGc+gjjbHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEpLNXFTeC11UlBEMmxXQUFzWno2Q09Oc2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85Njk0NjMtN2Y2YS00NTAzLWFiYzQt
ZDZiNTZhYmEzZWI3LzEvbmJpTzBRc3VrYTExWk5NeEFGeTlkRUlOWHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85Njk0NjMtN2Y2YS00NTAzLWFiYzQtZDZiNTZhYmEzZWI3
LzEvWEpLNXFTeC11UlBEMmxXQUFzWno2Q09Oc2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiPwMA0G
CSqGSIb3DQEBCwUAA4IBAQAdDjVVTZe4shydgRsgLRxNWTKGJAgxohqsDRisuGtR
UisXkaO0Fi67lt9nX6Lp84K5oJo4lLHjrOT2oH7+cqokLIBgF+IdA1pnPREJA2DW
22E4zaNYazulLE6ZQdLva3fd1/ekzc1+W/OZd/mZ3hy6SlsiFU9u5l/QQyrXh4CO
90E2AnSI6g5UWzEv1Vmio806bYzGfzObGvkYaq2g3ht/OT+5Ues6RNOGHab7Vyfj
T5nVoY9yBscJ0W43PIADt0YRVj7WpbrkCPDpawe0ZpSLceVPdLKpGuTygZSb2gr9
/r01wSJ25BX1Jyz2CZAfOyzPndLhXcmcWEWfOs0VcrvK
-----END CERTIFICATE-----