This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/NUvHrFA2BWaljLnMJQIXISBCOCw.roa
File:                     NUvHrFA2BWaljLnMJQIXISBCOCw.roa (raw, json)
Hash identifier:          A18alchxY/YsI5uTxh8zdJwNGymtxbxWl+jED+FQCqs=
Subject key identifier:   35:4B:C7:AC:50:36:05:66:A5:8C:B9:CC:25:02:17:21:20:42:38:2C
Certificate issuer:       /CN=03f8388372dc332c7cc6f7766ad78d58a23b2544
Certificate serial:       019B7F80ACA3AB971C779351DC8A3ED4F7EA
Authority key identifier: 03:F8:38:83:72:DC:33:2C:7C:C6:F7:76:6A:D7:8D:58:A2:3B:25:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_g4g3LcMyx8xvd2ateNWKI7JUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/NUvHrFA2BWaljLnMJQIXISBCOCw.roa
Signing time:             Fri 02 Jan 2026 16:18:17 +0000
ROA not before:           Fri 02 Jan 2026 16:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209947
IP address blocks:        212.119.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/A_g4g3LcMyx8xvd2ateNWKI7JUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/A_g4g3LcMyx8xvd2ateNWKI7JUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_g4g3LcMyx8xvd2ateNWKI7JUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 Jan 2026 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:ac:a3:ab:97:1c:77:93:51:dc:8a:3e:d4:f7:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f8388372dc332c7cc6f7766ad78d58a23b2544
        Validity
            Not Before: Jan  2 16:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=354bc7ac50360566a58cb9cc250217212042382c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:17:38:41:5d:81:60:51:b0:f3:2a:88:01:
                    76:e8:f9:41:08:49:4c:1c:0a:15:ab:3c:f4:fb:89:
                    fa:aa:e1:67:cd:34:e3:c5:57:44:da:8b:87:62:8e:
                    a4:bd:cf:eb:2d:21:29:a7:b6:b1:b4:80:ca:ce:7f:
                    68:49:a2:21:92:c8:af:e8:ae:9d:aa:7a:b5:c3:37:
                    8f:96:ae:56:1e:b9:57:88:68:21:d5:91:c0:fa:75:
                    9e:de:e0:e0:67:20:d9:01:d4:00:25:59:16:1f:c6:
                    0d:da:f9:89:5f:35:77:da:36:8f:06:de:03:fd:81:
                    d8:73:08:f3:fa:0c:5b:4e:14:31:51:df:e5:d0:26:
                    63:df:d7:29:7f:2f:ba:ee:34:79:67:81:6d:f6:4a:
                    5e:e3:81:ea:3b:d6:8f:83:ab:ec:0c:32:13:60:df:
                    c1:5c:cd:90:03:46:7d:cd:70:16:86:70:d5:d0:e5:
                    67:9d:0b:64:cd:6e:d5:e4:ff:1e:9e:fe:05:54:39:
                    02:f9:25:d7:1b:c4:b5:00:5b:1d:85:38:99:b4:06:
                    d1:be:eb:b1:75:2b:aa:3d:8f:75:30:53:64:41:3c:
                    8b:ea:12:01:90:ac:26:73:4f:db:84:be:ab:75:05:
                    c9:76:b1:91:a4:19:99:35:60:dc:e1:fa:e8:29:21:
                    d3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4B:C7:AC:50:36:05:66:A5:8C:B9:CC:25:02:17:21:20:42:38:2C
            X509v3 Authority Key Identifier:
                keyid:03:F8:38:83:72:DC:33:2C:7C:C6:F7:76:6A:D7:8D:58:A2:3B:25:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_g4g3LcMyx8xvd2ateNWKI7JUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/NUvHrFA2BWaljLnMJQIXISBCOCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9e1165-c610-4988-a49d-9455858e9c06/1/A_g4g3LcMyx8xvd2ateNWKI7JUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.119.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:e0:6a:e7:13:51:dd:4a:25:e8:41:a4:a0:6d:0f:11:ff:22:
         e4:bb:5f:10:33:a6:66:97:3a:92:5d:b8:db:79:d3:f8:5d:39:
         dd:77:19:10:d1:ea:17:07:c5:34:54:e1:98:da:1a:81:d4:1f:
         24:7f:78:69:73:6d:c0:41:49:b0:03:10:27:fe:a8:ad:f1:89:
         c6:c4:28:a2:0f:c7:f2:03:77:d5:2a:d1:d8:d3:6d:86:b3:60:
         37:75:db:66:d3:a8:ee:60:b8:cc:35:e4:36:27:56:e3:f9:30:
         39:18:56:3d:72:c7:80:38:55:69:26:e9:d0:5b:8c:f2:f2:29:
         95:6e:c2:f9:de:c8:5b:5d:f6:c4:92:f7:21:b7:ed:16:de:c9:
         32:3e:00:91:c6:f9:02:f9:6e:e1:98:31:8b:ce:e2:ea:e1:3d:
         2c:57:8d:de:03:8c:9b:7f:1a:08:6c:3a:f0:41:ab:35:28:98:
         ee:12:df:9e:12:74:ae:f5:95:1b:3e:70:82:9e:c7:73:c6:43:
         5b:71:e3:b9:78:82:88:6d:3e:a8:1e:55:2c:5c:63:a8:5f:c8:
         92:7f:61:42:17:4c:18:04:0c:11:8d:d9:ef:3c:ab:e3:88:79:
         60:52:9c:59:6a:34:2b:b4:bd:40:82:6c:b4:79:81:7d:7e:34:
         a0:b5:01:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gKyjq5ccd5NR3Io+1PfqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjgzODgzNzJkYzMzMmM3Y2M2Zjc3NjZhZDc4ZDU4YTIz
YjI1NDQwHhcNMjYwMTAyMTYxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRiYzdhYzUwMzYwNTY2YTU4Y2I5Y2MyNTAyMTcyMTIwNDIzODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPkXOEFdgWBRsPMqiAF26PlBCElM
HAoVqzz0+4n6quFnzTTjxVdE2ouHYo6kvc/rLSEpp7axtIDKzn9oSaIhksiv6K6d
qnq1wzePlq5WHrlXiGgh1ZHA+nWe3uDgZyDZAdQAJVkWH8YN2vmJXzV32jaPBt4D
/YHYcwjz+gxbThQxUd/l0CZj39cpfy+67jR5Z4Ft9kpe44HqO9aPg6vsDDITYN/B
XM2QA0Z9zXAWhnDV0OVnnQtkzW7V5P8env4FVDkC+SXXG8S1AFsdhTiZtAbRvuux
dSuqPY91MFNkQTyL6hIBkKwmc0/bhL6rdQXJdrGRpBmZNWDc4froKSHTLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVLx6xQNgVmpYy5zCUCFyEgQjgsMB8GA1UdIwQY
MBaAFAP4OINy3DMsfMb3dmrXjViiOyVEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9nNGczTGNNeXg4eHZkMmF0ZU5XS0k3SlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85ZTExNjUtYzYxMC00OTg4LWE0OWQt
OTQ1NTg1OGU5YzA2LzEvTlV2SHJGQTJCV2FsakxuTUpRSVhJU0JDT0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85ZTExNjUtYzYxMC00OTg4LWE0OWQtOTQ1NTg1OGU5YzA2
LzEvQV9nNGczTGNNeXg4eHZkMmF0ZU5XS0k3SlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HckMA0G
CSqGSIb3DQEBCwUAA4IBAQAi4GrnE1HdSiXoQaSgbQ8R/yLku18QM6ZmlzqSXbjb
edP4XTnddxkQ0eoXB8U0VOGY2hqB1B8kf3hpc23AQUmwAxAn/qit8YnGxCiiD8fy
A3fVKtHY022Gs2A3ddtm06juYLjMNeQ2J1bj+TA5GFY9cseAOFVpJunQW4zy8imV
bsL53shbXfbEkvcht+0W3skyPgCRxvkC+W7hmDGLzuLq4T0sV43eA4ybfxoIbDrw
Qas1KJjuEt+eEnSu9ZUbPnCCnsdzxkNbceO5eIKIbT6oHlUsXGOoX8iSf2FCF0wY
BAwRjdnvPKvjiHlgUpxZajQrtL1Agmy0eYF9fjSgtQGl
-----END CERTIFICATE-----