This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/NJAtBEz3Ixv_CCYeRvRJJECYvnk.roa
File:                     NJAtBEz3Ixv_CCYeRvRJJECYvnk.roa (raw, json)
Hash identifier:          8VY+OH2qENoVZQA8QBMe/XGjN1hAsUDKuWI2emaWxMU=
Subject key identifier:   34:90:2D:04:4C:F7:23:1B:FF:08:26:1E:46:F4:49:24:40:98:BE:79
Certificate issuer:       /CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
Certificate serial:       019B78A25E8B57FE6308F3C0AD583C6DA7C4
Authority key identifier: AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/NJAtBEz3Ixv_CCYeRvRJJECYvnk.roa
Signing time:             Thu 01 Jan 2026 08:17:45 +0000
ROA not before:           Thu 01 Jan 2026 08:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211769
IP address blocks:        185.142.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:5e:8b:57:fe:63:08:f3:c0:ad:58:3c:6d:a7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
        Validity
            Not Before: Jan  1 08:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34902d044cf7231bff08261e46f449244098be79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3c:d3:33:70:76:18:a4:14:15:26:6b:46:44:
                    63:36:e8:70:2a:31:77:b1:b6:2d:34:6f:6a:7c:1f:
                    55:51:9b:a8:b2:58:1d:13:08:b4:68:b5:6a:14:e1:
                    4b:33:8f:a8:1a:ea:56:58:2f:a9:c4:e0:07:11:fa:
                    dc:5f:55:fa:ce:51:ff:88:b1:a1:a7:26:d7:56:fc:
                    bb:4b:55:12:b6:cb:10:00:51:c5:a0:32:66:6e:6a:
                    e8:88:ee:a7:00:a6:2d:60:c7:5d:aa:93:a6:97:bb:
                    e7:1a:2e:4d:60:f7:5a:58:0d:b0:88:e2:0c:e0:3f:
                    86:6d:88:b6:04:0d:96:c1:0f:23:72:9f:62:31:aa:
                    02:7d:c3:9a:ec:5e:2a:bb:7b:3c:5b:a0:30:e0:d8:
                    c2:73:cd:bd:27:68:1b:25:a8:59:d3:d5:84:2a:4d:
                    3e:22:e1:2e:a7:44:50:6f:8a:25:8d:5f:a1:a4:85:
                    58:99:c8:f2:56:4a:15:6c:de:3a:59:b2:7d:40:1e:
                    16:0f:26:d2:27:51:d8:0b:08:0c:a8:cd:5b:3d:50:
                    58:ae:6c:47:40:7c:f5:38:3e:02:0b:60:c6:64:2f:
                    af:ae:eb:52:a0:b5:fd:d5:9d:de:cf:6c:2c:2e:4b:
                    68:84:3a:37:14:3a:ca:4a:02:1f:78:fa:d3:a7:c4:
                    0f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:90:2D:04:4C:F7:23:1B:FF:08:26:1E:46:F4:49:24:40:98:BE:79
            X509v3 Authority Key Identifier:
                keyid:AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/NJAtBEz3Ixv_CCYeRvRJJECYvnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:79:ca:46:fa:19:c1:2c:cf:42:ca:48:03:d2:14:88:5f:e8:
         f5:01:59:30:a1:87:7a:8a:5b:49:f9:57:56:a5:77:8e:22:bf:
         39:41:69:81:5c:b7:f7:70:33:d8:99:42:d8:14:b8:47:dc:2e:
         f2:61:10:23:47:db:a2:79:08:fc:c1:45:be:29:2e:09:b3:ba:
         84:62:2f:7e:3a:d0:6c:fc:35:a6:bf:b0:35:fd:92:e8:ec:86:
         21:3e:4a:ed:c6:d2:06:dc:0f:3b:42:52:da:54:41:17:dc:30:
         0e:7b:d8:47:57:a8:02:e4:86:79:67:c1:52:96:7e:89:c1:ce:
         38:79:87:35:03:aa:83:31:56:9b:fc:fa:c3:9e:a7:c6:81:65:
         4d:f7:59:dd:c2:41:19:ff:80:d3:c3:f6:e4:e3:08:bf:67:23:
         35:5a:32:8b:d7:c1:96:23:41:05:cb:de:61:79:9b:cc:43:e8:
         45:88:b1:ed:23:6f:14:58:ef:da:fe:da:09:81:84:e2:2c:1a:
         7e:ab:a8:ed:ec:68:e8:1c:40:5d:ca:d8:ae:b1:b8:63:cd:42:
         86:d5:46:04:c2:bf:28:a8:52:c9:e2:99:ea:d5:d4:f3:ae:81:
         19:98:ff:1d:a8:f4:d3:34:c0:bd:62:19:db:d5:dd:fc:3c:2e:
         b1:0c:bd:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ol6LV/5jCPPArVg8bafEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMmQzOGUyMGYyNGQwZTMwYjg2Y2NkODI2MWFjMDAxN2Yx
N2E1YTQwHhcNMjYwMTAxMDgxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDkwMmQwNDRjZjcyMzFiZmYwODI2MWU0NmY0NDkyNDQwOThiZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljzTM3B2GKQUFSZrRkRjNuhwKjF3
sbYtNG9qfB9VUZuoslgdEwi0aLVqFOFLM4+oGupWWC+pxOAHEfrcX1X6zlH/iLGh
pybXVvy7S1UStssQAFHFoDJmbmroiO6nAKYtYMddqpOml7vnGi5NYPdaWA2wiOIM
4D+GbYi2BA2WwQ8jcp9iMaoCfcOa7F4qu3s8W6Aw4NjCc829J2gbJahZ09WEKk0+
IuEup0RQb4oljV+hpIVYmcjyVkoVbN46WbJ9QB4WDybSJ1HYCwgMqM1bPVBYrmxH
QHz1OD4CC2DGZC+vrutSoLX91Z3ez2wsLktohDo3FDrKSgIfePrTp8QPnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSQLQRM9yMb/wgmHkb0SSRAmL55MB8GA1UdIwQY
MBaAFK0tOOIPJNDjC4bM2CYawAF/F6WkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEt
NDI5OTUzMjNjMDNkLzEvTkpBdEJFejNJeHZfQ0NZZVJ2UkpKRUNZdm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEtNDI5OTUzMjNjMDNk
LzEvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY6QMA0G
CSqGSIb3DQEBCwUAA4IBAQA8ecpG+hnBLM9CykgD0hSIX+j1AVkwoYd6iltJ+VdW
pXeOIr85QWmBXLf3cDPYmULYFLhH3C7yYRAjR9uieQj8wUW+KS4Js7qEYi9+OtBs
/DWmv7A1/ZLo7IYhPkrtxtIG3A87QlLaVEEX3DAOe9hHV6gC5IZ5Z8FSln6Jwc44
eYc1A6qDMVab/PrDnqfGgWVN91ndwkEZ/4DTw/bk4wi/ZyM1WjKL18GWI0EFy95h
eZvMQ+hFiLHtI28UWO/a/toJgYTiLBp+q6jt7GjoHEBdytiusbhjzUKG1UYEwr8o
qFLJ4pnq1dTzroEZmP8dqPTTNMC9Yhnb1d38PC6xDL1k
-----END CERTIFICATE-----