This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Nzrr37jRomeRDjJuhfGh9FN_0w.roa
File:                     1Nzrr37jRomeRDjJuhfGh9FN_0w.roa (raw, json)
Hash identifier:          A91QvBkUYi2nCuYatMWsXimdEyifTln8WL7dBt7HmwQ=
Subject key identifier:   D4:DC:EB:AF:7E:E3:46:89:9E:44:38:C9:BA:17:C6:87:D1:4D:FF:4C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019B7C8058FD87A2582F907BC1D79B9663CA
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Nzrr37jRomeRDjJuhfGh9FN_0w.roa
Signing time:             Fri 02 Jan 2026 02:19:04 +0000
ROA not before:           Fri 02 Jan 2026 02:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49508
IP address blocks:        194.32.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:58:fd:87:a2:58:2f:90:7b:c1:d7:9b:96:63:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 02:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4dcebaf7ee346899e4438c9ba17c687d14dff4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:89:5b:f7:72:cc:c3:b1:58:f9:f9:e8:5c:9b:
                    66:fc:08:ce:fa:02:46:e1:78:9e:f2:1e:41:4b:6e:
                    6c:5a:0c:d7:16:66:8b:ed:d0:94:17:61:f3:0a:e4:
                    aa:55:dd:4c:65:08:c8:91:26:eb:33:39:1a:0e:68:
                    79:8d:ee:40:1c:d0:84:4b:60:f6:ff:bd:8f:fb:e1:
                    d1:7b:88:57:5c:25:cd:0a:dc:a6:fd:02:b4:08:88:
                    72:c0:42:0b:41:5c:1d:4f:f4:a1:2c:b4:4e:cb:17:
                    a1:79:d1:85:d5:a8:43:d6:ca:48:99:3b:73:48:1a:
                    a7:a9:10:f2:bc:79:b9:72:6a:13:f3:bd:2c:cc:f0:
                    7e:67:2b:88:ba:f3:46:94:27:51:8a:96:fd:08:b4:
                    db:bd:33:5f:7f:95:99:cd:f4:a7:32:07:a2:de:e6:
                    e0:95:a6:c6:8f:db:d5:5d:ca:c3:59:79:c2:fb:4d:
                    1c:a3:f0:23:bc:b1:57:96:ae:53:eb:7c:ef:c4:a3:
                    53:31:09:0a:88:78:40:80:bd:b9:65:02:13:1b:cb:
                    f7:3c:5a:52:a9:7e:0a:85:cc:c8:e2:68:97:a6:9e:
                    42:f1:e3:0e:7f:0b:4c:83:34:8e:49:b9:37:07:e6:
                    0d:aa:12:88:f5:ed:71:30:55:9f:fe:13:1a:df:a4:
                    d6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:DC:EB:AF:7E:E3:46:89:9E:44:38:C9:BA:17:C6:87:D1:4D:FF:4C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Nzrr37jRomeRDjJuhfGh9FN_0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:55:e1:d3:08:ea:9a:17:17:3d:e7:64:dd:3f:52:1f:d5:33:
         f5:2a:af:d9:4e:8e:e6:52:2b:29:ec:07:dd:0c:0e:64:36:00:
         c1:2c:6c:3c:9d:df:c1:28:c2:51:b7:0e:9a:3d:d9:73:2e:67:
         0d:0c:34:02:40:76:a6:96:c9:be:da:b7:c0:4c:71:68:da:5c:
         21:4d:ba:6d:33:91:c1:03:e8:6d:de:54:15:9f:98:0e:a3:66:
         86:0a:4b:36:19:ce:10:93:41:be:90:b2:fa:a8:2b:e6:e1:b1:
         14:ad:d9:8d:40:e8:02:25:02:24:6d:fc:8c:47:54:30:ac:2e:
         ea:9e:dd:82:cd:5a:85:e0:68:a8:2c:8e:40:68:95:7f:12:ec:
         d3:0c:28:a3:c4:70:9a:06:89:1b:9a:2b:1f:a6:0c:1c:ab:58:
         95:f5:a0:3b:00:c6:79:d1:61:3a:9e:37:0d:0d:9c:03:6f:49:
         25:ba:b3:a8:a4:fb:b4:8d:da:7b:e8:75:6f:e0:a2:09:7b:ae:
         61:59:10:f2:11:8a:b9:39:50:3f:5f:98:c0:9e:1d:12:d2:e2:
         1e:3d:09:58:27:fc:7e:4f:11:bf:31:89:3f:c6:2c:84:62:f5:
         b5:b0:02:18:d2:3a:6b:68:b0:95:8d:b7:c4:5b:31:98:b0:dd:
         ce:6e:da:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gFj9h6JYL5B7wdeblmPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMTAyMDIxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGRjZWJhZjdlZTM0Njg5OWU0NDM4YzliYTE3YzY4N2QxNGRmZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4lb93LMw7FY+fnoXJtm/AjO+gJG
4Xie8h5BS25sWgzXFmaL7dCUF2HzCuSqVd1MZQjIkSbrMzkaDmh5je5AHNCES2D2
/72P++HRe4hXXCXNCtym/QK0CIhywEILQVwdT/ShLLROyxehedGF1ahD1spImTtz
SBqnqRDyvHm5cmoT870szPB+ZyuIuvNGlCdRipb9CLTbvTNff5WZzfSnMgei3ubg
labGj9vVXcrDWXnC+00co/AjvLFXlq5T63zvxKNTMQkKiHhAgL25ZQITG8v3PFpS
qX4KhczI4miXpp5C8eMOfwtMgzSOSbk3B+YNqhKI9e1xMFWf/hMa36TWhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTc669+40aJnkQ4yboXxofRTf9MMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMU56cnIzN2pSb21lUkRqSnVoZkdoOUZOXzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBjMA0G
CSqGSIb3DQEBCwUAA4IBAQASVeHTCOqaFxc952TdP1If1TP1Kq/ZTo7mUisp7Afd
DA5kNgDBLGw8nd/BKMJRtw6aPdlzLmcNDDQCQHamlsm+2rfATHFo2lwhTbptM5HB
A+ht3lQVn5gOo2aGCks2Gc4Qk0G+kLL6qCvm4bEUrdmNQOgCJQIkbfyMR1QwrC7q
nt2CzVqF4GioLI5AaJV/EuzTDCijxHCaBokbmisfpgwcq1iV9aA7AMZ50WE6njcN
DZwDb0klurOopPu0jdp76HVv4KIJe65hWRDyEYq5OVA/X5jAnh0S0uIePQlYJ/x+
TxG/MYk/xiyEYvW1sAIY0jpraLCVjbfEWzGYsN3ObtqS
-----END CERTIFICATE-----