This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TkmsGjIVyAUCG5lq-ZO1Cu4iHhM.roa
File:                     TkmsGjIVyAUCG5lq-ZO1Cu4iHhM.roa (raw, json)
Hash identifier:          gsBkXq7IRldr+WrT9+SWavH06hXs1hbWMlI4gqq9x+A=
Subject key identifier:   4E:49:AC:1A:32:15:C8:05:02:1B:99:6A:F9:93:B5:0A:EE:22:1E:13
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019BA369210A3C6E6987E243012004D859D8
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TkmsGjIVyAUCG5lq-ZO1Cu4iHhM.roa
Signing time:             Fri 09 Jan 2026 15:38:54 +0000
ROA not before:           Fri 09 Jan 2026 15:38:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202457
IP address blocks:        78.128.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a3:69:21:0a:3c:6e:69:87:e2:43:01:20:04:d8:59:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 15:38:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e49ac1a3215c805021b996af993b50aee221e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:84:76:51:9a:11:91:f0:eb:50:ad:97:d9:19:
                    a3:fd:d6:1a:96:24:91:ac:ee:e6:4f:a1:fa:6d:73:
                    a8:ae:cd:f8:39:bf:3c:8a:36:a8:52:a5:44:0b:2e:
                    68:13:24:4e:45:8a:88:98:ed:29:de:62:2f:8a:89:
                    96:b2:d7:f3:b8:96:71:dc:a0:28:3f:0f:92:e6:03:
                    b5:c5:5c:c7:83:e1:26:3e:87:4e:c6:6d:e7:c1:56:
                    8b:e3:92:5d:94:a3:fa:60:ce:c2:02:f8:cf:b8:3c:
                    3a:06:a7:93:fb:88:24:68:56:4c:74:34:7a:cc:88:
                    5e:a5:5b:7c:ce:3c:93:68:07:5b:73:4b:b0:9a:9d:
                    82:5c:62:e6:15:bd:eb:df:54:52:65:5b:fa:80:80:
                    12:f9:fb:d2:96:21:3d:62:d3:89:66:62:dc:c1:09:
                    31:a0:f7:7f:7e:2a:1f:ff:88:56:c2:80:ef:34:d3:
                    7d:11:62:8d:37:af:5c:a0:26:2b:57:3d:0f:32:e4:
                    93:34:5f:27:bc:b3:8c:ab:5e:a7:ec:87:c0:2b:ca:
                    33:e2:e0:bf:66:bd:37:16:ae:9f:f0:97:c1:12:e2:
                    53:52:50:e8:ad:2f:71:1f:01:93:70:f5:7f:18:5a:
                    a9:f1:50:1e:ae:a8:0c:d5:90:43:b8:13:ab:ee:10:
                    5f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:49:AC:1A:32:15:C8:05:02:1B:99:6A:F9:93:B5:0A:EE:22:1E:13
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TkmsGjIVyAUCG5lq-ZO1Cu4iHhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c4:a8:06:1b:3e:8e:91:35:5c:88:61:ff:03:c0:3e:07:b8:
         66:f2:a3:cb:61:18:13:30:79:8e:18:21:af:1e:0c:23:23:20:
         9f:e8:91:12:ae:27:c9:0c:39:ee:58:9d:9b:e4:10:aa:fd:d4:
         3f:e1:f5:12:55:3d:76:d1:63:90:f7:9e:99:c5:1e:6c:0c:70:
         31:fb:58:d8:40:76:c8:83:41:46:0c:ce:ef:65:07:a8:fe:25:
         82:03:77:ad:51:85:41:be:cf:41:fa:7e:e5:80:4d:3a:03:33:
         b8:94:86:86:ec:98:10:7f:96:94:82:b2:42:e5:58:f5:d0:51:
         9e:a6:85:4f:53:36:6e:11:11:0c:0d:aa:93:82:0e:7c:96:50:
         4f:fa:16:0d:bc:17:ff:9b:f7:be:3a:9d:d2:b8:0d:f0:59:5c:
         8c:c7:40:17:9f:10:89:3f:b5:96:2f:37:e3:db:3c:62:c4:5c:
         d6:3c:bd:1d:75:8a:18:00:b9:d9:12:22:b8:89:55:78:3c:0d:
         89:0b:1c:e4:17:fc:66:6e:0a:da:97:b1:c8:58:94:8f:6f:e2:
         99:f1:79:24:e1:ea:2f:b9:17:f9:f3:ec:df:d9:91:60:74:3e:
         11:06:c5:ab:9f:45:12:9d:07:54:c6:a2:21:c0:8e:36:34:67:
         ef:6f:9b:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZujaSEKPG5ph+JDASAE2FnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTA5MTUzODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ5YWMxYTMyMTVjODA1MDIxYjk5NmFmOTkzYjUwYWVlMjIxZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4R2UZoRkfDrUK2X2Rmj/dYaliSR
rO7mT6H6bXOors34Ob88ijaoUqVECy5oEyRORYqImO0p3mIviomWstfzuJZx3KAo
Pw+S5gO1xVzHg+EmPodOxm3nwVaL45JdlKP6YM7CAvjPuDw6BqeT+4gkaFZMdDR6
zIhepVt8zjyTaAdbc0uwmp2CXGLmFb3r31RSZVv6gIAS+fvSliE9YtOJZmLcwQkx
oPd/fiof/4hWwoDvNNN9EWKNN69coCYrVz0PMuSTNF8nvLOMq16n7IfAK8oz4uC/
Zr03Fq6f8JfBEuJTUlDorS9xHwGTcPV/GFqp8VAerqgM1ZBDuBOr7hBf4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5JrBoyFcgFAhuZavmTtQruIh4TMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvVGttc0dqSVZ5QVVDRzVscS1aTzFDdTRpSGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToBpMA0G
CSqGSIb3DQEBCwUAA4IBAQAUxKgGGz6OkTVciGH/A8A+B7hm8qPLYRgTMHmOGCGv
HgwjIyCf6JESrifJDDnuWJ2b5BCq/dQ/4fUSVT120WOQ956ZxR5sDHAx+1jYQHbI
g0FGDM7vZQeo/iWCA3etUYVBvs9B+n7lgE06AzO4lIaG7JgQf5aUgrJC5Vj10FGe
poVPUzZuEREMDaqTgg58llBP+hYNvBf/m/e+Op3SuA3wWVyMx0AXnxCJP7WWLzfj
2zxixFzWPL0ddYoYALnZEiK4iVV4PA2JCxzkF/xmbgral7HIWJSPb+KZ8Xkk4eov
uRf58+zf2ZFgdD4RBsWrn0USnQdUxqIhwI42NGfvb5tT
-----END CERTIFICATE-----