This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/TLfjtBJO-gZAeaDXTY19Xr2ab50.roa
File:                     TLfjtBJO-gZAeaDXTY19Xr2ab50.roa (raw, json)
Hash identifier:          UnJfONBjYtEh/fDBNx3j1DXpErEyTUKmrLW4TkMbnZM=
Subject key identifier:   4C:B7:E3:B4:12:4E:FA:06:40:79:A0:D7:4D:8D:7D:5E:BD:9A:6F:9D
Certificate issuer:       /CN=b0afed7a471d7ac385e3b9365a4e96012a01c095
Certificate serial:       019B7AC8170E4A405549C27B27D5BABCCC95
Authority key identifier: B0:AF:ED:7A:47:1D:7A:C3:85:E3:B9:36:5A:4E:96:01:2A:01:C0:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sK_tekcdesOF47k2Wk6WASoBwJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/TLfjtBJO-gZAeaDXTY19Xr2ab50.roa
Signing time:             Thu 01 Jan 2026 18:18:12 +0000
ROA not before:           Thu 01 Jan 2026 18:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34620
IP address blocks:        85.255.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/sK_tekcdesOF47k2Wk6WASoBwJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/sK_tekcdesOF47k2Wk6WASoBwJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sK_tekcdesOF47k2Wk6WASoBwJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:17:0e:4a:40:55:49:c2:7b:27:d5:ba:bc:cc:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0afed7a471d7ac385e3b9365a4e96012a01c095
        Validity
            Not Before: Jan  1 18:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cb7e3b4124efa064079a0d74d8d7d5ebd9a6f9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:18:73:6d:01:d9:15:b1:1b:26:a6:78:99:27:
                    ce:d4:26:28:e1:79:82:23:32:3b:bb:76:06:d5:be:
                    eb:58:0c:82:25:53:28:e2:c2:ec:c5:e9:7a:bd:3a:
                    6e:13:c6:9d:ff:5b:44:88:28:1b:04:0a:17:b3:1b:
                    f7:04:b0:32:a1:4f:62:1d:ba:4c:b5:fc:45:dc:c1:
                    71:0e:fa:57:b1:ff:b7:7b:12:65:90:ae:86:d3:45:
                    99:16:fb:56:ac:44:49:e2:51:63:3e:68:d1:1c:d9:
                    df:38:be:9f:1c:98:c5:7b:5d:bf:28:a9:6e:5a:a2:
                    e2:6b:b3:ba:3b:e6:fc:9c:51:77:16:70:98:f6:34:
                    06:41:1d:cb:a2:30:fc:dc:eb:bc:ae:b0:d2:67:33:
                    ea:1e:ba:ce:77:cd:66:98:e5:c3:70:15:a7:85:19:
                    cc:fe:d6:27:e7:23:98:95:25:cb:dc:08:73:a2:bf:
                    47:06:22:7e:98:bd:f8:6b:f4:c7:cf:35:3d:17:6d:
                    6f:50:d4:c4:07:40:c2:a4:57:9c:f1:56:ec:8f:29:
                    ff:0d:b5:e1:69:8a:a5:aa:48:67:5c:c1:ab:5c:b3:
                    f1:f9:df:c4:1f:f5:e1:d4:9c:33:a6:a7:73:3d:f8:
                    d9:8c:0e:ea:d7:8e:cb:8b:85:af:22:aa:45:ca:ff:
                    d6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B7:E3:B4:12:4E:FA:06:40:79:A0:D7:4D:8D:7D:5E:BD:9A:6F:9D
            X509v3 Authority Key Identifier:
                keyid:B0:AF:ED:7A:47:1D:7A:C3:85:E3:B9:36:5A:4E:96:01:2A:01:C0:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sK_tekcdesOF47k2Wk6WASoBwJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/TLfjtBJO-gZAeaDXTY19Xr2ab50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6f6613-e798-47f4-b313-304a54e8c264/1/sK_tekcdesOF47k2Wk6WASoBwJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3c:56:84:ee:e8:5c:e8:27:c0:cd:ca:03:52:bd:83:56:73:6a:
         38:12:fd:60:30:5e:d5:3b:2b:17:ce:43:5c:ec:92:d7:2f:af:
         24:d2:b7:b0:a3:a0:7f:18:f3:54:29:98:be:eb:e5:95:dd:a5:
         19:b3:a1:8b:67:55:c7:cb:63:04:78:64:a7:0e:a9:80:6c:59:
         71:55:c7:55:54:e1:a5:5e:21:e8:e3:a4:fc:66:8f:55:71:ba:
         97:30:ab:ad:23:21:d1:ac:b1:22:07:38:69:c9:5c:9d:20:83:
         f2:1e:ee:d1:82:74:38:0c:ec:70:d8:55:88:86:54:5e:2c:7e:
         42:b0:6f:01:d4:e8:1b:a0:b2:74:e6:94:36:98:ef:e4:58:ba:
         c5:00:df:fd:67:41:f7:d4:3d:a3:4f:bb:68:44:ad:42:69:76:
         bd:ba:26:f9:cc:60:fa:91:1d:01:7c:01:a3:68:13:d2:36:c5:
         87:11:46:bd:36:08:c6:11:d6:78:45:78:3b:6e:6a:9e:c7:a9:
         ca:b1:f8:5f:04:3d:0b:55:3e:0b:36:25:8b:60:27:6b:b5:12:
         d0:43:83:6e:1c:67:53:73:c3:1a:3a:0a:e1:e0:d6:24:51:5b:
         3f:bb:06:ce:d8:fd:50:89:13:83:26:04:e7:8e:bf:b8:42:f0:
         dc:84:e6:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yBcOSkBVScJ7J9W6vMyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYWZlZDdhNDcxZDdhYzM4NWUzYjkzNjVhNGU5NjAxMmEw
MWMwOTUwHhcNMjYwMTAxMTgxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2I3ZTNiNDEyNGVmYTA2NDA3OWEwZDc0ZDhkN2Q1ZWJkOWE2ZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BhzbQHZFbEbJqZ4mSfO1CYo4XmC
IzI7u3YG1b7rWAyCJVMo4sLsxel6vTpuE8ad/1tEiCgbBAoXsxv3BLAyoU9iHbpM
tfxF3MFxDvpXsf+3exJlkK6G00WZFvtWrERJ4lFjPmjRHNnfOL6fHJjFe12/KKlu
WqLia7O6O+b8nFF3FnCY9jQGQR3LojD83Ou8rrDSZzPqHrrOd81mmOXDcBWnhRnM
/tYn5yOYlSXL3Ahzor9HBiJ+mL34a/THzzU9F21vUNTEB0DCpFec8Vbsjyn/DbXh
aYqlqkhnXMGrXLPx+d/EH/Xh1JwzpqdzPfjZjA7q147Li4WvIqpFyv/WjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEy347QSTvoGQHmg102NfV69mm+dMB8GA1UdIwQY
MBaAFLCv7XpHHXrDheO5NlpOlgEqAcCVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tfdGVrY2Rlc09GNDdrMldrNldBU29Cd0pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82ZjY2MTMtZTc5OC00N2Y0LWIzMTMt
MzA0YTU0ZThjMjY0LzEvVExmanRCSk8tZ1pBZWFEWFRZMTlYcjJhYjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82ZjY2MTMtZTc5OC00N2Y0LWIzMTMtMzA0YTU0ZThjMjY0
LzEvc0tfdGVrY2Rlc09GNDdrMldrNldBU29Cd0pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVf9AMA0G
CSqGSIb3DQEBCwUAA4IBAQA8VoTu6FzoJ8DNygNSvYNWc2o4Ev1gMF7VOysXzkNc
7JLXL68k0rewo6B/GPNUKZi+6+WV3aUZs6GLZ1XHy2MEeGSnDqmAbFlxVcdVVOGl
XiHo46T8Zo9VcbqXMKutIyHRrLEiBzhpyVydIIPyHu7RgnQ4DOxw2FWIhlReLH5C
sG8B1OgboLJ05pQ2mO/kWLrFAN/9Z0H31D2jT7toRK1CaXa9uib5zGD6kR0BfAGj
aBPSNsWHEUa9NgjGEdZ4RXg7bmqex6nKsfhfBD0LVT4LNiWLYCdrtRLQQ4NuHGdT
c8MaOgrh4NYkUVs/uwbO2P1QiRODJgTnjr+4QvDchOYW
-----END CERTIFICATE-----