This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/TC3nU4OffrVTphsfyTSImT7zUaU.roa
File:                     TC3nU4OffrVTphsfyTSImT7zUaU.roa (raw, json)
Hash identifier:          kEu5Mh8mxKkaBX1Qtv6XGA8v1DqcLDFHRoYpnvpibGs=
Subject key identifier:   4C:2D:E7:53:83:9F:7E:B5:53:A6:1B:1F:C9:34:88:99:3E:F3:51:A5
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797EB1140E343870103BCD0B6150ECF9
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/TC3nU4OffrVTphsfyTSImT7zUaU.roa
Signing time:             Thu 01 Jan 2026 12:18:24 +0000
ROA not before:           Thu 01 Jan 2026 12:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16045
IP address blocks:        89.215.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b1:14:0e:34:38:70:10:3b:cd:0b:61:50:ec:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c2de753839f7eb553a61b1fc93488993ef351a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:ee:d6:24:9d:98:bd:05:a1:ce:c4:b4:d2:
                    a6:11:76:7c:ad:17:df:92:47:7d:6e:16:38:76:24:
                    7e:7f:09:9f:59:63:57:10:38:d8:b4:72:be:53:c7:
                    fe:eb:a7:80:64:32:82:48:77:f6:91:fe:53:51:4d:
                    13:fa:e0:c8:8e:64:95:dd:1f:a2:d8:b4:ca:0f:b6:
                    13:db:ac:c7:34:1b:fc:69:53:5c:21:4c:e2:15:74:
                    a4:08:35:2b:bf:b2:cd:8f:fd:62:ca:93:f7:82:21:
                    4c:53:c1:66:2e:86:7c:ad:c7:05:26:7e:51:06:a2:
                    a8:c6:47:9f:b2:55:d3:32:75:65:5f:3d:08:f9:89:
                    7a:3c:fd:f0:38:9e:0e:53:97:db:ce:72:4a:f6:00:
                    2f:34:c0:19:98:64:2b:d7:12:59:1c:d7:b4:44:92:
                    e9:cd:aa:29:e0:c5:5f:52:df:e9:2e:c0:f2:66:40:
                    6a:d1:f9:25:81:35:00:48:2a:e3:c6:13:60:1a:d2:
                    17:3e:20:ba:51:c5:51:1e:57:82:a7:87:03:a8:b8:
                    88:ec:30:a2:f3:d6:e4:c6:8f:ed:d4:74:4f:e6:ad:
                    0b:59:e8:27:80:23:8b:46:be:ed:fc:c9:61:c1:ad:
                    d7:db:c8:db:a2:b2:e2:9b:13:d3:a0:89:c2:d7:ba:
                    07:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2D:E7:53:83:9F:7E:B5:53:A6:1B:1F:C9:34:88:99:3E:F3:51:A5
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/TC3nU4OffrVTphsfyTSImT7zUaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.215.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:cb:d7:46:a4:ee:42:68:38:ea:7a:7b:36:c6:fa:0f:45:33:
         d7:30:9a:e9:9d:49:c6:77:aa:8e:14:33:fa:5b:1f:79:51:d2:
         05:dc:14:06:69:dc:37:27:82:d7:8e:5d:65:11:9c:8f:2b:44:
         7d:af:c9:a5:6f:e1:08:22:ff:b2:5a:99:71:e9:52:de:71:0a:
         68:2b:56:0e:1e:19:51:2a:fc:ed:c1:c6:70:c6:a0:0a:22:4c:
         a4:b8:75:45:19:ad:cb:1e:85:e3:4c:62:8f:8d:96:86:84:99:
         1a:ed:fb:b1:fe:ee:f6:db:68:86:6e:72:a1:c5:25:a5:04:37:
         8a:24:a9:14:1a:64:91:24:bd:b4:28:f6:69:af:ef:22:f7:ae:
         8d:17:e6:4e:a7:f0:41:d7:1c:e7:b6:47:77:dc:c2:ce:8f:3b:
         51:de:79:43:1a:fb:13:8b:66:4a:71:9f:c9:31:d7:2c:9c:d0:
         64:75:82:31:aa:e7:00:f4:59:1b:ba:73:6c:13:6f:2b:9b:24:
         59:ed:97:6e:d2:06:62:59:14:85:40:9b:ef:84:76:fa:e0:d8:
         12:5e:fe:0f:5a:44:f3:f1:8d:d0:ac:f2:b0:a2:cf:f9:7e:18:
         a5:16:a1:d7:59:a2:c2:bb:ab:32:00:83:e5:87:58:9c:d7:40:
         ee:9f:03:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frEUDjQ4cBA7zQthUOz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJkZTc1MzgzOWY3ZWI1NTNhNjFiMWZjOTM0ODg5OTNlZjM1MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHru1iSdmL0Foc7EtNKmEXZ8rRff
kkd9bhY4diR+fwmfWWNXEDjYtHK+U8f+66eAZDKCSHf2kf5TUU0T+uDIjmSV3R+i
2LTKD7YT26zHNBv8aVNcIUziFXSkCDUrv7LNj/1iypP3giFMU8FmLoZ8rccFJn5R
BqKoxkefslXTMnVlXz0I+Yl6PP3wOJ4OU5fbznJK9gAvNMAZmGQr1xJZHNe0RJLp
zaop4MVfUt/pLsDyZkBq0fklgTUASCrjxhNgGtIXPiC6UcVRHleCp4cDqLiI7DCi
89bkxo/t1HRP5q0LWegngCOLRr7t/Mlhwa3X28jborLimxPToInC17oHRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwt51ODn361U6YbH8k0iJk+81GlMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvVEMzblU0T2ZmclZUcGhzZnlUU0ltVDd6VWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdfVMA0G
CSqGSIb3DQEBCwUAA4IBAQBLy9dGpO5CaDjqens2xvoPRTPXMJrpnUnGd6qOFDP6
Wx95UdIF3BQGadw3J4LXjl1lEZyPK0R9r8mlb+EIIv+yWplx6VLecQpoK1YOHhlR
KvztwcZwxqAKIkykuHVFGa3LHoXjTGKPjZaGhJka7fux/u7222iGbnKhxSWlBDeK
JKkUGmSRJL20KPZpr+8i966NF+ZOp/BB1xzntkd33MLOjztR3nlDGvsTi2ZKcZ/J
MdcsnNBkdYIxqucA9FkbunNsE28rmyRZ7Zdu0gZiWRSFQJvvhHb64NgSXv4PWkTz
8Y3QrPKwos/5fhilFqHXWaLCu6syAIPlh1ic10DunwOm
-----END CERTIFICATE-----