This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/tFZ7ULLRd3zOroSS0Z2QXMzUlGI.roa
File:                     tFZ7ULLRd3zOroSS0Z2QXMzUlGI.roa (raw, json)
Hash identifier:          rQJZYn/RKeQIUIXxvul9MPEHmOmskPy+FU65AG00oro=
Subject key identifier:   B4:56:7B:50:B2:D1:77:7C:CE:AE:84:92:D1:9D:90:5C:CC:D4:94:62
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F1459236B5AC8449AD8412ADE20EF05
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/tFZ7ULLRd3zOroSS0Z2QXMzUlGI.roa
Signing time:             Fri 02 Jan 2026 14:19:58 +0000
ROA not before:           Fri 02 Jan 2026 14:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202973
IP address blocks:        193.233.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:59:23:6b:5a:c8:44:9a:d8:41:2a:de:20:ef:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4567b50b2d1777cceae8492d19d905cccd49462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:84:1e:ab:f3:92:25:fa:2c:e7:cd:f4:b6:7f:
                    00:17:e8:98:cd:fe:fe:81:db:19:64:7a:e2:2e:89:
                    74:54:47:60:73:12:3c:19:bf:bf:45:e8:04:d3:4d:
                    46:30:04:d4:d6:aa:b8:0c:9b:38:f0:2c:9b:4a:10:
                    82:25:95:13:9f:fa:21:fd:ae:eb:68:48:78:55:b5:
                    db:40:1d:d3:dc:29:79:14:35:42:ba:91:11:b7:17:
                    d1:5f:d6:31:ae:14:4d:26:32:b8:3e:4b:d1:2c:10:
                    a7:a8:98:d3:eb:19:a5:aa:85:1c:fc:33:39:14:c5:
                    82:86:36:1b:5a:4a:4d:ed:94:b8:ea:ac:c2:d0:a0:
                    e4:63:f4:5f:e9:47:0d:ca:b9:4f:1e:c3:03:85:25:
                    07:c2:1b:e2:6d:ba:be:45:44:fe:0d:32:9c:8c:3c:
                    59:14:4a:f2:25:3e:c3:a0:d4:d5:ba:07:08:3e:73:
                    b5:a7:71:34:a9:d3:e3:9e:f9:3a:25:7a:98:3b:59:
                    bf:73:91:5b:69:9f:7f:33:be:f7:a5:cc:31:ea:27:
                    f3:b7:56:41:06:0d:a4:7e:e7:96:de:9a:c4:81:71:
                    45:62:8b:e0:9a:22:5d:b9:c5:7b:0c:3e:ff:19:62:
                    51:87:fa:16:11:b7:a4:39:bd:08:f7:e8:be:2c:f2:
                    60:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:56:7B:50:B2:D1:77:7C:CE:AE:84:92:D1:9D:90:5C:CC:D4:94:62
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/tFZ7ULLRd3zOroSS0Z2QXMzUlGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:46:eb:eb:18:f6:72:6c:00:00:a1:1d:63:0c:32:c0:99:03:
         be:db:69:93:64:d8:fe:ac:2e:55:92:08:17:15:fc:ba:e2:dd:
         4a:8d:6f:57:e5:c2:8a:62:57:b8:50:39:9c:57:e9:67:31:43:
         84:b0:0b:84:d7:8a:b6:3f:c0:fb:82:14:fc:0b:88:eb:29:82:
         d3:5d:dd:d4:9d:91:89:77:c8:af:52:8e:2f:d2:27:9c:53:db:
         34:3f:bd:7d:cc:fd:70:a8:43:9f:e7:c8:5f:28:4d:87:33:39:
         ab:a8:4a:20:fb:ac:66:6f:08:cc:c5:90:5c:26:bf:eb:1a:59:
         3f:e3:a9:44:d9:ee:09:04:22:e3:92:e4:50:bb:e4:3b:e1:06:
         1f:3c:e8:a9:70:bf:64:cf:6a:23:53:50:c8:4e:d3:63:45:4a:
         34:c7:cc:b2:a8:d8:38:6a:15:1e:56:5a:fc:89:0f:f5:05:be:
         cd:df:0c:d0:77:e8:5f:20:76:ed:44:a6:a5:2e:87:48:ee:1b:
         5e:c7:07:04:dd:15:0c:a7:42:ec:09:a5:ae:49:82:14:37:ea:
         84:7e:d3:22:3a:19:72:bf:0b:c4:a9:54:2f:33:20:5c:05:bb:
         41:7a:8b:31:a2:65:59:4f:24:a4:fb:20:0b:39:4e:00:7a:44:
         da:02:c6:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFkja1rIRJrYQSreIO8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU2N2I1MGIyZDE3NzdjY2VhZTg0OTJkMTlkOTA1Y2NjZDQ5NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YQeq/OSJfos5830tn8AF+iYzf7+
gdsZZHriLol0VEdgcxI8Gb+/RegE001GMATU1qq4DJs48CybShCCJZUTn/oh/a7r
aEh4VbXbQB3T3Cl5FDVCupERtxfRX9YxrhRNJjK4PkvRLBCnqJjT6xmlqoUc/DM5
FMWChjYbWkpN7ZS46qzC0KDkY/Rf6UcNyrlPHsMDhSUHwhvibbq+RUT+DTKcjDxZ
FEryJT7DoNTVugcIPnO1p3E0qdPjnvk6JXqYO1m/c5FbaZ9/M773pcwx6ifzt1ZB
Bg2kfueW3prEgXFFYovgmiJducV7DD7/GWJRh/oWEbekOb0I9+i+LPJgCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRWe1Cy0Xd8zq6EktGdkFzM1JRiMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvdEZaN1VMTFJkM3pPcm9TUzBaMlFYTXpVbEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemGMA0G
CSqGSIb3DQEBCwUAA4IBAQB3RuvrGPZybAAAoR1jDDLAmQO+22mTZNj+rC5VkggX
Ffy64t1KjW9X5cKKYle4UDmcV+lnMUOEsAuE14q2P8D7ghT8C4jrKYLTXd3UnZGJ
d8ivUo4v0iecU9s0P719zP1wqEOf58hfKE2HMzmrqEog+6xmbwjMxZBcJr/rGlk/
46lE2e4JBCLjkuRQu+Q74QYfPOipcL9kz2ojU1DITtNjRUo0x8yyqNg4ahUeVlr8
iQ/1Bb7N3wzQd+hfIHbtRKalLodI7htexwcE3RUMp0LsCaWuSYIUN+qEftMiOhly
vwvEqVQvMyBcBbtBeosxomVZTySk+yALOU4AekTaAsYq
-----END CERTIFICATE-----