This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-TF_DNYPytFCDM9ob70FwezU19M.roa
File:                     1-TF_DNYPytFCDM9ob70FwezU19M.roa (raw, json)
Hash identifier:          d02a+8r6UEOH7tUcT4ldHX7Qn837ccWleqSz8aMVP1Y=
Subject key identifier:   F9:31:7F:0C:D6:0F:CA:D1:42:0C:CF:68:6F:BD:05:C1:EC:D4:D7:D3
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B7F8390689CE8291AF454C8FFF4E6A3FD
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-TF_DNYPytFCDM9ob70FwezU19M.roa
Signing time:             Fri 02 Jan 2026 16:21:27 +0000
ROA not before:           Fri 02 Jan 2026 16:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215362
IP address blocks:        188.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:90:68:9c:e8:29:1a:f4:54:c8:ff:f4:e6:a3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  2 16:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9317f0cd60fcad1420ccf686fbd05c1ecd4d7d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a9:74:81:4d:b4:67:52:cb:a6:14:46:da:93:
                    b9:5d:ed:81:aa:c6:f6:cb:0e:44:69:c5:7b:5e:f8:
                    c0:67:d4:31:56:e8:7d:2c:67:f8:78:90:ee:dc:9c:
                    d3:e9:37:5d:d8:54:43:f0:ca:c9:fa:73:cb:11:4d:
                    e2:70:25:83:b4:66:f0:0b:f7:d3:f3:1b:e9:30:a9:
                    81:cd:41:dd:96:03:9a:b2:c8:29:da:f6:84:fa:a8:
                    db:52:0f:53:75:39:7e:cb:bc:1e:91:aa:45:5d:7f:
                    5d:3a:b7:1a:62:c9:d2:ac:a7:54:f5:cc:89:d0:eb:
                    00:6a:7f:f6:68:53:4d:fe:45:57:72:00:bc:07:da:
                    3b:27:e9:12:f0:62:72:c9:ed:67:a5:0f:53:60:dc:
                    e6:5f:87:9e:8b:f7:ca:5a:8f:3b:6f:75:5b:af:26:
                    77:7d:05:3c:d8:51:ae:70:b5:20:a0:6f:1a:c0:14:
                    1f:13:ae:98:c7:f6:95:2c:c9:0e:8d:18:68:86:b8:
                    26:52:0f:47:81:f8:af:fc:53:b3:7b:0a:ab:dd:5a:
                    5f:35:b5:45:20:5a:bb:2d:cf:b8:11:09:7f:f4:a2:
                    c3:5e:ca:b0:74:48:c5:fa:8a:46:b0:88:98:c9:f6:
                    f0:9e:70:ff:bb:e2:f3:5e:9b:03:d9:f4:7a:38:bf:
                    20:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:31:7F:0C:D6:0F:CA:D1:42:0C:CF:68:6F:BD:05:C1:EC:D4:D7:D3
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-TF_DNYPytFCDM9ob70FwezU19M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ec:45:07:93:91:bd:f8:bb:c7:c6:13:a9:59:f2:cf:08:2b:
         50:75:38:b4:ae:41:0c:8f:b7:a6:79:67:9b:f5:25:46:0c:1a:
         8e:7a:38:47:af:9a:29:c5:87:07:09:60:bc:e9:aa:56:4b:10:
         28:07:f5:97:73:3b:6b:c0:16:fd:c7:2c:2a:33:fb:f4:18:63:
         31:26:ae:1e:28:0b:ff:b7:c3:60:0b:e7:2d:02:fa:c1:67:27:
         62:dd:89:13:60:b9:f2:bc:4f:31:40:18:b3:ec:42:2f:48:57:
         13:a3:40:25:75:12:c9:1a:c7:03:f2:24:3f:a8:04:e3:08:27:
         54:67:e5:51:b9:df:09:7b:d4:6c:22:4d:b8:43:88:8b:e1:36:
         83:7c:8e:20:79:bb:cd:72:a3:f1:b1:79:cf:66:f3:43:4a:de:
         1e:e8:ca:96:6b:0b:77:f5:55:54:63:f8:c9:20:9e:20:cc:07:
         a9:88:a0:20:27:2e:d7:dc:1d:b5:eb:f6:91:6a:93:a9:c3:de:
         d3:c9:20:9a:27:f5:c0:54:df:05:68:dd:00:42:ca:51:d5:14:
         39:79:7c:37:5a:16:a3:64:e5:c9:20:b7:23:1f:0d:ec:a9:64:
         87:32:f0:0b:25:c1:8d:8f:a7:da:21:87:87:77:89:cc:9d:ee:
         47:9c:fb:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/g5BonOgpGvRUyP/05qP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTAyMTYyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTMxN2YwY2Q2MGZjYWQxNDIwY2NmNjg2ZmJkMDVjMWVjZDRkN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnal0gU20Z1LLphRG2pO5Xe2Bqsb2
yw5EacV7XvjAZ9QxVuh9LGf4eJDu3JzT6Tdd2FRD8MrJ+nPLEU3icCWDtGbwC/fT
8xvpMKmBzUHdlgOassgp2vaE+qjbUg9TdTl+y7wekapFXX9dOrcaYsnSrKdU9cyJ
0OsAan/2aFNN/kVXcgC8B9o7J+kS8GJyye1npQ9TYNzmX4eei/fKWo87b3VbryZ3
fQU82FGucLUgoG8awBQfE66Yx/aVLMkOjRhohrgmUg9Hgfiv/FOzewqr3VpfNbVF
IFq7Lc+4EQl/9KLDXsqwdEjF+opGsIiYyfbwnnD/u+LzXpsD2fR6OL8gYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkxfwzWD8rRQgzPaG+9BcHs1NfTMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvMS1URl9ETllQeXRGQ0RNOW9iNzBGd2V6VTE5TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvMzk1MzI4LWY0NjEtNDRiNy1iMDMxLTNmOGI1NWRhMWFj
NC8xL0JSOHBSaTU2ZmFmclgwWGFlSFB4VGtBXzQ2cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALzRgTAN
BgkqhkiG9w0BAQsFAAOCAQEAV+xFB5ORvfi7x8YTqVnyzwgrUHU4tK5BDI+3pnln
m/UlRgwajno4R6+aKcWHBwlgvOmqVksQKAf1l3M7a8AW/ccsKjP79BhjMSauHigL
/7fDYAvnLQL6wWcnYt2JE2C58rxPMUAYs+xCL0hXE6NAJXUSyRrHA/IkP6gE4wgn
VGflUbnfCXvUbCJNuEOIi+E2g3yOIHm7zXKj8bF5z2bzQ0reHujKlmsLd/VVVGP4
ySCeIMwHqYigICcu19wdtev2kWqTqcPe08kgmif1wFTfBWjdAELKUdUUOXl8N1oW
o2TlySC3Ix8N7KlkhzLwCyXBjY+n2iGHh3eJzJ3uR5z7CA==
-----END CERTIFICATE-----